> > I'll ask Jim why this test was important, and depending on his reply, > > we'll reconsider the issue, including the need for > > $sys_authorized_keys_prefix. > > > > Meanwhile, we need it. I'm also reactivating and debugging the change > > in GetUserSSHKeyReal - else all keys will be rewritten, since it would > > include the prefix. > > But make sure it does not alter the content of others keys (in some > cases, it was remove the first character of the key).
I did fix that shameful bug. I am waiting for a reply from Jim so I get some input about why this was set up in the first place. Incidentally, one can use port forwarding at Gna!, hence make Gna! do unwanted connections, for example: $ ssh [EMAIL PROTECTED] -L 8080:www.gnu.org:80 "cvs server" $ links http://localhost:8080 So, the feature has some usefulness, allowing to make a kind of special sshd_config for Savane-managed users, but I hesitate about including it. I noticed some other bugs when rewriting SSH keys: - SSH keys are recreated: * if the user_name contains a comma (,) - I'll fix this after the branch is merged, as promised some months ago * if one of the existing SSH keys if empty (causing 2 newlines "######") - I didn't check that yet. It was the case for nferrier's account at Savannah :) - SSH keys is NOT recreated when sys_authorized_keys_prefix is changed; so I should remove the code in SSHKeyReal, and add the prefix when doing the comparison, but I didn't check yet whether SSHKeyReal is not used somewhere else, so things may end-up being a bit difficult.. - ok, I didn't test that one yet, just figured it out by logic. More to come hopefully soon. -- Sylvain _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
