Johannes Wüller I agree. If an attacker has write access to .ssh/authorized_keys, it's game over. This is well known by everyone and that is the point.

Most people are unaware of the things you can do with logback.xml

Since logging is so pervasive, the aim here is to prevent privileged parties from mounting an attacks. I'll expand time allowing.