From owner-freebsd-security Fri Jan 28 10:31:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from foobar.franken.de (foobar.franken.de [194.94.249.81]) by hub.freebsd.org (Postfix) with ESMTP id E89EA15B61 for ; Fri, 28 Jan 2000 10:30:58 -0800 (PST) (envelope-from logix@foobar.franken.de) Received: (from logix@localhost) by foobar.franken.de (8.8.8/8.8.5) id TAA00536; Fri, 28 Jan 2000 19:30:32 +0100 (CET) Message-ID: <20000128193032.A457@foobar.franken.de> Date: Fri, 28 Jan 2000 19:30:32 +0100 From: Harold Gutch To: Dag-Erling Smorgrav , Todd Backman Cc: security@FreeBSD.ORG Subject: Re: root authorized_keys ignore? References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Dag-Erling Smorgrav on Fri, Jan 28, 2000 at 01:44:45PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Jan 28, 2000 at 01:44:45PM +0100, Dag-Erling Smorgrav wrote: > Todd Backman writes: > > Is there any way to get sshd to ignore root's authorized_keys? (disallow > > the practice of putting the private key on another sever to allow for > > passwordless entry) > > # cd /root/.ssh > # rm -f authorized_keys > # ln -s /dev/null authorized_keys Whoever has the rights to _create_ /root/.ssh/authorized_keys will have the rights to remove that symlink and create the file again. Unless of course you "chflags sunlnk" it and have a default-securelevel of 1 or higher. bye, Harold -- Someone should do a study to find out how many human life spans have been lost waiting for NT to reboot. Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message