On 2011-Oct-12 14:05:16 +0200, Dag-Erling Smørgrav <d...@des.no> wrote: >"Bjoern A. Zeeb" <bzeeb-li...@lists.zabbadoz.net> writes: >> Mergemaster brought up this change: >> >> +# The default is to check both .ssh/authorized_keys and >> .ssh/authorized_keys2 >> +# but this is overridden so installations will only check >> .ssh/authorized_keys >> +AuthorizedKeysFile .ssh/authorized_keys >> >> This will break setups that have authorized_keys2 files (only) and needs to >> be reverted I think?
This is probably a reasonable change in head but, IMHO, it shouldn't be MFC'd. >authorized_keys2 has been deprecated for ~10 years now. I find authorized_keys2 very handy at $work. I have one set of keys that are centrally managed and common across all hosts and a second set of keys that are local to each disjoint subgroup of hosts and managed within each group. Using both authorized_keys and authorized_keys2 substantially simplifies the overall key management. -- Peter Jeremy
pgpcCk3NoEtPC.pgp
Description: PGP signature