ssh server configuration - Are public key and password exclusive?
William Muriithi
william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Jan 13 21:17:47 UTC 2012
>
> Relying on .ssh/authorized_keys is probably only maintainable using
> something like puppet or cfengine. Otherwise, that certainly won't
> scale.
It can scale if all the servers have a shared home directory and home
directories
>Also, if the user can change the contents of that file, whatever
> commands are being enforced there can be bypassed. Better to use
> ForceCommand in sshd_config.
I think I do not understand, how would the user change authorized_keys
without authenticating first? And if he/she change it after
authenticating, why should it be of concern? I am suspecting though I
may have misread your response and wonder if you can explain further?
>
William
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list