Hi, While reviewing the installation of Kallithea on a test server, one of our college Unix admins pointed out two issues with the way SSH public keys are saved in .ssh/authorized_keys
1) When a user is deleted from the Kallithea system, the public key is not removed from the file. The only thing stopping access through SSH is when Kallithea does not find an active user and denies the request. It seems to me that removing the public key would greatly reduce the processing done before access is refused. 2) When a user submits a public key through the Web interface, the comment at the end of the key line is not copied into the authorized_keys file. The comment should be retained to help manually manage the file, or at least identify the users at a glance. Yes, I agree that the file is managed by the system, but sometimes you need to look at it. If you'd like, I can enter the issue in bitbucket, but at the moment it seems to be undergoing maintenance. Thanks --Louis Louis Bertrand, P.Eng. Professor, School of Science and Engineering Technology Durham College, Oshawa ON Canada ________________________________ ________________________________ This message is intended only for the named recipients. This message may contain information that is confidential or exempt from disclosure under applicable law. Any dissemination or copying of this message by anyone other than a named recipient is strictly prohibited. If you are not a named recipient or an employee or agent responsible for delivering this message to a named recipient, please notify us immediately, and permanently destroy this message and any copies you may have. Warning: Email may not be secure unless properly encrypted. _______________________________________________ kallithea-general mailing list kallithea-general@sfconservancy.org https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
