On Sun, 01 Jun 2008, Philip Hands wrote: > If there's some reason that you want specific keys to only give access > to specific hosts, and if the reason justifies the effort, I suppose it > would be possible to come up with a way of tagging which hosts any > particular key should give access to in LDAP -- is that why you're > worried about the loss of this feature?
Actually, that's already on the TODO list. Something like adding 'host="samosa,gluck,merkel" in front of your key and having that key only exported to the named hosts. Probably ok for interactive keys, for stuff that's command locked however the symlink[1] approach we currently use is probably easier on the user. That way they can edit their own file and can immediately test stuff. 1. (See /ssh-keys on gluck and tail -n2 /etc/ssh/sshd_config) -- weasel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
