backdoor by authorized_keys2 leftovers

Damien Miller djm at
Wed May 11 21:48:38 EST 2011

On Tue, 10 May 2011, Jameson Graef Rollins wrote:

> On Tue, 10 May 2011 23:01:14 -0700, Dan Kaminsky <dan at> wrote:
> > I'd document, rather than remove. I think all my systems use
> > authorized_keys2.  You will end up locking users and admins out.
> I definitely agree with this sentiment.
> I also think that being able to specify multiple authorized_keys files
> is very useful, so I would prefer to just see this as a documented
> feature.

Perhaps we should make options.authorized_keys_file an array to let
people who want to use multiple files do so.


More information about the openssh-unix-dev mailing list