Tobias Ulmer wrote on Sun, Feb 21, 2010 at 12:56:48PM +0100: > On Sun, Feb 21, 2010 at 12:19:47PM +0100, Ingo Schwarze wrote: > > Tobias Ulmer wrote on Sun, Feb 21, 2010 at 02:36:43AM +0100: >>> I've got a bunch of "users" with no password/no way to log in, just to >>> keep services tidy and separated. Some of these have to connect to ssh >>> servers, therefore they require a .ssh/known_hosts. /etc/security thinks >>> this is a security risk and complains about it every night...
>> I think the basic idea makes sense. >> >> The file name still in use for backward compatibility, >> ".ssh/authorized_keys2", >> is obviously missing form the patch, though. > Oh fsck, where's that file documented? I was looking at sshd(8) which I > thought should be authoritative about these kind of things. A quick grep > through /usr/share/man has 0 matches. It *was* documented in sshd(8) from rev. 1.44 (2000/05/03) until rev. 1.129 (2001/06/22), when it became obsolete. The commit message removing it was (by markus@): merge authorized_keys2 into authorized_keys. authorized_keys2 is used for backward compat. (just append authorized_keys2 to authorized_keys). All the same, it is still in use for backward compatibility. For details, look at $ grep -RF authorized_keys_file2 /usr/src/usr.bin/ssh in particular file auth2-pubkey.c, function user_key_allowed().