svn commit: r226046 - in head: crypto/openssh
crypto/openssh/openbsd-compat secure/usr.sbin/sshd
Peter Jeremy
peterjeremy at acm.org
Thu Oct 13 10:04:16 UTC 2011
On 2011-Oct-12 14:05:16 +0200, Dag-Erling Smørgrav <des at des.no> wrote:
>"Bjoern A. Zeeb" <bzeeb-lists at lists.zabbadoz.net> writes:
>> Mergemaster brought up this change:
>>
>> +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
>> +# but this is overridden so installations will only check .ssh/authorized_keys
>> +AuthorizedKeysFile .ssh/authorized_keys
>>
>> This will break setups that have authorized_keys2 files (only) and needs to
>> be reverted I think?
This is probably a reasonable change in head but, IMHO, it shouldn't
be MFC'd.
>authorized_keys2 has been deprecated for ~10 years now.
I find authorized_keys2 very handy at $work. I have one set of keys
that are centrally managed and common across all hosts and a second
set of keys that are local to each disjoint subgroup of hosts and
managed within each group. Using both authorized_keys and
authorized_keys2 substantially simplifies the overall key management.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/svn-src-head/attachments/20111013/76569f2f/attachment.pgp
More information about the svn-src-head
mailing list