backdoor by authorized_keys2 leftovers

Rado S list2rado at gmx.de
Tue May 10 00:21:03 EST 2011


Hi devs,

recently I had to replace authorized_keys on several systems to
enforce an access policy change.
I was badly surprised that authorized_keys2(!) was still processed,
which allowed some old keys to enter the systems again, because I
wasn't aware of the file's existance on the server and use by sshd,
since this "backward compatibility" isn't documented, not even a
historical reference about "obsolete" or "deprecated".

Maybe it's time to drop the old stuff not to get haunted by such
leftovers again.

Thanks, regards,
Rado

-- 
© Rado S. -- You must provide YOUR effort for your goal!
EVERY effort counts: at least to show your attitude.
You're responsible for ALL you do: you get what you give.


More information about the openssh-unix-dev mailing list