Update of authorized keys with SSH access
If someone create two (or more) accounts for the same client (for example clientuser1 and clientuser2), they have the same authorized keys updated by ispconfig.
I think that a user can put a key in the authorized keys and if his account is deleted then this user can use another login to connect again. For example if clientuser2 is deleted, it can do "ssh clientuser1@host" and login again. But this is a little problem because they have the same homedir, clientuser2 can do anything in the account (key logger or other thing). The second problem is that there is a responsability problem if they have the same uid/gid.
- Users should have separated accounts (i know the problem with managing ACL after that)
Edited by Thom