From owner-svn-src-all@FreeBSD.ORG Thu Oct 13 10:04:16 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3CE911065693; Thu, 13 Oct 2011 10:04:16 +0000 (UTC) (envelope-from peterjeremy@acm.org) Received: from fallbackmx08.syd.optusnet.com.au (fallbackmx08.syd.optusnet.com.au [211.29.132.10]) by mx1.freebsd.org (Postfix) with ESMTP id 26C5B8FC13; Thu, 13 Oct 2011 10:04:13 +0000 (UTC) Received: from mail36.syd.optusnet.com.au (mail36.syd.optusnet.com.au [211.29.133.76]) by fallbackmx08.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id p9D7nAbs022872; Thu, 13 Oct 2011 18:49:12 +1100 Received: from server.vk2pj.dyndns.org (c220-239-116-103.belrs4.nsw.optusnet.com.au [220.239.116.103]) by mail36.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id p9D7m2kB018638 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 13 Oct 2011 18:48:03 +1100 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.5/8.14.4) with ESMTP id p9D7m1Zq054965; Thu, 13 Oct 2011 18:48:01 +1100 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.5/8.14.4/Submit) id p9D7lxcK054964; Thu, 13 Oct 2011 18:47:59 +1100 (EST) (envelope-from peter) Date: Thu, 13 Oct 2011 18:47:58 +1100 From: Peter Jeremy To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= Message-ID: <20111013074758.GA54924@server.vk2pj.dyndns.org> References: <201110052208.p95M8H3C030566@svn.freebsd.org> <05F84C7F-A1CD-40E4-BDD5-BCACB58C56BF@lists.zabbadoz.net> <86botm2z5v.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm" Content-Disposition: inline In-Reply-To: <86botm2z5v.fsf@ds4.des.no> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.21 (2010-09-15) Cc: svn-src-head@freebsd.org, "Bjoern A. Zeeb" , svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r226046 - in head: crypto/openssh crypto/openssh/openbsd-compat secure/usr.sbin/sshd X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Oct 2011 10:04:16 -0000 --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2011-Oct-12 14:05:16 +0200, Dag-Erling Sm=F8rgrav wrote: >"Bjoern A. Zeeb" writes: >> Mergemaster brought up this change: >> >> +# The default is to check both .ssh/authorized_keys and .ssh/authorized= _keys2 >> +# but this is overridden so installations will only check .ssh/authoriz= ed_keys >> +AuthorizedKeysFile .ssh/authorized_keys >> >> This will break setups that have authorized_keys2 files (only) and needs= to >> be reverted I think? This is probably a reasonable change in head but, IMHO, it shouldn't be MFC'd. >authorized_keys2 has been deprecated for ~10 years now. I find authorized_keys2 very handy at $work. I have one set of keys that are centrally managed and common across all hosts and a second set of keys that are local to each disjoint subgroup of hosts and managed within each group. Using both authorized_keys and authorized_keys2 substantially simplifies the overall key management. --=20 Peter Jeremy --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk6Wl64ACgkQ/opHv/APuIf3IQCgoyBps8HbPDNyob7yHs2Vd75P FRUAnjaUjFwG/x1GYGR/Zh4RxRkZvuwi =JdzP -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm--