Re: Bug or feature?
From: Richard E. Silverman (slade@shore.net)Date: 03/16/02
- Next message: Bogo: "Re: Trouble with Public Key Authentication"
- Previous message: Richard E. Silverman: "Re: Trouble with Public Key Authentication"
- In reply to: Martin Schroeder: "Bug or feature?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: slade@shore.net (Richard E. Silverman) Date: 16 Mar 2002 01:05:57 -0500
>>>>> "MS" == Martin Schroeder <emes@geomer.de> writes:
MS> Hi, just a simple question.
MS> If you set the AuthorizedKeysFile to an absolute path (ie.
MS> AuthorizedKeysFile /var/ssh/authorized_keys2) in sshd_config, then
MS> any user who's key is listed in authorized_keys2 can become any
MS> user on the system (including root). Is this a bug or feature?
I'm not sure whether you're asking if this behavior is due to a
programming error, or if it's just not a good idea. It's not a bug in
that it corresponds to the documented behavior.
By giving an absolute pathname that does not include any variables (%h
etc.), you have given every account the same public-key authorization
file. So of course, any key listed there can access any account.
-- Richard Silverman slade@shore.net
- Next message: Bogo: "Re: Trouble with Public Key Authentication"
- Previous message: Richard E. Silverman: "Re: Trouble with Public Key Authentication"
- In reply to: Martin Schroeder: "Bug or feature?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
