On Mar 20 16:17-0400, Daniel Kahn Gillmor wrote: > On 03/20/2014 03:58 PM, Scott Duckworth wrote: <snip> > > The patches for different openssh versions can be found at > > https://bitbucket.org/ClemsonSoCUnix/django-sshkey. The README.md file > > describes some caveats, including the possibility for deadlock if the > > command specified with AuthorizedKeysCommand does not fully consume or > > close its standard input. > > This is worrisome. sshd itself shouldn't be adversely affected by > subcommand failing to process the data in any way. Do you see any way > to make sshd more robust in this case? (e.g. what if the key was > provided as another command line parameter instead of stdin) <snip> Would it be reasonable to add another configuration option to specify that you want to send the key via stdin to the AuthorizedKeysCommand, and have it default to no/false? This should be enough to prevent breakage of existing implementations while still allowing the new and useful functionality. -- Eldon Koyle -- ... Logically incoherent, semantically incomprehensible, and legally ... impeccable! _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
