[Bug 524226] Re: ssh-import-id - retrieve a key from a public keyserver and add to the authorized_keys file
dustin.kirkland at gmail.com
Fri Feb 19 15:28:38 GMT 2010
* May I ask for your opinion?
* Do we want it to remain non-trivial to add public keys to authorized_keys? Is there a security reason for doing so?
* Is this ssh-import-id utility just a bad idea?
* Do you have security concerns about the key retrieval method?
* Is SSL and/or Launchpad unsuitable for this sort of thing?
* Would there be any reason to force the client to authenticate with the server too? (I'd think not, as this is a public key, and an open URI).
* Is it inadvisable to put such a utility in /usr/bin such that it's discoverable in the default path? Would it be better to hide it away in /usr/lib or something?
* Is openssh-server the right/wrong place for this utility? Does the answer to that question change whether we're talking about Lucid or Lucid+1?
* Does this open up new opportunities for abuse somehow?
** Summary changed:
- ssh-import-id - retrieve a key from a public keyserver and add to the authorized_keys file
+ ssh-import-id: retrieve a key from a public keyserver and add to the authorized_keys file
ssh-import-id: retrieve a key from a public keyserver and add to the authorized_keys file
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs