openssh-unix-dev May 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: backdoor by authorized_keys2 leftovers

Re: backdoor by authorized_keys2 leftovers

From: Espen Fjellvær Olsen <efo_at_nospam>
Date: Wed May 11 2011 - 06:42:34 GMT
To: openssh-unix-dev@mindrot.org

On 11. mai 2011 08:23, Jameson Graef Rollins wrote:
> On Tue, 10 May 2011 23:01:14 -0700, Dan Kaminsky<dan@doxpara.com> wrote:
>> I'd document, rather than remove. I think all my systems use
>> authorized_keys2. You will end up locking users and admins out.
> I definitely agree with this sentiment.
>
> I also think that being able to specify multiple authorized_keys files
> is very useful, so I would prefer to just see this as a documented
> feature.
>
> jamie.
I say either remove it, or make it a configuration option to disable it.
Where authorized_keys are controlled by the AuthorizedKeysFile option,
authorized_keys2 are not, which makes our distribution regimes a bit
troublesome as we will have to make use of /etc/ssh/sshrc to
delete/die/remove/something if %h/.ssh/authorized_keys2 is found.

-- BR Espen Fjellvær Olsen Basefarm AS _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev