Bug#76312: marked as done (support for multiple authorized_keys)
Your message dated Thu, 08 Sep 2011 00:03:24 +0000
with message-id <E1R1S5U-00086H-2l@franck.debian.org>
and subject line Bug#76312: fixed in openssh 1:5.9p1-1
has caused the Debian Bug report #76312,
regarding support for multiple authorized_keys
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
76312: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=76312
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: ssh
Version: 1:1.2.3-9
Severity: wishlist
Hi!
In our setup, we have global authorized_keys file that are distributed
automatically on our server systems. I have a system that belongs to
me personally, but that is member of this distribution system.
However, I want to be able to log in to that box with a key that does
not grant access rights to the other systems.
I currently have a cron job on that machine that periodically checks
if my special key is listed in the authorized_keys file and if not
appends it there.
It probably would be a good idea to be able to specify the
authorized_keys file in the global sshd config file, and to be able to
specify multiple authorized_keys file (as a wild card maybe?). The
default should be ~/.ssh/authorized_keys to not confuse administrators.
Greetings
Marc
-- System Information
Debian Release: 2.2
Architecture: i386
Kernel: Linux paola 2.2.17 #1 Tue Sep 5 10:36:11 CEST 2000 i586
Versions of packages ssh depends on:
ii libc6 2.1.3-13 GNU C Library: Shared libraries an
ii libpam-modules 0.72-9 Pluggable Authentication Modules f
ii libpam0g 0.72-9 Pluggable Authentication Modules l
ii libssl09 0.9.4-5 SSL shared libraries
ii libwrap0 7.6-4 Wietse Venema's TCP wrappers libra
ii zlib1g [libz1] 1:1.1.3-5 compression library - runtime
-- Configuration Files:
/etc/pam.d/ssh changed [not included]
/etc/ssh/ssh_config changed [not included]
/etc/ssh/sshd_config changed [not included]
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:5.9p1-1
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:
openssh-client-udeb_5.9p1-1_i386.udeb
to main/o/openssh/openssh-client-udeb_5.9p1-1_i386.udeb
openssh-client_5.9p1-1_i386.deb
to main/o/openssh/openssh-client_5.9p1-1_i386.deb
openssh-server-udeb_5.9p1-1_i386.udeb
to main/o/openssh/openssh-server-udeb_5.9p1-1_i386.udeb
openssh-server_5.9p1-1_i386.deb
to main/o/openssh/openssh-server_5.9p1-1_i386.deb
openssh_5.9p1-1.debian.tar.gz
to main/o/openssh/openssh_5.9p1-1.debian.tar.gz
openssh_5.9p1-1.dsc
to main/o/openssh/openssh_5.9p1-1.dsc
openssh_5.9p1.orig.tar.gz
to main/o/openssh/openssh_5.9p1.orig.tar.gz
ssh-askpass-gnome_5.9p1-1_i386.deb
to main/o/openssh/ssh-askpass-gnome_5.9p1-1_i386.deb
ssh-krb5_5.9p1-1_all.deb
to main/o/openssh/ssh-krb5_5.9p1-1_all.deb
ssh_5.9p1-1_all.deb
to main/o/openssh/ssh_5.9p1-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 76312@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 07 Sep 2011 23:46:00 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:5.9p1-1
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 75043 76312 229124 429243 444691 498297 504757 560156 599240
Changes:
openssh (1:5.9p1-1) unstable; urgency=low
.
* New upstream release (http://www.openssh.org/txt/release-5.9).
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
* Update OpenSSH FAQ to revision 1.112.
