On Thu, Dec 04, 2008 at 02:03:52AM -0800, Steve Langasek wrote: || On Wed, Dec 03, 2008 at 11:19:52PM +0100, Jens Peter Secher wrote: || || > * The 'keyfiles' option is now obsolete. Instead the authentication || > module will automatically locate all files matching the pattern 'id_*' || > (the idea for this came from a patch from Javier Serrano Polo). || || That doesn't sound like a good idea to me. What if a user has extra ssh || keys lying around that multiple people have the passphrase to, which prior || to this change would have been perfectly safe? || || Also, why is the pattern id_*? ssh also recognizes 'identity' by default. || Shouldn't this really use the same pattern as ssh itself, i.e., || (identity|id_dsa|id_rsa)? In addition I, and probably some others, have the habit of disabling files by adding a .OFF extension to it. This practice is based on the (in my view) reasonable assumption that programs should not be scanning directories for files to use unless those directories are specially intended for that purpose. It probably would be fine if there were a (documented) ~/.ssh/id.d/ directory containing keys to be used (and nothing else). Ciao. Vincent. -- Vincent Zweije <firstname.lastname@example.org> | "If you're flamed in a group you <http://www.xs4all.nl/~zweije/> | don't read, does anybody get burnt?" [Xhost should be taken out and shot] | -- Paul Tomblin on a.s.r.
Description: Digital signature