On Thu, Oct 09, 2014 at 02:55:21PM -0400, Daniel Kahn Gillmor wrote: > On 10/09/2014 02:38 PM, Micah Cowan wrote: ... > > it was decided that the simplest way to proceed would be to use > > OpenSSH's AuthorizedKeysCommand config option, with the extension that > > the attempted key's fingerprint would be placed in the environment of > > the command, so that it could use it as an index, and limit its output > > to only the relevant key, ... > Thanks for working on this, Micah, and for publishing your patch. are > you aware of: > > https://bugzilla.mindrot.org/show_bug.cgi?id=2081 Ah - I wasn't. Thanks for bringing it to my attention! > This feedback should probably go to that bug report. I'm not sure what I have to add to it, other than a "Me, too!" ;) I don't know whether we'd have a preference in the debate over env versus arg (but I'll ask around); I suspect our own choice to use env was based just on not wanting to maintain a patch with too large a code change, or that introduces serious differences between how we specify the option versus how upstream does it. -mjc _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev