backdoor by authorized_keys2 leftovers

Damien Miller djm at
Sat May 21 17:00:57 EST 2011

On Thu, 19 May 2011, Jim Knoble wrote:

> While we're at it, Ciphers and MACs use commas for separators. Using
> spaces may prevent placing authorized_keys files in a directory whose
> name contains whitespace.

I think the solution for these is to make strdelim() handle quotes, because
paths with spaces are broken more generally.

IIRC there is already a bug for this if anyone wants to do it.


More information about the openssh-unix-dev mailing list