[Bug 1159] %u and %h not handled in IdentityFile

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Feb 22 16:40:02 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=1159

           Summary: %u and %h not handled in IdentityFile
           Product: Portable OpenSSH
           Version: 4.3p2
          Platform: All
               URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html
        OS/Version: Linux
            Status: NEW
          Keywords: patch
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: imaging at math.ualberta.ca


Here is a patch to allow private key files to be placed system wide (for all
users) in a secure (non-NFS) mounted location on systems where home directories
are NFS mounted. This addresses an important security hole on systems where
home directories are NFS mounted, particularly if there are users who use blank
passphrases (or when lpd is tunneled through ssh on systems running lpd as user
lp) instead of ssh-agent. IdentityFile now accepts the same %u, %h, %% options
that AuthorizedKeysFile accepts (see man sshd). For example, one can specify a
user-dependent IdentityFile in ssh_config:

IdentityFile /ssh/%u/id_rsa




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list