Re: Feature rqst/Patch: Attempted key's fp in env to AuthorizedKeysCommand

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Oct 09, 2014 at 02:55:21PM -0400, Daniel Kahn Gillmor wrote:
> On 10/09/2014 02:38 PM, Micah Cowan wrote:
...
> > it was decided that the simplest way to proceed would be to use
> > OpenSSH's AuthorizedKeysCommand config option, with the extension that
> > the attempted key's fingerprint would be placed in the environment of
> > the command, so that it could use it as an index, and limit its output
> > to only the relevant key,
...

> Thanks for working on this, Micah, and for publishing your patch.  are
> you aware of:
> 
>   https://bugzilla.mindrot.org/show_bug.cgi?id=2081

Ah - I wasn't. Thanks for bringing it to my attention!

> This feedback should probably go to that bug report.

I'm not sure what I have to add to it, other than a "Me, too!" ;)

I don't know whether we'd have a preference in the debate over env
versus arg (but I'll ask around); I suspect our own choice to use env
was based just on not wanting to maintain a patch with too large a code
change, or that introduces serious differences between how we specify
the option versus how upstream does it.

-mjc
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux