Re: Misc development news (#8)
On Sun, 01 Jun 2008, Philip Hands wrote:
> If there's some reason that you want specific keys to only give access
> to specific hosts, and if the reason justifies the effort, I suppose it
> would be possible to come up with a way of tagging which hosts any
> particular key should give access to in LDAP -- is that why you're
> worried about the loss of this feature?
Actually, that's already on the TODO list. Something like adding
'host="samosa,gluck,merkel" in front of your key and having that key
only exported to the named hosts.
Probably ok for interactive keys, for stuff that's command locked
however the symlink approach we currently use is probably easier on the
user. That way they can edit their own file and can immediately test
1. (See /ssh-keys on gluck and tail -n2 /etc/ssh/sshd_config)