Sylvain Beucler <[EMAIL PROTECTED]> tapota : >> > I'll ask Jim why this test was important, and depending on his reply, >> > we'll reconsider the issue, including the need for >> > $sys_authorized_keys_prefix. >> > >> > Meanwhile, we need it. I'm also reactivating and debugging the change >> > in GetUserSSHKeyReal - else all keys will be rewritten, since it would >> > include the prefix. >> >> But make sure it does not alter the content of others keys (in some >> cases, it was remove the first character of the key). > > I did fix that shameful bug. > > I am waiting for a reply from Jim so I get some input about why this > was set up in the first place. > > Incidentally, one can use port forwarding at Gna!, hence make Gna! do > unwanted connections, for example: > > $ ssh [EMAIL PROTECTED] -L 8080:www.gnu.org:80 "cvs server" > $ links http://localhost:8080 > > So, the feature has some usefulness, allowing to make a kind of > special sshd_config for Savane-managed users, but I hesitate about > including it.
Hum, as we provide ssh access, I guess we can assume that using -L is ok. Shouldn't we? > > I noticed some other bugs when rewriting SSH keys: > > - SSH keys are recreated: > > * if the user_name contains a comma (,) - I'll fix this after the > branch is merged, as promised some months ago But if user_name contain a comma, there's a bug, as it is not legitimate in a unix name, is it? > > * if one of the existing SSH keys if empty (causing 2 newlines > "######") - I didn't check that yet. It was the case for > nferrier's account at Savannah :) Interesting. -- Mathieu Roy +---------------------------------------------------------------------+ | General Homepage: http://yeupou.coleumes.org/ | | Computing Homepage: http://alberich.coleumes.org/ | | Not a native english speaker: | | http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english | +---------------------------------------------------------------------+
