patch to send incoming key to AuthorizedKeysCommand via stdin

Scott Duckworth sduckwo at
Sat Mar 22 04:56:36 EST 2014

On Fri, Mar 21, 2014 at 12:15 PM, Daniel Kahn Gillmor <dkg at>
> those limits suggest that the size is 128kiB on anything resembling a
> modern Linux system.

How about other platforms?

> ssh-keygen doesn't generate anything greater than 16384 bits (16Kib, or
> 2KiB), and very few people use anything even close to that size.  using
> base64 encoding inflates the size to 4/3, so we're talking about < 3KiB
> for the full base64-enoded, largest possible public key.
> More modern keys (EdDSA or ECDSA) are much much smaller.
> I'm glad you're thinking about size limits for env and argv, but i don't
> think this is even close to the size limits of realistic systems.

Even though ssh-keygen doesn't produce anything larger than 16384 bits,
wouldn't it be possible for somebody to craft a key that is larger to
attempt a buffer overflow?

More information about the openssh-unix-dev mailing list