This appears to be rather poorly supported compared to the rsa key equivalent... The man page implies that ~/.ssh/authorized_keys & ~/.ssh/authorized_keys2 are similar format. In fact the code will only read DSA keys from the ~/.ssh/authorized_keys2 file - the options entries are not supported, and putting options in causes key recognition to fail. I guess ideally the key reader needs to strip off the pre-key material, and then pass it to a common options parser shared with the rsa key handler (why duplicate the code). An alternative is that the options could be added to the end of the key line... I don't like that much, but in either case the options ought to be supported. Nigel. -- [ - Opinions expressed are personal and may not be shared by VData - ] [ Nigel Metheringham Nigel.Metheringham at VData.co.uk ] [ Phone: +44 1423 850000 Fax +44 1423 858866 ]
On Tue, 27 Jun 2000, Nigel Metheringham wrote:> This appears to be rather poorly supported compared to the rsa key > equivalent... > > The man page implies that ~/.ssh/authorized_keys & > ~/.ssh/authorized_keys2 are similar format. In fact the code will only > read DSA keys from the ~/.ssh/authorized_keys2 file - the options > entries are not supported, and putting options in causes key > recognition to fail.This has been improved in the snapshots. Take a look at http://www.mindrot.org/misc/junk/openssh-SNAP-20000628.tar.gz Regards, Damien Miller -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)