On 03/21/2014 12:38 PM, Eldon Koyle wrote: > Would it be reasonable to add another configuration option to specify > that you want to send the key via stdin to the AuthorizedKeysCommand, > and have it default to no/false? This should be enough to prevent > breakage of existing implementations while still allowing the new and > useful functionality. I think minimizing configuration options would be good -- extra knobs make it easier for admins to break things and harder for admins to get things to work. Are we sure this concern can't just be fixed in code? I don't understand why using stdin would necessarily result in a deadlock to the parent, but maybe i just haven't worked through the problem in enough depth. --dkg
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
