backdoor by authorized_keys2 leftovers

Jameson Graef Rollins jrollins at
Wed May 11 16:23:30 EST 2011

On Tue, 10 May 2011 23:01:14 -0700, Dan Kaminsky <dan at> wrote:
> I'd document, rather than remove. I think all my systems use
> authorized_keys2.  You will end up locking users and admins out.

I definitely agree with this sentiment.

I also think that being able to specify multiple authorized_keys files
is very useful, so I would prefer to just see this as a documented

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <>

More information about the openssh-unix-dev mailing list