Date: Thu, 13 Oct 2011 18:47:58 +1100 From: Peter Jeremy <peterjeremy@acm.org> To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no> Cc: svn-src-head@freebsd.org, "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r226046 - in head: crypto/openssh crypto/openssh/openbsd-compat secure/usr.sbin/sshd Message-ID: <20111013074758.GA54924@server.vk2pj.dyndns.org> In-Reply-To: <86botm2z5v.fsf@ds4.des.no> References: <201110052208.p95M8H3C030566@svn.freebsd.org> <05F84C7F-A1CD-40E4-BDD5-BCACB58C56BF@lists.zabbadoz.net> <86botm2z5v.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
--EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2011-Oct-12 14:05:16 +0200, Dag-Erling Sm=F8rgrav <des@des.no> wrote: >"Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> writes: >> Mergemaster brought up this change: >> >> +# The default is to check both .ssh/authorized_keys and .ssh/authorized= _keys2 >> +# but this is overridden so installations will only check .ssh/authoriz= ed_keys >> +AuthorizedKeysFile .ssh/authorized_keys >> >> This will break setups that have authorized_keys2 files (only) and needs= to >> be reverted I think? This is probably a reasonable change in head but, IMHO, it shouldn't be MFC'd. >authorized_keys2 has been deprecated for ~10 years now. I find authorized_keys2 very handy at $work. I have one set of keys that are centrally managed and common across all hosts and a second set of keys that are local to each disjoint subgroup of hosts and managed within each group. Using both authorized_keys and authorized_keys2 substantially simplifies the overall key management. --=20 Peter Jeremy --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk6Wl64ACgkQ/opHv/APuIf3IQCgoyBps8HbPDNyob7yHs2Vd75P FRUAnjaUjFwG/x1GYGR/Zh4RxRkZvuwi =JdzP -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111013074758.GA54924>