We still haven’t been told for sure that this really is a problem ~ that hackers who get arbitrary code access can silently install passwordless logins (and I would have thought that if it is a problem, we should already have heard more about it)
But as nobody is saying that it’s not a problem, I’ll assume that it is, and go ahead with the discussion anyway.
What I’m going to say may provoke disagreement, since there are people here who argue that Dreamhost has no responsibility to do things that users can do for themselves.
But the key point is that the people who most need help with security checking are the people who are least able to do it for themselves.
The git-based solution suggested above is not good because the people who most need it are not able to, and not likely to become able to, implement it.
Here, in contrast, is a simple and systematic solution that could be applied by Dreamhost to solve the problem for everyone.
There’s nothing secret about the public part of an rsa key pair, so anyone who sets up for themselves a passwordless login could upload the public part of their key into a Dreamhost panel.
Dreamhost could then, as part of its regular security-checking, check periodically that .ssh folders contain only keys that have have been uploaded into the panel.
I’ve looked in to the files in my .ssh folders and they are all in ascii text, so presumably we could write scripts to do this kind of checking ourselves. But it would be much better if Dreamhost did it, as then (a) it would be done correctly and (b) the problem would be solved for everybody.