On Thu, Jul 12, 2007 at 01:47:08PM -0400, Roberto C. Sánchez wrote: > On Thu, Jul 12, 2007 at 10:32:28AM -0700, Andrew Sackville-West wrote: > > > > genuine question here: why would anyone do that when they could use > > proper groups and proper permissions to allow the right users access > > to the right stuff? What happens if one of the several users with the > > ssh keys dropped in the same account is somehow compromised? THat > > means the whole account is compromised and *everyone else* who has > > their key dropped in there is compromised: what are the implications > > of that? And then the admin has to figure who is > > compromised and restructure the whole thing instead of just deleting > > the one problem user. > > > > A > > That is not correct. Only the public part of the key is compromised, > which gets you precisely nothing. Now, if the *private* part of the key > were compromised (along with its passphrase), then you have a legitimate > concern. okay, got it. But I still fail to see the advantages of allowing multiple people access to the same account like this. Obviously its vastly easier to set up, but it seems like its asking for trouble. Logs will say user foo, logged in at 12:34 and did this, but which of any number of people was behind that user foo login? A
Attachment:
signature.asc
Description: Digital signature