[Bug 758] if authorized keys exchanged, regular user can gain

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Nov 14 09:29:59 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=758

           Summary: if authorized keys exchanged, regular user can gain
           Product: Portable OpenSSH
           Version: 3.6.1p2
          Platform: ix86
               URL: http://www.mainelinesys.com
        OS/Version: Linux
            Status: NEW
          Severity: security
          Priority: P2
         Component: ssh
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: curtis at maurand.com


If an authorized key (~/.ssh/authorized_keys2) for root on one machine has been exchanged to 
another machine and a normal user issues, from the first machine, ssh -l root machine2, The 
normal user on machine one will be logged in as root on machine2. 
 
Steps to recreate: 
On Machine #1: 
1. 	Make yourself root 
2.	ssh-keygen -b 2048 -t dsa 
3.	scp .ssh/id_dsa.pub root at machine2:/root (you must enter a password at this point) 
4.	exit the root shell to normal shell 
 
On Machine #2: 
1.	Make yourself root 
2.	cat id_dsa.pub >>.ssh/authorized_keys2 
3.	logout 
 
On Machine #1: 
(note, you should be a normal user now.) 
1.	ssh -l root machine2 
2.  	You are now logged into machine #2 as root without entering a password. 
 
Thought you should know this.  I tested between 2 RedHat 9.0 machines.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list