backdoor by authorized_keys2 leftovers

Ángel González keisial at
Thu May 12 03:24:16 EST 2011

Iain Morgan wrote:
> I was going to suggest something similar, but you beat me to it. :-)
> One scenario that could potentially be useful in a cluster environment
> would be to allow per-host authorized_keys files. Support for the
> following syntax might be useful:
> AuthorizedKeysFile %h/.ssh/authorized_keys.%H,%h/.ssh/authorized_keys
> where '%H' would be expanded as the server's hostname. (I don't
> particulary like '%H', but '%h' is already used.)
> This would allow clusters which use a shared home filesystem to have
> authorized_keys files which are tailored for a specific host and the
> capability to fall back to a more generic file in the absence of a
> host-specific one.
> By the way, I applaud getting rid of the old cruft.
To fall back? As I  understood it, they would be additive.

More information about the openssh-unix-dev mailing list