Expose AuthorizedKeysFile to user session

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

I’d like to ask about the best method of exposing AuthorizedKeysFile to
the user session, so that scripts such as ssh-copy-id that log-in and
locally run commands to append a key know where the file(s) are.

There’s (rightly or not) a large amount of assumption in the location of
~/.ssh/, even though pathnames.h does its best to make that flexible
with compile-time adjustments for paths: _PATH_SSH_USER_PERMITTED_KEYS,
yet not for others: "%.200s/.ssh/environment".

sshd_config does offer flexibility for some variables at runtime, though
that hasn’t been met by clients interacting with ssh because those
variable changes aren’t published.

I’m thinking do_setup_env could emit an envvar SSH_AUTHORIZEDKEYFILE(?)
of the first user-writeable file from this array, with tokens already
parsed so future changes should not impact clients. But is that
short‐sighted and instead or as well should _PATH_SSH_USER_DIR be shared
too?
Is there something obvious I don’t know of that could avoid all of this?

I had taken a step* at making ssh-copy-id work with a relocated
authorized_keys but Jakub Jelen informed me sshd_config is not often
readable by users. Which suggests sshd needs this work done.

* https://bugzilla.mindrot.org/show_bug.cgi?id=2932

Regards,

--
John ‘[Beta]’ Drinkwater        |      john@xxxxxxxxxxxxx
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux