[Bug 758] if authorized keys exchanged, regular user can gain
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Nov 14 09:29:59 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=758
Summary: if authorized keys exchanged, regular user can gain
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: ix86
URL: http://www.mainelinesys.com
OS/Version: Linux
Status: NEW
Severity: security
Priority: P2
Component: ssh
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: curtis at maurand.com
If an authorized key (~/.ssh/authorized_keys2) for root on one machine has been exchanged to
another machine and a normal user issues, from the first machine, ssh -l root machine2, The
normal user on machine one will be logged in as root on machine2.
Steps to recreate:
On Machine #1:
1. Make yourself root
2. ssh-keygen -b 2048 -t dsa
3. scp .ssh/id_dsa.pub root at machine2:/root (you must enter a password at this point)
4. exit the root shell to normal shell
On Machine #2:
1. Make yourself root
2. cat id_dsa.pub >>.ssh/authorized_keys2
3. logout
On Machine #1:
(note, you should be a normal user now.)
1. ssh -l root machine2
2. You are now logged into machine #2 as root without entering a password.
Thought you should know this. I tested between 2 RedHat 9.0 machines.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list