backdoor by authorized_keys2 leftovers

Philipp Marek philipp.marek at
Wed May 11 18:52:36 EST 2011

On Wednesday 11 May 2011, Damien Miller wrote:
> On Tue, 10 May 2011, Dan Kaminsky wrote:
> > >> Maybe it's time to drop the old stuff not to get haunted by such
> > >> leftovers again.
> > > 
> > > Good point - I just committed a change to remove it for openssh-5.9
> > 
> > I'd document, rather than remove. I think all my systems use
> > authorized_keys2.  You will end up locking users and admins out.
> We'll document the removal :) Really, there is no reason to have two
> files that do exactly the same thing.
Well, there is a very good reason - easier configurability.

Having one file for the "static" admins, and one for the per-server 
(application) executives is nice, IMO.

There are lots of places where instead of a file a directory is used - the 
famous /etc/rc*.d/,  /etc/cron.d, etc. etc.

Perhaps this should be an alternative - either have ~/.ssh/authorized_keys a 
file, or a directory, but not both?



More information about the openssh-unix-dev mailing list