On Wed, Dec 9, 2015 at 3:30 PM Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:
On Wed, Dec 9, 2015 at 12:08 PM, tom p. <daedulus@xxxxxxxxxxxxx> wrote:Phillip
By divisive, I mean that the expertise, the knowledge, the skills will
be divided. I see the SSH list as the best source of information on
SSH, its use and development. Setting up another list to discuss such
matters will divide that expertise; some will join the new list, others
will not - the expertise will be divided and so weakened.
Tom PetchThe only action item I see here is to make sure that the proposal is forwarded to the SSH list.Right now, the biggest pains in using SSH are that there are three different private key formats and authorized_keys has the whole key rather than a fingerprint. So cut and paste really doesn't work very easily.
... and, while we are discussing this...
My biggest SSH complaint is a usability nit which causes security issues.
It may be an implementation / convention issue - I keep meaning to file a bug, but instead I'll just kvetch here...
In my .ssh directory there some keys. As an example, the RSA key I use for IETF NOC stuff:
-r-------- 1 wkumari staff 1675 Mar 13 2015 id_rsa_ietf_noc
-r-------- 1 wkumari staff 385 Mar 13 2015 id_rsa_ietf_noc.pub
I want to be able to use this key to login to routers and servers, so I need to share the public key with folk / copy it to a server so I can append it to an authorized_keys file / etc.
So, how do I do that?
Well, chances are I'm in a rush, so I do:
echo ~/.ssh/id_rsa_ie<tab tab> | email $someone
or
scp ~/.ssh/id_rsa_ie<tab> server.meeting.ietf.org:~/tmp
and, I've just emailed / copied off my *private* key.
The issue here is that the private key has no extension (and the public one does), and so tab completion helpfully completes to the private key.
This could be easily solved by making private keys be called id_rsa_ietf_noc.priv or something.
I guess I should really go file a bug, somewhere...
Those are both problems that I for one think are most likely to be fixed if these 'experts' get some outside perspective.
Yah.
I really could not care less what the format that they had chosen is. But having to juggle three when one would have been enough only makes the whole process less reliable and less user friendly.
Fully agree. And, making tab completion not complete to the private key would also be a user friendliness win...