patch to send incoming key to AuthorizedKeysCommand via stdin
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Mar 22 03:50:44 EST 2014
On 03/21/2014 12:38 PM, Eldon Koyle wrote:
> Would it be reasonable to add another configuration option to specify
> that you want to send the key via stdin to the AuthorizedKeysCommand,
> and have it default to no/false? This should be enough to prevent
> breakage of existing implementations while still allowing the new and
> useful functionality.
I think minimizing configuration options would be good -- extra knobs
make it easier for admins to break things and harder for admins to get
things to work.
Are we sure this concern can't just be fixed in code? I don't
understand why using stdin would necessarily result in a deadlock to the
parent, but maybe i just haven't worked through the problem in enough depth.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140321/22895c03/attachment.bin>
More information about the openssh-unix-dev
mailing list