it's really^3 annoying that no matter the value of $HOME, that tilde_expand_filename() only looks at getpwnam() and friends instead of at least trying getenv("HOME"). What is the use case? HOME=longpath_to_config1 ssh -i ~/.ssh/key1 HOME=longpath_to_config2 ssh -i ~/.ssh/key2 but getpwnam() defeats this by always accessing what's in the passwd file. So .ssh/known_hosts is likewise read/written outside of $HOME/.ssh/ and the config files too don't remain in local scope. Sure 99% of users $HOME = pw->pw_dir, but there are a zillion programs that honor $HOME, so why doesn't the SSH client? Is the concern that SSHD obviously should get caught up honoring a problematic path when evaluating Authorized_Keys? Well then have a flag that forces just the use of getpwnam() for paths that are sensitive. Though frankly, I think this case can be narrowed further to just when euid=0 and should blithely use HOME when the daemon was launched by a user on a high port (eg. sshd -D -d). Thoughts? _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev