On Thu, Jan 06, 2005 at 10:26:41AM +0100, Mathieu Roy wrote: > >> Do you add a prefix specifically disallow port-forwarding? > > > > That what was setup at Savannah, yes. > > But I guess we'll do it somehow else now. > > Out of curiosity, which prefix do that?
As far as I understand no-pty -> forbid ssh -t client option *-forwarding -> same as in sshd_config All in all, not very useful. > > So to sum up, > > > > - checking the key format is unnecessary and the code can be removed. > > > > - adding prefixes to authorized_keys is not a good design, one should > > rather run another ssh daemon for privileged users, and the code can > > be removed. > > I think so, yes. > > Regards, and thanks for your patient work :) Prefix stuff removed. Backend ran and does not recreate identical authorized_keys; the bug recreating nferrier's key was from the branch code and fixed back. I guess we're ready for the merge now. -- Sylvain
