RFC 4819 Secure Shell Public Key Subsystem (was Re: ssh-copy-id vs PasswordAuthentication no)

Lars Noodén lars.nooden at gmx.com
Sat Dec 11 22:38:16 AEDT 2021

On 12/10/21 12:54, Lars Noodén wrote:
> On 12/9/21 23:17, TJ Saunders wrote:
> [snip]
>> Something like the "publickey" SSH subsystem?
>>    https://www.ietf.org/rfc/rfc4819.txt
> RFC 4819 was interesting to read, especially section 4.  Has it been
> implemented anywhere?
> Would the correct way to read and manipulate authorized_keys files use
> authfile.c ?  Even though the file format is a little weird, and too
> much for awk, it can be processed rather easily in perl, and ssh-copy-id
> is shell.
> /Lars

I've made a vaguely proof of concept script in perl to list, add, or
remove keys from an authorized_keys_file.  It does not support
listattributes at the moment.  The script seems to work well enough for
my own needs at the moment, though this version does not conform to the
RFC as far as passing input to it goes.  Maybe later it can.

I've tried to keep it short, but readable, and using module distributed
with perl itself: Getopt::Std, Fcntl, Text::ParseWords, File::Temp, and
File::Basename.  It weighs in at about 270 SLOC, much longer than a 10
line AWK script I was hoping for.  If it is of interest, I can post it
but if so, where?


More information about the openssh-unix-dev mailing list