Date: Fri, 28 Jan 2000 19:30:32 +0100 From: Harold Gutch <logix@foobar.franken.de> To: Dag-Erling Smorgrav <des@flood.ping.uio.no>, Todd Backman <todd@flyingcroc.net> Cc: security@FreeBSD.ORG Subject: Re: root authorized_keys ignore? Message-ID: <20000128193032.A457@foobar.franken.de> In-Reply-To: <xzpzotqxt4y.fsf@flood.ping.uio.no>; from Dag-Erling Smorgrav on Fri, Jan 28, 2000 at 01:44:45PM %2B0100 References: <Pine.BSF.4.10.10001261111260.58696-100000@security1.noc.flyingcroc.net> <xzpzotqxt4y.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 28, 2000 at 01:44:45PM +0100, Dag-Erling Smorgrav wrote:
> Todd Backman <todd@flyingcroc.net> writes:
> > Is there any way to get sshd to ignore root's authorized_keys? (disallow
> > the practice of putting the private key on another sever to allow for
> > passwordless entry)
>
> # cd /root/.ssh
> # rm -f authorized_keys
> # ln -s /dev/null authorized_keys
Whoever has the rights to _create_ /root/.ssh/authorized_keys
will have the rights to remove that symlink and create the file
again. Unless of course you "chflags sunlnk" it and have a
default-securelevel of 1 or higher.
bye,
Harold
--
Someone should do a study to find out how many human life spans have
been lost waiting for NT to reboot.
Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000128193032.A457>