I administer a system where the only way to login between trusted hosts is via ssh. This is fine apart from it is possible to set up id key files in the user's .ssh directory that get used on a challenge response basis so that if the machines at both ends have the same key files, the user can log in without typing in a password.
Is there anyway to stop this from a system's point of view? I have had a look in /etc/ssh/sshd_config but there doesn't seem to be anything that relates to this precise scenario.
The reason why I want to do this is so that I can share out home directories to a few `semi-trusted' hosts without a user on that system assuming t he identity of another user, getting a hold of their id files and then obtaining access to the other systems as that user. Telnet and rsh/rlogin et al have all been disabled.