From owner-freebsd-security  Wed Jan 26 11:19:20 2000
Delivered-To: freebsd-security@freebsd.org
Received: from security1.noc.flyingcroc.net (security1.noc.flyingcroc.net [207.246.128.54])
	by hub.freebsd.org (Postfix) with ESMTP id 5DAA2151E2
	for <security@freebsd.org>; Wed, 26 Jan 2000 11:19:18 -0800 (PST)
	(envelope-from todd@flyingcroc.net)
Received: from localhost (todd@localhost)
	by security1.noc.flyingcroc.net (8.9.3/8.9.3) with ESMTP id LAA60632
	for <security@freebsd.org>; Wed, 26 Jan 2000 11:18:53 -0800 (PST)
	(envelope-from todd@flyingcroc.net)
X-Authentication-Warning: security1.noc.flyingcroc.net: todd owned process doing -bs
Date: Wed, 26 Jan 2000 11:18:53 -0800 (PST)
From: Todd Backman <todd@flyingcroc.net>
X-Sender: todd@security1.noc.flyingcroc.net
To: security@freebsd.org
Subject: root authorized_keys ignore?
Message-ID: <Pine.BSF.4.10.10001261111260.58696-100000@security1.noc.flyingcroc.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Greetings.

I have checked the man pages for both ssh and sshd as well as cheking the
archives and cannot answer this question:

Is there any way to get sshd to ignore root's authorized_keys? (disallow
the practice of putting the private key on another sever to allow for
passwordless entry)

I would still like to allow this on our servers for non-root accts but *DO
NOT* want to allow it for root...

Any hits with the clue bat?

Thanks.

- Todd



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message