Hi, I?d like to ask about the best method of exposing AuthorizedKeysFile to the user session, so that scripts such as ssh-copy-id that log-in and locally run commands to append a key know where the file(s) are. There?s (rightly or not) a large amount of assumption in the location of ~/.ssh/, even though pathnames.h does its best to make that flexible with compile-time adjustments for paths: _PATH_SSH_USER_PERMITTED_KEYS, yet not for others: "%.200s/.ssh/environment". sshd_config does offer flexibility for some variables at runtime, though that hasn?t been met by clients interacting with ssh because those variable changes aren?t published. I?m thinking do_setup_env could emit an envvar SSH_AUTHORIZEDKEYFILE(?) of the first user-writeable file from this array, with tokens already parsed so future changes should not impact clients. But is that short?sighted and instead or as well should _PATH_SSH_USER_DIR be shared too? Is there something obvious I don?t know of that could avoid all of this? I had taken a step* at making ssh-copy-id work with a relocated authorized_keys but Jakub Jelen informed me sshd_config is not often readable by users. Which suggests sshd needs this work done. * https://bugzilla.mindrot.org/show_bug.cgi?id=2932 Regards, -- John ?[Beta]? Drinkwater | john at nextraweb.com