backdoor by authorized_keys2 leftovers
Ángel González
keisial at gmail.com
Thu May 12 03:24:16 EST 2011
Iain Morgan wrote:
> I was going to suggest something similar, but you beat me to it. :-)
>
> One scenario that could potentially be useful in a cluster environment
> would be to allow per-host authorized_keys files. Support for the
> following syntax might be useful:
>
> AuthorizedKeysFile %h/.ssh/authorized_keys.%H,%h/.ssh/authorized_keys
>
> where '%H' would be expanded as the server's hostname. (I don't
> particulary like '%H', but '%h' is already used.)
>
> This would allow clusters which use a shared home filesystem to have
> authorized_keys files which are tailored for a specific host and the
> capability to fall back to a more generic file in the absence of a
> host-specific one.
>
> By the way, I applaud getting rid of the old cruft.
To fall back? As I understood it, they would be additive.
More information about the openssh-unix-dev
mailing list