[Bug 758] if authorized keys exchanged, regular user can gain
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Nov 14 11:59:02 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=758
------- Additional Comments From jason at devrandom.org 2003-11-13 17:59 -------
I can't reproduce this on Linux (Redhat 9, Fedora Core1 and Gentoo) at all:
jason at sith jason $ pwd
/home/jason
jason at sith jason $ id
uid=500(jason) gid=100(users) groups=100(users),10(wheel)
jason at sith jason $ su -
Password:
sith root # cd .ssh/
sith .ssh # ls
known_hosts
sith .ssh # ssh-keygen -b 2048 -t dsa
sith .ssh # ls
id_dsa id_dsa.pub known_hosts
sith .ssh # scp id_dsa.pub root at banshee:/root
root at banshee's password:
id_dsa.pub 100% 1111 0.0KB/s 00:00
sith .ssh # exit
[root at banshee root]# ls
anaconda-ks.cfg id_dsa.pub install.log install.log.syslog mail sslcert
[root at banshee root]# cat id_dsa.pub >> .ssh/authorized_keys2
[root at banshee root]#
jason at sith jason $ ssh root at banshee
root at banshee's password:
Last login: Thu Nov 13 19:45:03 2003 from sith.devrandom.org
[root at banshee root]#
Are you sure you're not somehow still logged in as root or have root's key
somehow stored in your SSH Agent?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list