Multiple allowed signer files in `ssh-keygen -Y verify`
Wiktor Kwapisiewicz
wiktor at metacode.biz
Wed Apr 30 01:32:04 AEST 2025
On 29.04.2025 04:58, Damien Miller wrote:
> I think it's reasonable to allow multiple allowed signers files. These
> patches implement this.
>
> Please take a look to see if I've missed any test cases.
I've applied sshsig-multi-signers.diff on top of commit
b5b405fee7f3e79d44e2d2971a4b6b4cc53f112e from openssh-portable and
tested with my (arguably) smaller test suite. I've checked various
combinations (dropping the 0x0A byte at the end, wrong files, /dev/null)
but it looks good in all cases.
Thanks for your consideration and the quick turnaround! I've got a
parallel question about the namespace parameter in "-Y verify" but I'll
leave that for a separate e-mail to fully explain the context.
Have a nice day!
Kind regards,
Wiktor
More information about the openssh-unix-dev
mailing list