Re: Other comments on draft-ietf-secsh-publickey-subsystem

[Nicolas Williams <Nicolas.Williams%sun.com@localhost>]

On Wed, Aug 30, 2006 at 12:54:01PM +0200, Jon Bright wrote:
> Nicolas Williams wrote:
> >
> >>>- An attribute is needed to set environment variables for the
> >>>  environment where the command/shell/subsystem is executed.
> >>Why?  Again, I think it's too late for this kind of substantive change.
> >
> >Because the facility you patterned this after (right?  OpenSSH?) has a
> >way to associate environment variables with public keys.
> 
> I didn't write the original version of this draft, I've just been 
> shepherding it since it became a WG working item.  It'd be nice to 
> document how OpenSSH does this, but I think it's too late to make this 
> the job of this draft.

But then OpenSSH can't implement this protocol without changing its
existing behaviour.

Therefore I think the fair thing to do would be to either allow the
'command-override' command to override subsystem commands also.

Nico
--