Risk of StrictMode (but read only)
Is there a risk associated with having authorized_keys files set to readable but "StrictMode no"?
I am thinking particularly in the case of having public keys all centralized in a directory in /etc or something.
Is it really a potential hack vector if someone can read a public key, or is the only real danger if they were writable?
---
Don Hoover
[email]dxh@yahoo.com[/email]
_______________________________________________
openssh-unix-dev mailing list
[email]openssh-unix-dev@mindrot.org[/email]
[url]https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev[/url]
Re: Risk of StrictMode (but read only)
On Tue, Jul 15, 2008 at 07:51:00 -0700, Don Hoover wrote:[color=blue]
> Is there a risk associated with having authorized_keys files set to readable but "StrictMode no"?
>
> I am thinking particularly in the case of having public keys all centralized in a directory in /etc or something.
>
>
> Is it really a potential hack vector if someone can read a public key, or is the only real danger if they were writable?
>
> ---
> Don Hoover
> [email]dxh@yahoo.com[/email]
>[/color]
If Your OS supports POSIX ACLs, you could set an acl on each
authorized_keys file to make it readable by the user without having to
turn off StrictModes. (On Linux, you may need to supply the acl mount
option to enable POSIX ACL support.)
--
Iain Morgan
_______________________________________________
openssh-unix-dev mailing list
[email]openssh-unix-dev@mindrot.org[/email]
[url]https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev[/url]
