Geoff Wing wrote:
> Christos Zoulas <christos@tac.gw.com> typed:
> :>> On Sun, Mar 13, 2005 at 06:33:18PM +0000, dieter wrote:
> :>>> Suddenly, identities in ~/.ssh work in 2 directions; not only to login
> :>>> some place else, but also to authenticate from remote on the local
> :>>> machine, regardless the contents of authorized_keys.
> : Why is everyone jumping the gun? I just tried it and it works fine for
> : me. Can someone explain what the problem is? I commented out all my
> : authorized keys entries and sshd did not let me in anymore.
> 
> I can't reproduce this.  I haven't seen anyone other than the initial
> person indicate that this occured for him/her.

1.  Install a fully PAM-enabled current, with an up to date copy of 
/etc/pam.d/sshd

2.  # echo "UsePam yes" >> /etc/ssh/sshd_config

3.  $ mv $HOME/.ssh $HOME/.ssh_save

4.  $ ssh-keygen -t dsa -N "" -f $HOME/.ssh/id_dsa

5.  $ ssh -l `whoami` localhost

6.  Enter any garbage you like as the password and notice that you are 
logged in successfully.

Clean up and secure your system...

7.  Log out

8.  $ rm -rf $HOME/.ssh && mv $HOME/.ssh_save $HOME/.ssh

9.  # ed /etc/pam.d/sshd
/pam_ssh
s/^/#/
w
q

10. $ ssh -l `whoami` localhost

11. Enter garbage for the password and make sure the login is denied.

Hope that helps you reproduce it.  Please note that it has nothing to do 
with "authorized_keys" since no authorized_keys file is present in my 
example.

-- 
entropy -- it's not just a good idea, it's the second law.