SSH authentication

[Gregory Boyce]

On Thu, 3 Jan 2008, Derek Martin wrote:

> My second guess would be that the permissions of your home directory
> itself have been changed to allow group or other to write there.  This
> would allow someone to remove your .ssh directory and replace it with
> a new copy with whatever authorized_keys file the attacker wants, so
> by default it's not allowed.  You mentioned .ssh and authorized_keys
> are secured, but didn't mention about your home directory.

That's what I was thinking as well, but that would cause key based auth 
to fail from ALL sources, not just a subset of them.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.