patch to send incoming key to AuthorizedKeysCommand via stdin

Daniel Kahn Gillmor dkg at
Sun Mar 23 08:22:44 EST 2014

On 03/22/2014 02:25 PM, Scott Duckworth wrote:

> If compatibility with programs that expect exactly one command line
> parameter (the username) then it seems like the environment variable is the
> way to go.  But I'll leave that decision up to those more involved with the
> development of openssh.

After thinking about this a little more, i agree with you that the
environment variable is the way to go, but for another reason.

Many common operating systems expose each process' command line
arguments to other processes on the system, regardless of effective
userid, but they hide the environment from any other non-privileged users.

Using an environment variable would avoid leaking the proposed public
key to local users snooping around the process table.

Thanks for the thoughtful and thorough discussion on this!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openssh-unix-dev mailing list