Checksums-Sha1:
0ba9f1a9edfa3382d0bb8d46662171d3d69f3899 2262 openssh_5.9p1-1.dsc
ac4e0055421e9543f0af5da607a72cf5922dcc56 1110014 openssh_5.9p1.orig.tar.gz
97168246fc1a9b3377de171f14909bd6d78a672d 237065 openssh_5.9p1-1.debian.tar.gz
fc55a383f87b5c4d8340424516e6cd32c50eeb7e 1037764 openssh-client_5.9p1-1_i386.deb
a2c769a195a70fefb281d5f8499d83e641f0603d 339636 openssh-server_5.9p1-1_i386.deb
55337e28e302f6a20f77ff2b9dadc906a26d84d4 1248 ssh_5.9p1-1_all.deb
5f1c19ea1c8c4d87f33a28ffd1d550ddc48d6723 83452 ssh-krb5_5.9p1-1_all.deb
dfda1d639fd38b0a2034c0edeef722196f0e1e4d 90930 ssh-askpass-gnome_5.9p1-1_i386.deb
3f518a8c2e8170cbb05095427f361dfbe21b22fa 258686 openssh-client-udeb_5.9p1-1_i386.udeb
9cb16057d691947ec282ad7590d56da6eaa12ca2 291406 openssh-server-udeb_5.9p1-1_i386.udeb
Checksums-Sha256:
ea680e24ff1dd762b6cbfb5435a8a72516dd7723aecd1d88c8de5a1d4461847b 2262 openssh_5.9p1-1.dsc
8d3e8b6b6ff04b525a6dfa6fdeb6a99043ccf6c3310cc32eba84c939b07777d5 1110014 openssh_5.9p1.orig.tar.gz
b49c3539c20815557338dc4a20d44b4aa3a2b2c6a1c84af4fcae6670ed24d753 237065 openssh_5.9p1-1.debian.tar.gz
453af7f76ad8e7ab72b2dac158cab923513c061fad0cac6342f11d894bdc20f3 1037764 openssh-client_5.9p1-1_i386.deb
401a3d25c0611763bf43cefee2eaa52cfe56ef3093b4287eb40097e6f8a532d7 339636 openssh-server_5.9p1-1_i386.deb
1d421348d13e33abe2f0a1a8cbd5056ffc198ca513429334295fc6cd4e4dc09d 1248 ssh_5.9p1-1_all.deb
4d43ef9be6b94af2c2b79939d5d0e69b0486442790cc4e71781479b47d009141 83452 ssh-krb5_5.9p1-1_all.deb
0483699f810a8f75ab5aca6e12cf1de45ed5d6cc4a27bc079fb14607f0ec84b0 90930 ssh-askpass-gnome_5.9p1-1_i386.deb
6253bdc1f1311292eb8189733b2c2549ffe3748b40935c00bb9d8c3a55c3d6e2 258686 openssh-client-udeb_5.9p1-1_i386.udeb
612bc799c4bf8d5110c3ab38ad944a95209a72528b2334ecedcdf4c41d0d9102 291406 openssh-server-udeb_5.9p1-1_i386.udeb
Files:
1eeb747651ca43d84013d4ed19fa6673 2262 net standard openssh_5.9p1-1.dsc
afe17eee7e98d3b8550cc349834a85d0 1110014 net standard openssh_5.9p1.orig.tar.gz
ae82efba18958ccd27ae0cb176291360 237065 net standard openssh_5.9p1-1.debian.tar.gz
d901c07e5a89146b229503d4e2a7ecd9 1037764 net standard openssh-client_5.9p1-1_i386.deb
f483c10831cc6ad016f328d2d9bbfdfb 339636 net optional openssh-server_5.9p1-1_i386.deb
b83d4d08aebef3f4d4893dff49e1f6b4 1248 net extra ssh_5.9p1-1_all.deb
16a6817cc68764309d961e54dda85b31 83452 net extra ssh-krb5_5.9p1-1_all.deb
71d5db3e60bb2c5909b2951908d26f73 90930 gnome optional ssh-askpass-gnome_5.9p1-1_i386.deb
a7a4fa8017a653f710179e404d082bf6 258686 debian-installer optional openssh-client-udeb_5.9p1-1_i386.udeb
7a3384769372b751843da6843d8f82d6 291406 debian-installer optional openssh-server-udeb_5.9p1-1_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBTmgDcjk1h9l9hlALAQgK2A//YYdEfoC7aZO7BGCVr74wcFEizPsa8yBb
uAU5j21sGOkPQhvjAs13G6KlbC5E7ZArbKWgu5uL6uC/yyvp2pCMkhqnL4Ds0sf+
fZ2rWEbYOpGcx/ovRx5PKElhfNp656SpSqNMDGvqlP7Nmc6tU0gv9oBQ6zDJYI9l
Cz6RshQ1MMgeoTCiiOINJ2rWRu3e/kwEXhPxcnXc1wW22c5c3wcYDgsoWjm7NcCT
tpXacBK2b1VebfdlqcoLh3gcVQJ0eSkxuxSFTzChwR6sGxnLZvqKIll3Lt96FbnF
KZY0A9Mcv8iPOMXOsO5lrWs1wdCY9cuiRPhqUlsXeU1KkW3AsbOYitz51AyQL1EH
9wA6q4Kg/Au/IAEftNXUvgmxmvpDuwfFYvSZVP83s1gIk/uX+Ln/Y44ptKx1BKKb
D7Z+Dm5tDYFlcsym0foqlstqE/fIQErsCydDZZM5k4ZTPGRcYhxu8mrc5OiFsn8D
DWr8xutVL6EGl3TSk+xjseptz0U2b3+r3ltm9YOtt6JsAkeO1T1HUK/RWNgWWfK0
+XBvKNXlHIi8Dco1GwYn/fn4QdxJzN/W/IZVMsFe6FvYhXl+Czzgikz8D3LcY0L7
7MuK4QMhxq0Ot/rS20dd0+Mt4cNoZXjKCZptGOsTHc86NbJFTQArPQkkfjEr00A3
/XVJMDk+yjE=
=IbPg
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: