Project

General

Profile

Actions

Architecture #15094

open

authorized_keys2 could be a security risk

Added by Matthew Frost almost 5 years ago. Updated over 3 years ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Techniques
Target version:
-
Effort required:
Name check:
Fix check:
Regression:

Description

In most linux operating systems the openssh daemon will honer another file called authorized_keys2 this is not currently visible to rudder meaning it might serve as a way to bypass rudder policy enforcement of the authorized keys.

grep -r "autho" /etc/ssh/sshd_config
  1. Expect .ssh/authorized_keys2 to be disregarded by default in future.
    #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

Would it be possible to allow for the setting AuthorizedKeysFile to be adjusted from rudder or for rudder to manage the authorized_keys2 file?

Thanks!

Actions #1

Updated by Alexis Mousset over 4 years ago

  • Category set to Techniques
Actions #2

Updated by Nicolas CHARLES over 4 years ago

  • Target version set to 5.0.13
Actions #3

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.13 to 5.0.14
Actions #4

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.14 to 5.0.15
Actions #5

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.15 to 5.0.16
Actions #6

Updated by Alexis Mousset about 4 years ago

  • Target version changed from 5.0.16 to 5.0.17
Actions #7

Updated by Vincent MEMBRÉ almost 4 years ago

  • Target version changed from 5.0.17 to 5.0.18
Actions #8

Updated by Benoît PECCATTE almost 4 years ago

  • Target version changed from 5.0.18 to 6.2.0~beta1
Actions #9

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.2.0~beta1 to 6.2.0~rc1
Actions #10

Updated by François ARMAND over 3 years ago

  • Target version deleted (6.2.0~rc1)
Actions

Also available in: Atom PDF