Risk of StrictMode (but read only)

Iain Morgan imorgan at nas.nasa.gov
Wed Jul 16 05:31:12 EST 2008


On Tue, Jul 15, 2008 at 07:51:00 -0700, Don Hoover wrote:
> Is there a risk associated with having authorized_keys files set to readable but "StrictMode no"?
> 
> I am thinking particularly in the case of having public keys all centralized in a directory in /etc or something.
> 
> 
> Is it really a potential hack vector if someone can read a public key, or is the only real danger if they were writable?
> 
> ---
> Don Hoover
> dxh at yahoo.com
>

If Your OS supports POSIX ACLs, you could set an acl on each
authorized_keys file to make it readable by the user without having to
turn off StrictModes. (On Linux, you may need to supply the acl mount
option to enable POSIX ACL support.)

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list