Re: patch to send incoming key to AuthorizedKeysCommand via stdin

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On  Mar 20 16:17-0400, Daniel Kahn Gillmor wrote:
> On 03/20/2014 03:58 PM, Scott Duckworth wrote:
<snip>
> > The patches for different openssh versions can be found at
> > https://bitbucket.org/ClemsonSoCUnix/django-sshkey.  The README.md file
> > describes some caveats, including the possibility for deadlock if the
> > command specified with AuthorizedKeysCommand does not fully consume or
> > close its standard input.
> 
> This is worrisome.  sshd itself shouldn't be adversely affected by
> subcommand failing to process the data in any way.  Do you see any way
> to make sshd more robust in this case?  (e.g. what if the key was
> provided as another command line parameter instead of stdin)
<snip>

Would it be reasonable to add another configuration option to specify
that you want to send the key via stdin to the AuthorizedKeysCommand,
and have it default to no/false?  This should be enough to prevent
breakage of existing implementations while still allowing the new and
useful functionality.

-- 
Eldon Koyle
-- 
... Logically incoherent, semantically incomprehensible, and legally ...
impeccable!
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux