[Bug 172] Add multiple AuthorizedKeyFiles options

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Jan 31 01:53:16 EST 2009


Jameson Rollins <ssh-bugzilla at finestructure.net> changed:

           What    |Removed                     |Added
                 CC|                            |ssh-bugzilla at finestructure.
                   |                            |net

--- Comment #7 from Jameson Rollins <ssh-bugzilla at finestructure.net>  2009-01-31 01:53:16 ---
I realize this issue is quite old, but I would really like to see this
option available as well.  I think there are a couple of very good
reason to add this feature.

It is possible to configure systems to handle AuthorizedKeys files in
multiple ways.  Things can be configured such that the file is
maintained by the user (when using the typical %h/.ssh/authorized_keys
setting), or so that it is maintained by an administrator (eg.
/etc/ssh/authorized_keys/%u).  If multiple AuthorizedKeysFile options
were allowed, sshd could easily support both user <i>and</i>
administrator controlled files.  I can see this being useful in many
situations, but it would particularly be useful for the <a
href="http://web.monkeysphere.info">monkeysphere</a>, where we would
like to be able to support both monkeysphere-maintained and user
maintained authorized_keys files.

I also think the issue about multiple matching keys is not a worry. As
Alex Kiernan points out, it is possible to have multiple matching keys
in a single file, and the way around it is to accept the options from
the first encountered key.

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the openssh-bugs mailing list