New ask Hacker News story: Ask HN: Avoid Manipulation of .ssh/Authorized_keys

Ask HN: Avoid Manipulation of .ssh/Authorized_keys
6 by mpaepper | 3 comments on Hacker News.
Recently I asked the question how you handle ssh keys of your teams: https://ift.tt/30X2rde I received many good ideas of how to do this, in particular to use signed certificates instead of public-private keys. One big question remains for me: how do you avoid that users who get access via a certificate to a server, simply add a public key to .ssh/authorized_keys and then can access the server also without a certificate from then on? If a user has root access via the certificate on a server, they could always manipulate that, right?

Comments