[UNCLASSIFIED]RE: [clug] Detecting malicious former employees

Alex Satrapa grail at goldweb.com.au
Tue Sep 12 03:09:16 GMT 2006

On 12 Sep 2006, at 12:47, Michael Still wrote:

> You also need to rename their .ssh/authorized_keys file, or ssh  
> will allow execution of programs (I think. I need to test this).

Ideally, you'd have some way of generating authorized_keys files  
based on known trusted keys. After all, a truly malicious  
administrator might go generating fake keys for "trusted" employees,  
eg: I could go putting my fake keys into Bob and Charli's accounts,  
so that after my account was disabled I still have SSH access to the  
system using other people's accounts.

Wow... once you start getting paranoid, security gets more and more  


More information about the linux mailing list