backdoor by authorized_keys2 leftovers
Jim Knoble
jmknoble at pobox.com
Fri May 20 12:26:46 EST 2011
On May 19, 2011, at 17:24, Darren Tucker <dtucker at zip.com.au> wrote:
> On 16/05/11 12:51 PM, Damien Miller wrote:
> [...]
>> The latter is more clear for Match, but long lines are more likely
>> to wrap
>> and are harder to read in sshd_config.
>>
>> That being said, there is plenty of room for the common cases that
>> I can
>> think of:
>>
>> AuthorizedKeysFile .ssh/authorized_keys
>> AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
>> AuthorizedKeysFile /etc/ssh/authorized_keys/keys_%u .ssh/
>> authorized_keys
>>
>> So maybe all-keys-on-one-line is better.
>
> FWIW I agree with all-one-line as it's consistent with other (long)
> config directives like Ciphers. The only place that I can think of
> where we use multiple lines is Subsystem, and that's key-value pairs
> rather than a simple list.
While we're at it, Ciphers and MACs use commas for separators. Using
spaces may prevent placing authorized_keys files in a directory whose
name contains whitespace.
More information about the openssh-unix-dev
mailing list