So, the above comment really applied to protocol 1.
We're really only interested in protocol 2.
I've walked through the sshd code, and the relevant code here is:
auth2-pubkey.c:user_key_allowed2
It basically does:
- parse the line, ignoring the possibility of options entirely
if that is a valid key with a valid key type, then use it
- otherwise remove comment from the beginning and try parsing again
- if that succeeds, use comment and key.
list of known types in (key_type_from_name in key.c):
- rsa
- dsa
- ssh-rsa
- ssh-dss
- ecdsa
- <email address hidden>
- <email address hidden>
- <email address hidden>
- <email address hidden>
- <email address hidden>
- <email address hidden>
- <email address hidden>
So, the above comment really applied to protocol 1. pubkey. c:user_ key_allowed2
We're really only interested in protocol 2.
I've walked through the sshd code, and the relevant code here is:
auth2-
It basically does:
- parse the line, ignoring the possibility of options entirely
if that is a valid key with a valid key type, then use it
- otherwise remove comment from the beginning and try parsing again
- if that succeeds, use comment and key.
list of known types in (key_type_from_name in key.c):
- rsa
- dsa
- ssh-rsa
- ssh-dss
- ecdsa
- <email address hidden>
- <email address hidden>
- <email address hidden>
- <email address hidden>
- <email address hidden>
- <email address hidden>
- <email address hidden>