[Bug 758] if authorized keys exchanged, regular user can gain

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Nov 14 11:59:02 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=758





------- Additional Comments From jason at devrandom.org  2003-11-13 17:59 -------
I can't reproduce this on Linux (Redhat 9, Fedora Core1 and Gentoo) at all:

jason at sith jason $ pwd
/home/jason
jason at sith jason $ id
uid=500(jason) gid=100(users) groups=100(users),10(wheel)
jason at sith jason $ su -
Password:
sith root # cd .ssh/
sith .ssh # ls
known_hosts
sith .ssh # ssh-keygen -b 2048 -t dsa
sith .ssh # ls
id_dsa  id_dsa.pub  known_hosts
sith .ssh # scp id_dsa.pub root at banshee:/root
root at banshee's password:
id_dsa.pub                                    100% 1111     0.0KB/s   00:00
sith .ssh # exit



[root at banshee root]# ls
anaconda-ks.cfg  id_dsa.pub  install.log  install.log.syslog  mail  sslcert
[root at banshee root]# cat id_dsa.pub >> .ssh/authorized_keys2
[root at banshee root]#


jason at sith jason $ ssh root at banshee
root at banshee's password:
Last login: Thu Nov 13 19:45:03 2003 from sith.devrandom.org
[root at banshee root]#


Are you sure you're not somehow still logged in as root or have root's key
somehow stored in your SSH Agent?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list