backdoor by authorized_keys2 leftovers
Rado S
list2rado at gmx.de
Tue May 10 00:21:03 EST 2011
Hi devs,
recently I had to replace authorized_keys on several systems to
enforce an access policy change.
I was badly surprised that authorized_keys2(!) was still processed,
which allowed some old keys to enter the systems again, because I
wasn't aware of the file's existance on the server and use by sshd,
since this "backward compatibility" isn't documented, not even a
historical reference about "obsolete" or "deprecated".
Maybe it's time to drop the old stuff not to get haunted by such
leftovers again.
Thanks, regards,
Rado
--
© Rado S. -- You must provide YOUR effort for your goal!
EVERY effort counts: at least to show your attitude.
You're responsible for ALL you do: you get what you give.
More information about the openssh-unix-dev
mailing list