patch to send incoming key to AuthorizedKeysCommand via stdin

Daniel Kahn Gillmor dkg at
Sat Mar 22 03:15:26 EST 2014

On 03/21/2014 11:16 AM, Scott Duckworth wrote:
> The problem with passing the key in an environment variable is a
> potential for overflowing the available space (see the "limits on size
> of arguments and environment" section on

those limits suggest that the size is 128kiB on anything resembling a
modern Linux system.

ssh-keygen doesn't generate anything greater than 16384 bits (16Kib, or
2KiB), and very few people use anything even close to that size.  using
base64 encoding inflates the size to 4/3, so we're talking about < 3KiB
for the full base64-enoded, largest possible public key.

More modern keys (EdDSA or ECDSA) are much much smaller.

I'm glad you're thinking about size limits for env and argv, but i don't
think this is even close to the size limits of realistic systems.

That said, if you're still concerned, maybe there's a way to fix the
deadlock case you raised and go back to the stdin approach?

> Passing the
> fingerprint may be a better option. If there is a fingerprint
> collision then the AuthorizedKeysCommand can just print out all of
> them and leave it up to sshd to find the exact match, which it already
> does anyways.

I see no need to rely on fingerprints when machines are doing key
comparison.  it introduces another point of cryptographic attack (the
data structures and digest algorithm for the fingerprint mechanism
itself), and saves very little.  fingerprints are for humans.

Also, with the full key available, it's possible for the
authorizedkeyscommand to do other operations with the key itself (e.g.
to evaluate the cryptographic parameters of the key itself, or to
compute non-MD5-based forms of fingerprints, to compare the key material
with other keys, etc)

> In my use case of this feature I'm already storing the fingerprints
> along with the keys in a database and my AuthorizedKeysCommand
> performs the lookup based only on the fingerprint. In other words, not
> having the full key would be fine. I realize this may not be the case
> for everybody but maybe it's good enough?

I think if we're going to make this change, the full key is the way to go.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openssh-unix-dev mailing list