openssh-unix-dev May 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: backdoor by authorized_keys2 leftovers

Re: backdoor by authorized_keys2 leftovers

From: Ángel González <keisial_at_nospam>
Date: Wed May 11 2011 - 17:24:16 GMT
To: Iain Morgan <imorgan@nas.nasa.gov>

Iain Morgan wrote:
> I was going to suggest something similar, but you beat me to it. :-)
>
> One scenario that could potentially be useful in a cluster environment
> would be to allow per-host authorized_keys files. Support for the
> following syntax might be useful:
>
> AuthorizedKeysFile %h/.ssh/authorized_keys.%H,%h/.ssh/authorized_keys
>
> where '%H' would be expanded as the server's hostname. (I don't
> particulary like '%H', but '%h' is already used.)
>
> This would allow clusters which use a shared home filesystem to have
> authorized_keys files which are tailored for a specific host and the
> capability to fall back to a more generic file in the absence of a
> host-specific one.
>
> By the way, I applaud getting rid of the old cruft.
To fall back? As I understood it, they would be additive.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev