Hello, James E. Blair, the FSF system administrator, insist on sanitizing the authorized_keys files.
Put it another way, we would check that what the user enters in the SSH keys fields, matches the OpenSSH format for protocol either version 1 and 2. Or only version 2 if we don't need to support version 1. Note that we don't support all versions of SSH anyway; I saw that apparently the 'ssh2' (proprietary) package from Debian uses another format that look more like a GPG key (header and multiples lines). There are not many version of the authorized_keys format, so the maintainance would not be tedious. As far as improvements are concerned, we gain a little bit in security (ie if authorized_keys were exploited a day), and we could tell the user when his key is not valid straight away. So, indepently of James' point of view, I think this feature is worth adding. What do you think? -- Sylvain
