Damien Miller

Sorry, we are not willing to accept a dependency on libsystemd. If there is a way to communicate this information without taking the dependency (similar to [what we're doing to...

We probably wouldn't be interested in dlopen()ing anything into sshd's address space, because it carries identical risks to direct linking. Maybe in a fork+exec'd subprocess, but that's obviously significantly more...

IMO the best solution here is to make `read_passphrase()` accept a printf(3)-style format string. Then it will be trivial to add the filename wherever it is used. I'll take a...

This looks pretty reasonable but I don't think any of the active developers have the GSSAPI knowledge to review the GSSAPI bits of this change. We'll have to find someone...

I think the socket activation detection logic could be simplified here, e.g. https://github.com/djmdjm/openssh-portable-wip/pull/6/commits/b0e44a0b474886b8315ec76bd2c0a562e22b0f7d

Also not sure whether socket activation should be magically auto-enabled or should require a flag, e.g. `-A` is free

IMO it's perfectly fine for -k not to work in this case On Tue, 22 Oct 2024, 16:50 dkg, ***@***.***> wrote: > ***@***.**** commented on this pull request. > ------------------------------...

Ok, that's reasonable. I've pushed some fixes to https://github.com/djmdjm/openssh-portable-wip/pull/6 - are you able to test that they still work?

This has been merged and will be in openssh-10.0, due in a couple of months. Thanks for writing this and your feedback along the way.

> I believe the expected behavior should also include searching for the certificate in the agent. Why? Your configuration explicitly requests only a plain key be used: ``` Host exemple.org...