Logging of comments on keys
Rob Hagopian
robopenssh at hagopian.net
Fri Feb 14 03:06:49 EST 2003
Well, the original argument against logging the comment was that a user
could go in and change their comment, my point was that this is not always
the case (and it doesn't have the be owned by root, it could be owned by
nobody or some other user).
Since a user could just go in and change their key anyway if the
authorized_keys file isn't chowned away, I don't see how logging the
comment is that much different from logging the key fingerprint anyway?
-Rob
On Tue, 11 Feb 2003, Markus Friedl wrote:
> On Tue, Feb 11, 2003 at 04:46:23PM -0500, Rob Hagopian wrote:
> > If the authorized_keys file is owned by root (a common situation for some
> > shared accounts we use) then users changing comments isn't an problem and
> > logging the comment would be useful?
>
> i doubt that we will log comments if a file is owned by root.
>
More information about the openssh-unix-dev
mailing list