Introduce the notion of /etc/ssh/authorized_keys/ being a sane location to put keys when using sshd's AuthorizedKeysFile to move public keyfiles out of user directories. If /etc/ssh/authorized_keys exists, check that users can't tamper with their root-controlled public keys. Index: etc/security =================================================================== RCS file: /var/ocvs/src/etc/security,v retrieving revision 1.77 diff -u -r1.77 security --- etc/security 31 Oct 2006 01:38:22 -0000 1.77 +++ etc/security 1 Oct 2007 20:50:11 -0000 @@ -432,6 +427,22 @@ cat $OUTPUT fi +# If users' SSH keys are in /etc/ssh/authorized_keys/, assume they +# were moved out of ~/.ssh for a reason and complain if any are user-writable. +if [ -d /etc/ssh/authorized_keys ] ; then + ls -l /etc/ssh/authorized_keys | sed 1d | \ + awk '$3 != "root" \ + { print "/etc/ssh/authorized_keys/"$9 " is not owned by root"} + $4 != "wheel" \ + { print "/etc/ssh/authorized_keys/"$9 " is not group wheel"} + $1 != "-rw-r--r--" && $1 != "-rw-------" \ + { print "/etc/ssh/authorized_keys/"$9 " is " $1 ", group " $4 }' > $OUTPUT + if [ -s $OUTPUT ] ; then + echo "\nChecking /etc/ssh/authorized_keys ownership." + cat $OUTPUT + fi +fi + # File systems should not be globally exported. if [ -s /etc/exports ] ; then awk '{ Index: usr.bin/ssh/sshd_config.5 =================================================================== RCS file: /var/ocvs/src/usr.bin/ssh/sshd_config.5,v retrieving revision 1.77 diff -u -r1.77 sshd_config.5 --- usr.bin/ssh/sshd_config.5 8 Jun 2007 07:48:09 -0000 1.77 +++ usr.bin/ssh/sshd_config.5 1 Oct 2007 21:03:39 -0000 @@ -156,6 +156,9 @@ .Cm AuthorizedKeysFile is taken to be an absolute path or one relative to the user's home directory. +Certain auditing requirements may be met by placing users' public keys +in a read-only location such as +.Dq /etc/ssh/authorized_keys/%u . The default is .Dq .ssh/authorized_keys . .It Cm Banner