[Bug 524226] Re: ssh-import-id - retrieve a key from a public keyserver and add to the authorized_keys file

Dustin Kirkland dustin.kirkland at gmail.com
Fri Feb 19 15:28:38 GMT 2010


Kees-

  * May I ask for your opinion?
  * Do we want it to remain non-trivial to add public keys to authorized_keys?  Is there a security reason for doing so?
  * Is this ssh-import-id utility just a bad idea?
  * Do you have security concerns about the key retrieval method?
  * Is SSL and/or Launchpad unsuitable for this sort of thing?
  * Would there be any reason to force the client to authenticate with the server too?  (I'd think not, as this is a public key, and an open URI).
  * Is it inadvisable to put such a utility in /usr/bin such that it's discoverable in the default path?  Would it be better to hide it away in /usr/lib or something?
  * Is openssh-server the right/wrong place for this utility?  Does the answer to that question change whether we're talking about Lucid or Lucid+1?
  * Does this open up new opportunities for abuse somehow?

:-Dustin

** Summary changed:

- ssh-import-id - retrieve a key from a public keyserver and add to the authorized_keys file
+ ssh-import-id: retrieve a key from a public keyserver and add to the authorized_keys file

-- 
ssh-import-id: retrieve a key from a public keyserver and add to the authorized_keys file
https://bugs.launchpad.net/bugs/524226
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.



More information about the Ubuntu-server-bugs mailing list