Bug#560148: multiple AuthorizedKeysFiles

To: 560148@bugs.debian.org
Subject: Bug#560148: multiple AuthorizedKeysFiles
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 09 Dec 2009 14:11:31 -0500
Message-id: <[🔎] 4B1FF663.2070604@fifthhorseman.net>
Reply-to: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 560148@bugs.debian.org

regarding the patch to support multiple authorizedkeysfile configuration
choices for sshd [0]:

AuthorizedKeysFile currently is not supported by the Match keyword.  If
this feature of multiple AuthorizedKeysFile entries was supported, it
would be ambiguous for use within a Match block (e.g. would a new
AuthorizedKeysFile within a Match be a replacement for the generic
AuthorizedKeysFile, or would it be in addition to?).

Martin Krafft's proposal for an authorized_keys directory [1] would
permit system configuration of the type Bastian is proposing through the
use of symlinks like this:

 mkdir /etc/ssh/authorized_keys/user17
 ln -s ~user17/.ssh/authorized_keys /etc/ssh/authorized_keys/user17/

and set:
   AuthorizedKeysFile /etc/ssh/authorized_keys/%u

This would allow future inclusion of AuthorizedKeysFile in a Match block
(as an unambiguous override of other settings).

	--dkg

[0] http://bugs.debian.org/560148
[1] http://bugs.debian.org/481251

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Bug#560148: multiple AuthorizedKeysFiles
  - From: Bastian Blank <bastian@waldi.eu.org>

Prev by Date: Bug#560148: patch
Next by Date: Processed: bug 560148 is forwarded to https://bugzilla.mindrot.org/show_bug.cgi?id=172
Previous by thread: Bug#560148: patch
Next by thread: Bug#560148: multiple AuthorizedKeysFiles
Index(es):
- Date
- Thread