pubkey fingerprint and krb princ name in environment

Damien Miller djm at mindrot.org
Fri Jan 9 00:05:34 AEDT 2015


On Thu, 8 Jan 2015, Johannes L?thberg wrote:

> [Accidentally replied directly instead of to the list, sorry ?bout that]
> 
> On 30/12, Damien Miller wrote:
> > As of last week, sshd keeps a list of the user public keys that were
> > used in authentication. This should make implementing the pubkey bit
> > of this easier...
> > 
> 
> Does it store the whole key, the fp or both? Because just the fingerprint is
> just a single line.

It stores the whole key (it needs to, so it can compare them with subsequent
attempts). I might need to generalise it for krb credentials though.

-d


More information about the openssh-unix-dev mailing list