Please sign in to comment.
allow non-gitolite keys to have options/command, etc
Apparently, ssh-keygen can take fingerprints of entire authkeys files also. This is totally undocumented. Since 'man ssh-keygen' only says: "Show fingerprint of specified public key file." and makes no mention of authorized_keys files, I had assumed that it treated a file containing this command="/usr/bin/backup" ssh-rsa ..... (i.e., a non-gitolite key that nevertheless contains a command) as just a special type of pubkey file. This meant, to me, that the presence or absence of a newline should not matter, because *without* the 'command=' it certainly doesn't. But what's actually happening is that it is treating this as an authorized_keys file, and in *that* mode, it requires a newline. I still don't see why it should require a newline as a *terminator*; having it as a *separator* should be sufficient, but it's pointless to argue about that when the feature itself is undocumented. Wizmaster (code at wizmaster at fr) had to dig into the openssh source code to figure this out and explain it to me.
- Loading branch information...