[UNCLASSIFIED]RE: [clug] Detecting malicious former employees
Alex Satrapa
grail at goldweb.com.au
Tue Sep 12 03:09:16 GMT 2006
On 12 Sep 2006, at 12:47, Michael Still wrote:
> You also need to rename their .ssh/authorized_keys file, or ssh
> will allow execution of programs (I think. I need to test this).
Ideally, you'd have some way of generating authorized_keys files
based on known trusted keys. After all, a truly malicious
administrator might go generating fake keys for "trusted" employees,
eg: I could go putting my fake keys into Bob and Charli's accounts,
so that after my account was disabled I still have SSH access to the
system using other people's accounts.
Wow... once you start getting paranoid, security gets more and more
expensive!
Alex
More information about the linux
mailing list