patch to send incoming key to AuthorizedKeysCommand via stdin

Peter Stuge peter at
Tue Mar 25 03:23:55 EST 2014

Scott Duckworth wrote:
> > What's the problem with forking and writing to the pipe from the
> > parent only when it is writable?
> If the child process does not explicitly close stdin then there is no way
> to know if it is actually being read from. All that is known is that you
> can write *some* data to the pipe,

Right, as I wrote, write only when writable.

> but once the pipe's buffer fills up and it is not emptied then will no longer be writable. Does the last write() before buffers
are full return short? If not, only write() a single byte at a time.

I still do not see the problem here.

> timeout

A timeout within any general purpose OS is a heuristic, I don't think
they belong in the authentication path.

> The only safe way to pass the key via a pipe is to require any
> AuthorizedKeysCommand to either explicitly close stdin or consume stdin
> until EOF.

I don't see why.

> there's likely already a lot of commands in use that do neither of these.

So maybe the new semantics deserve a new configuration option, rather
than extending an existing option in a not-so-scalable way?


More information about the openssh-unix-dev mailing list