[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Misc development news (#8)

On Sun, 01 Jun 2008, Philip Hands wrote:

> If there's some reason that you want specific keys to only give access
> to specific hosts, and if the reason justifies the effort, I suppose it
> would be possible to come up with a way of tagging which hosts any
> particular key should give access to in LDAP -- is that why you're
> worried about the loss of this feature?

Actually, that's already on the TODO list.  Something like adding
'host="samosa,gluck,merkel" in front of your key and having that key
only exported to the named hosts.

Probably ok for interactive keys, for stuff that's command locked
however the symlink[1] approach we currently use is probably easier on the
user.  That way they can edit their own file and can immediately test

1. (See /ssh-keys on gluck and tail -n2 /etc/ssh/sshd_config)

Reply to: