ownership of authorized_keys

Han Boetes han at mijncomputer.nl
Fri Jan 20 03:06:11 EST 2006


I would like to make it impossible for users to change the
contents of the authorized_keys-file.

I just found out about the sshd_config setting:

  AuthorizedKeysFile /etc/ssh/authorized_keys/%u

But even in that case that file has to be owned by the user,
unless I set ``StrictModes no'' which would allow other
nastyness. I would like to request that that file could also be
owned by root, so I can make that file immutable for the user,
even on filesystems which don't support the immutable flag, for
example jfs on GNU/Linux.

# Han
    \    /   The two things that can get you into trouble quicker than
    )\__/(         anything else are fast women and slow horses.
Ts   (OO)

More information about the openssh-unix-dev mailing list