[Bug 1947] Log authorized_keys format issues and refuse to accept keys

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun Dec 4 05:12:02 EST 2011


--- Comment #2 from Dr. David Alan Gilbert <dave at treblig.org> 2011-12-04 05:12:02 EST ---
I agree it's a trade off, but I think I'd like to have the choice to
have a machine set up to be paranoid and make it fail with a bad line;
either to fail on any problem or something like requiring every line to
explicitly state anything that's allowed.

I also think there may be intermediates of paranoid and permissive -
maybe if you see a command="..." with no key then you could ignore the
next key. It would take some thinking about though.


Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list