backdoor by authorized_keys2 leftovers
Philipp Marek
philipp.marek at linbit.com
Wed May 11 18:52:36 EST 2011
On Wednesday 11 May 2011, Damien Miller wrote:
> On Tue, 10 May 2011, Dan Kaminsky wrote:
> > >> Maybe it's time to drop the old stuff not to get haunted by such
> > >> leftovers again.
> > >
> > > Good point - I just committed a change to remove it for openssh-5.9
> >
> > I'd document, rather than remove. I think all my systems use
> > authorized_keys2. You will end up locking users and admins out.
>
> We'll document the removal :) Really, there is no reason to have two
> files that do exactly the same thing.
Well, there is a very good reason - easier configurability.
Having one file for the "static" admins, and one for the per-server
(application) executives is nice, IMO.
There are lots of places where instead of a file a directory is used - the
famous /etc/rc*.d/, /etc/cron.d, etc. etc.
Perhaps this should be an alternative - either have ~/.ssh/authorized_keys a
file, or a directory, but not both?
Regards,
Phil
More information about the openssh-unix-dev
mailing list