Hi,
Is there a way to create logins that are only accessed via
authorized_keys so that security(8) doesn't complain about them every day?
The general goal is to disable remote root login via SSH and allow an
unprivileged "admin" user access via key files and pass phrases (and
then sudo or su).
My problem is security(8) complains about this every day:
"Login admin is off but still has a valid shell and alternate access
files in home directory are still readable."
Which, taking a look at the newly rewritten /usr/libexec/security
script, is a result of the .ssh files existing and being readable by anyone:
or check_access_file "$home/.$_", $name
foreach qw(ssh rhosts shosts klogin);
and:
nag $mode & (S_IRUSR | S_IRGRP | S_IROTH) && ! -O $filename,
It seems to me I need to learn how to make these types of logins in such
a way that security(8) doesn't whine about them; or, if that is not
possible, I will write a patch for /usr/libexec/security that works the
way I want it to and post it.
Thanks all,
Tyler
