horio shoichi wrote:
>
> For ssh, users are authenticated with only RSA (i.e., no password),
Much as I hate being a terminology twerp (and possibly an
incorrect one), RSA is encryption, not authentication. The
authentication is done using the RSA encryption of a random
number.
> sshd is run from inetd with option -iq. I am not planning to allow
> any port forwarding. The users are allowed to, other than cvs tree,
> modify their own authorized_keys files directly (in other words, it's
> hard to stop this, due to the nature of ssh).
If you compile your own sshd, which does NOT look in $HOME/.ssh
but in some system-controlled place, you will have fixed this
problem. The other part of the puzzle is how they contribute
their public key, and I would suggest setting up a web form
similar to how you can submit a public key to SourceForge.net.
Regards,
Mitch.
--
| mailto:[EMAIL PROTECTED] | Not the official view of: |
| mailto:[EMAIL PROTECTED] | Australian Calculator Opn |
| Certified Linux Evangelist! | Hewlett Packard Australia |
