Logging of authorized keys

Damien Miller djm at mindrot.org
Wed May 12 07:54:11 EST 2004


Peter Stuge wrote:
> This has come up before but been shot down with the rationale that
> arbitrary user input ($COMMENT) probably shouldn't be sent to the
> system logger, IIRC.

We don't need to worry about that: all log output is already passed
through vis() to tidy any control characters.

There were some issues relating to the fact that we don't keep the
comments around for ssh2 keys. There is also a bug relating to
fingerprint logging vs privsep, but I'm not sure how stale it is.

-d




More information about the openssh-unix-dev mailing list