[clug] Detecting malicious former employees
sjenkin at canb.auug.org.au
Wed Sep 13 00:37:08 GMT 2006
Edward Lang wrote on 12/9/06 1:02 PM:
> Mikal: thanks for the tip about the SSH authorized_keys file. Remote
> commands will work even with an invalid shell? How?
ssh/sshd have two notions - interactive sessions and remote commands...
One of the differences will be a controlling tty or not.
If you want an interactive session, you need a shell.
Not sure if it checks /etc/shells.
Not sure if there is an sshd.conf option.
It's worse than just this... All you need in /etc/passwd is a username
to match and a valid, readable home directory with a readable (and
'secure') ~/.ssh/authorized_keys (et al). You can include a
command+param in the authorized_key file against a specific key.
ssh can be specifically used on accounts not only locked, but without a
login password (i.e. not 'nothing', but an unmatchable password)
sshd can be made to disallow connections where the ~/.ssh directory is
not secure to the uid...
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA
sjenkin at canb.auug.org.au http://www.canb.auug.org.au/~sjenkin
More information about the linux