Instead of a traditional authorized_keys file on my server, I'm using a custom key verifier which sshd calls via the AuthorizedKeysCommand
option. In the sshd_config, I can specify that this command should be fed the user's public key as an argument, like so:
AuthorizedKeysCommand /path/to/verifier %k
The problem is that the key encodes a lot of additional data and so can be quite large. If it's bigger than around 4135 bytes, sshd logs a fatal error while expanding the %k
token:
sshd[5914]: fatal: percent_expand: string too long
I've been combing through the source code of percent_expand
and I don't see anywhere where this string too long
error might be encountered. It appears that there is some kind of limit on the token size, but what is it? Where is it defined?