-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization process is not atomic #28
Comments
Maybe we could use file renaming when removing public keys.
However, this still does not gaurantee atomicity of each authorization request when there are multiple overlapped authorization requests to a single destination server. |
Seems the most feasible idea for the moment.
Yes, although the assumption is merely for the sake of convenience. It would be better if we have a solution for that which is not that complicated. |
I realized that GCE pre-populates project-global user SSH keypairs automatically into instances (this may be disabled as an option when creating an instance though) -- so simply overwriting the |
Although it was deprecated more than a decade ago, OpenSSH server still recognizes |
The current way to modify .ssh/authorized_keys list is only half atomic. When add public keys to the list it's
open()
ed witha
ppend mode, but when remove public keys from it the whole file is removed and created again. The later process can be failed immediately after the file is removed but not created again yet.The text was updated successfully, but these errors were encountered: