Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs

Partner Sites
JustLinux.com
Linux Planet
PHPBuilder
Technology Jobs

Top White Papers

Current Newswire:

More on LinuxToday

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume

Locking Down ssh Authorized Keys

Jun 02, 2008, 06:00 (0 Talkback[s])

"The way .ssh/authorized_keys is typically used is not secure. Because using it securely is hard, and dumping in passwordless ssh keys is easy. I spent about 5 hours today locking down my authorized_keys.

"If you need to rsync multiple separate directories, it's easy to find several documents involving a validate-rsync.sh. Do not use, it is insecure--it allows rsync to be run with any parameters. Including parameters that allow the remote system to rsync in a new ~/.ssh/authorized_keys. Oops. (You can probably also trick validate-rsync.sh into running other arbitrary commands.) To be secure, you have to check the rsync parameters against some form of whitelist..."

Complete Story

Related Stories: