Disabling $HOME/.ssh/rc

Fri Oct 23 06:19:10 EST 2009

On Thu, Oct 22, 2009 at 11:25:07AM -0700, Scott Neugroschl wrote:
> > I'm concerned with the use of ~/.ssh/rc  and similar files.  The 
> > problem is that if $HOME is on an NFS server then this essentially 
> > means user accounts can be compromised due to ssh activity, or a 
> > locked down account (command= restrictions) may be able to exceed it's
> > expected access rights.

> Guess what?  You get to edit and distribute authorized_keys again.  If
> you look at the man for sshd, in the authorized_keys section, you see
> that you can add no-user-rc as a comment on any particular key.

*google**google*

Hmm, that came in with 4.9p1 ?

Unfortunately the product we're using (which I believe runs a modified sshd)
uses 4.3p2.  Hmm.

Maybe we should push the vendor to upgrade!

Thanks.

Rgds
Stephen