httpd: make sshaut use multiple files#40
Merged
Conversation
pothos
reviewed
Apr 23, 2026
pothos
approved these changes
Apr 23, 2026
Contributor
pothos
left a comment
pothos
left a comment
There was a problem hiding this comment.
Looks good but using one hashmap would be nice to prevent the introduction of bugs that cause things to get out of sync.
This commit ensures that sshauth checks all files that may contain ssh keys like /etc/varlink-httpd/authorized_keys and the credentials for matching keys. It will also no longer die when no keys are found but instead keep waiting for other authentication sources to appear. This is fine because we are socket activated anyway and it avoid a failure on a fresh VM that has no authentication but a running varlink-httpd which currently just fails in this setup.
The exiting ssh key caching was a bit ad-hoc, just using hashmap etc. With the extension to multiple files this became a bit loose. So this commit refactors the code to have a proper type for a ssh KeyFile and the KeyCache with the associated methods to manage them. Thanks to Kai for suggesting this.
mvo5
force-pushed
the
check-multi-authorized-keys
branch
from
05c8c40 to
1d7f0b8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit ensures that sshauth checks all files that may contain ssh keys like /etc/varlink-httpd/authorized_keys and the credentials for matching keys. It will also no longer die when no keys are found but instead keep waiting for other authentication sources to appear.
This is fine because we are socket activated anyway and it avoid a failure on a fresh VM that has no authentication but a running varlink-httpd which currently just fails in this setup.