patch to send incoming key to AuthorizedKeysCommand via stdin

Daniel Kahn Gillmor dkg at
Sat Mar 22 03:50:44 EST 2014

On 03/21/2014 12:38 PM, Eldon Koyle wrote:
> Would it be reasonable to add another configuration option to specify
> that you want to send the key via stdin to the AuthorizedKeysCommand,
> and have it default to no/false?  This should be enough to prevent
> breakage of existing implementations while still allowing the new and
> useful functionality.

I think minimizing configuration options would be good -- extra knobs
make it easier for admins to break things and harder for admins to get
things to work.

Are we sure this concern can't just be fixed in code?  I don't
understand why using stdin would necessarily result in a deadlock to the
parent, but maybe i just haven't worked through the problem in enough depth.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openssh-unix-dev mailing list