LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

OpenSSH 6.2 released

OpenSSH 6.2 released

Posted Apr 3, 2013 4:47 UTC (Wed) by sitaram (subscriber, #5959)
In reply to: OpenSSH 6.2 released by gebi
Parent article: OpenSSH 6.2 released

It would be even more awesome if it would add the fingerprint of the incoming public key, along with the username, when calling the external program.

I admit the use case is very narrow though; I'm speaking as the author of gitolite, where it's not uncommon to see a few hundreds or more pubkeys in one authorized_keys file. The external program could help to cut down the time taken to do the linear scan that sshd currently seems to do when presented with a key.

(And I checked the protocol; http://tools.ietf.org/html/rfc4252#section-7 appears to indicate that some information about the key being offered (it's called "public key blob" in the rfc) *does* go to the ssh server from the ssh client before any authN happens.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds