openssh-unix-dev May 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: backdoor by authorized_keys2 leftovers

Re: backdoor by authorized_keys2 leftovers

From: Philipp Marek <philipp.marek_at_nospam>
Date: Wed May 11 2011 - 08:52:36 GMT
To: openssh-unix-dev@mindrot.org

On Wednesday 11 May 2011, Damien Miller wrote:
> On Tue, 10 May 2011, Dan Kaminsky wrote:
> > >> Maybe it's time to drop the old stuff not to get haunted by such
> > >> leftovers again.
> > >
> > > Good point - I just committed a change to remove it for openssh-5.9
> >
> > I'd document, rather than remove. I think all my systems use
> > authorized_keys2. You will end up locking users and admins out.
>
> We'll document the removal :) Really, there is no reason to have two
> files that do exactly the same thing.
Well, there is a very good reason - easier configurability.

Having one file for the "static" admins, and one for the per-server
(application) executives is nice, IMO.

There are lots of places where instead of a file a directory is used - the
famous /etc/rc*.d/, /etc/cron.d, etc. etc.

Perhaps this should be an alternative - either have ~/.ssh/authorized_keys a
file, or a directory, but not both?

Regards,

Phil
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev