Date: Wed, 26 Jan 2000 13:37:44 -0600 From: Brad Guillory <round@baileylink.net> To: Todd Backman <todd@flyingcroc.net> Cc: security@freebsd.org Subject: Re: root authorized_keys ignore? Message-ID: <20000126133744.D86303@baileylink.net> In-Reply-To: <Pine.BSF.4.10.10001261111260.58696-100000@security1.noc.flyingcroc.net>; from todd@flyingcroc.net on Wed, Jan 26, 2000 at 11:18:53AM -0800 References: <Pine.BSF.4.10.10001261111260.58696-100000@security1.noc.flyingcroc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Todd, I probably don't have the answer that you want but I figured that I would ramble on a bit: If this were a configurable option it would not gain you much. Anyone that would have root write permissions can change the configuration file. I would suggest that you make a ~root/.ssh directory and associated files and mark them and the directory all immutable. This would afford you just as much protection, even more so if you ran at secure level where root user can not change these flags. Hope that this stirs some thoughts, BMG On Wed, Jan 26, 2000 at 11:18:53AM -0800, Todd Backman wrote: > > Greetings. > > I have checked the man pages for both ssh and sshd as well as cheking the > archives and cannot answer this question: > > Is there any way to get sshd to ignore root's authorized_keys? (disallow > the practice of putting the private key on another sever to allow for > passwordless entry) > > I would still like to allow this on our servers for non-root accts but *DO > NOT* want to allow it for root... > > Any hits with the clue bat? > > Thanks. > > - Todd > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000126133744.D86303>