OpenSSH-RSAAuth-NFS

Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
Sat Jul 28 19:03:20 EST 2001


On Fri, Jul 27, 2001 at 10:21:36AM +0200, Tim McGarry wrote:
> Here's a bunch of changes I've made to the current portable version of
> OpenSSH.
> 
> The aim is that the rsa_authentication flag in sshd_config can be given the
> values "without-nfs" This is really handy within a large organization where
> incorrectly secured home directories can allow authorized_keys(2) to be
> modified by someone other than the owner.
> 
> So now rsa_authentication can take the values (no,without-nfs,yes). Maybe it
> would be better to use (no,yes,with-nfs). So it's an active decision that
> the user has to make if the wish to allow authorized_keys(2) from nfs
> mounts.
> 
> I'd like to feed this enhancement back into the OpenBSD build, NFS security
> is not just a problem that relates to Solaris.

the security of NFS depends on how it is used.

instead i suggest the AuthorizedKeysFile option from sshd.



More information about the openssh-unix-dev mailing list