authorized_keys2 directory idea
Rob Hagopian
rob at hagopian.net
Tue Jun 5 07:13:44 EST 2001
On Mon, 4 Jun 2001, Markus Friedl wrote:
> On Mon, Jun 04, 2001 at 04:11:54PM -0400, Rob Hagopian wrote:
> > How do you see the time a key was added to your single file?
>
> rcs
Fine, but with cvs I could check out individual key files, I can't do that
with cvs and a single file.
> > Can you track
> > individual key changes through utils like tripwire? How about making some
> > keys immutable but allowing others to be updated?
>
> this is not ssh's business. all entries should be immutable
> to anybody but the user. the user should be able to edit all.
Really... that's awfully heavy handed to lay down security policy like
that... In fact, I have a number of keys that I don't want the user to be
able to modify at all as we've had problems with that in the past. Not to
mention that immutable with a higher security level can not be changed at
all without a reboot.
And you didn't address sym links... (and if they are set up correctly by
the user I don't believe there are security issues)
The general point is that every OS I can think of has additional
capabilities that can be applied to individual files that can not be
applied to multiple lines within a file. Counter, as you noted, is that
programs to do bulk modifications (sort and uniq [most of sed's stuff can
be done in a loop on all keys]) don't work as well with multiple files. I
still don't see why we can't have both, esp in contrib.
Life is not simple, there is never one best solution for everyone. Where
possible and reasonable I don't see why openssh can't be made more
flexible. I strongly feel that this (what I envision as a 20 line patch
with low security implications) is one of those times.
-Rob
More information about the openssh-unix-dev
mailing list