Feature rqst/Patch: Attempted key's fp in env to AuthorizedKeysCommand
Micah Cowan
micah at addictivecode.org
Fri Oct 10 06:15:33 EST 2014
On Thu, Oct 09, 2014 at 02:55:21PM -0400, Daniel Kahn Gillmor wrote:
> On 10/09/2014 02:38 PM, Micah Cowan wrote:
...
> > it was decided that the simplest way to proceed would be to use
> > OpenSSH's AuthorizedKeysCommand config option, with the extension that
> > the attempted key's fingerprint would be placed in the environment of
> > the command, so that it could use it as an index, and limit its output
> > to only the relevant key,
...
> Thanks for working on this, Micah, and for publishing your patch. are
> you aware of:
>
> https://bugzilla.mindrot.org/show_bug.cgi?id=2081
Ah - I wasn't. Thanks for bringing it to my attention!
> This feedback should probably go to that bug report.
I'm not sure what I have to add to it, other than a "Me, too!" ;)
I don't know whether we'd have a preference in the debate over env
versus arg (but I'll ask around); I suspect our own choice to use env
was based just on not wanting to maintain a patch with too large a code
change, or that introduces serious differences between how we specify
the option versus how upstream does it.
-mjc
More information about the openssh-unix-dev
mailing list