Storing and deleting public keys in .ssh/authorized_keys
Louis Bertrand
Louis.Bertrand at durhamcollege.ca
Thu Jul 30 13:03:36 UTC 2020
Hi,
While reviewing the installation of Kallithea on a test server, one of our college Unix admins pointed out two issues with the way SSH public keys are saved in .ssh/authorized_keys
1) When a user is deleted from the Kallithea system, the public key is not removed from the file. The only thing stopping access through SSH is when Kallithea does not find an active user and denies the request. It seems to me that removing the public key would greatly reduce the processing done before access is refused.
2) When a user submits a public key through the Web interface, the comment at the end of the key line is not copied into the authorized_keys file. The comment should be retained to help manually manage the file, or at least identify the users at a glance. Yes, I agree that the file is managed by the system, but sometimes you need to look at it.
If you'd like, I can enter the issue in bitbucket, but at the moment it seems to be undergoing maintenance.
Thanks
--Louis
Louis Bertrand, P.Eng.
Professor, School of Science and Engineering Technology
Durham College, Oshawa ON Canada
________________________________
________________________________
This message is intended only for the named recipients. This message may contain information that is confidential or exempt from disclosure under applicable law. Any dissemination or copying of this message by anyone other than a named recipient is strictly prohibited. If you are not a named recipient or an employee or agent responsible for delivering this message to a named recipient, please notify us immediately, and permanently destroy this message and any copies you may have. Warning: Email may not be secure unless properly encrypted.
More information about the kallithea-general
mailing list