Security suggestion concering SSH and port forwarding.

Dan Kaminsky dan at
Mon Jan 19 21:55:30 EST 2004

>What is wrong with using public keys?
They're integrated a hell of alot better into web browsers than any 
SSH/SFTP client, and still failed?

Not saying pubkey isn't fantastic for us; noticably, we use a system 
practically designed for individual developers or small groups (don't we 
still linearly search through authorized_keys?).  But when dealing with 
those who know just enough about security to know FTP and Telnet are to 
be phased out, pubkey just isn't that good of an option.

scponly does sort of imply, um, scp only.  Perhaps supporting the pubkey 
permissions flags in sshd_config on a per-user basis might be feasible?


More information about the openssh-unix-dev mailing list