On Sat, 2018-03-17 at 00:52 +1030, David Newall wrote: > Jakub, > > There are two things that you've said which strike a chord with me. > > First is the patch which exports SSH_GSSAPI_DISPLAYNAME. The reason > why > this strikes a chord with me is that I've had a similar need, but > exporting the client's public key. I developed a small patch and > have > been patching servers on the machines on which I have that need. It > never occurred to me that it might be something that I should seek > to > share with the wider community. Should I? The patch is attached > (unless > this is a "strip all mime" list.) It could be neater, for example > by > removing the debug statements. Note that it exports the client's > public > key regardless of whether the session was authenticated using the > corresponding private key. (I'm happy to discuss why that was useful > to > me, but it's not really germane at this juncture.) That is how opensource should work -- when something is useful for you, it will most probably be useful for others and if you provide it back to the community, also more people might find it useful and start using it, improve it and build other awesome things on top of that. Specially for this case, I believe something more generic was recently implemented in current OpenSSH 7.6 based on the bug #2408 [1], which exports to PAM and session what ALL authentication methods were successful. There is a good news for you, you might no longer need to patch your machines and use what works out of the box (it is not exporting the whole public keys, but just the fingerprints, but you should be able to adjust your environment). > The second important thing that you said is that this is something: > a) > useful; b) for which a patch has been developed; c) years ago; and > d) > has been ignored. Does OpenSSH need more people with write access > to > the source? Well ... that would be a question for others than myself. I am in the same situation as you -- I have things that match similar criteria (mostly in openssh bugzilla) and frequently see the similar results. I can only assume that OpenBSD team has different priorities than we have at this moment, for better or worse. [1] https://bugzilla.mindrot.org/show_bug.cgi?id=2408 Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev