[clug] Detecting malicious former employees

steve jenkin sjenkin at canb.auug.org.au
Wed Sep 13 00:37:08 GMT 2006

Edward Lang wrote on 12/9/06 1:02 PM:
> Mikal: thanks for the tip about the SSH authorized_keys file. Remote
> commands will work even with an invalid shell? How?

ssh/sshd have two notions - interactive sessions and remote commands...
One of the differences will be a controlling tty or not.
If you want an interactive session, you need a shell.
Not sure if it checks /etc/shells.
Not sure if there is an sshd.conf option.

It's worse than just this... All you need in /etc/passwd is a username
to match and a valid, readable home directory with a readable (and
'secure') ~/.ssh/authorized_keys (et al).  You can include a
command+param in the authorized_key file against a specific key.

ssh can be specifically used on accounts not only locked, but without a
login password (i.e. not 'nothing', but an unmatchable password)

sshd can be made to disallow connections where the ~/.ssh directory is
not secure to the uid...


> Edward.

Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA

sjenkin at canb.auug.org.au http://www.canb.auug.org.au/~sjenkin

More information about the linux mailing list