Risk of StrictMode (but read only)

Don Hoover dxh at yahoo.com
Wed Jul 16 00:51:00 EST 2008


Is there a risk associated with having authorized_keys files set to readable but "StrictMode no"?

I am thinking particularly in the case of having public keys all centralized in a directory in /etc or something.


Is it really a potential hack vector if someone can read a public key, or is the only real danger if they were writable?

---
Don Hoover
dxh at yahoo.com


More information about the openssh-unix-dev mailing list