Locking Down ssh Authorized Keys
Jun 02, 2008, 06:00 (0 Talkback[s])
"The way .ssh/authorized_keys is typically used is not secure.
Because using it securely is hard, and dumping in passwordless ssh
keys is easy. I spent about 5 hours today locking down my
"If you need to rsync multiple separate directories, it's easy
to find several documents involving a validate-rsync.sh. Do not
use, it is insecure--it allows rsync to be run with any parameters.
Including parameters that allow the remote system to rsync in a new
~/.ssh/authorized_keys. Oops. (You can probably also trick
validate-rsync.sh into running other arbitrary commands.) To be
secure, you have to check the rsync parameters against some form of