Mark Post wrote:
On Fri, Jul 20, 2007 at 5:54 PM, in message <[EMAIL PROTECTED]>,
Larry Ploetz <[EMAIL PROTECTED]> wrote:
-snip-
in your sshd_config file, to keep them all in one place. Then you could
allow/prevent users from updating their own authorized_keys. Or even put
all authorized keys for all users in one file (replace the "%u" with a
static file name).
I would think that this last suggestion would allow any user to log in as any
other user. Probably not a good idea.
Only if they had the corresponding key half, which was the point IIRC. I
was confused, by the way, why anyone would want to put an entry in every
users authorize_keys file to allow anyone with the other half (stated as
`root', but if anyone got a copy, then anyone) to log in as them -- why
not just su/"sudo -u" to the target userid? Why add additional potential
security holes? Not to mention confusing users with entries in their
.ssh/authorized_keys file they didn't put there, and may delete and/or
claim to have been hacked...
or maybe I misremember...
--
Carnegie Institution - At the Frontiers of Science
Larry Ploetz
Systems Administrator
Carnegie Institution of Washington
Department of Plant Biology, TAIR
650 325 1521 x 296 [EMAIL PROTECTED]
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
