[Bug 1394] New: SCP used to overwrite key
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Nov 27 23:09:14 EST 2007
https://bugzilla.mindrot.org/show_bug.cgi?id=1394
Summary: SCP used to overwrite key
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: scp
AssignedTo: bitbucket at mindrot.org
ReportedBy: FoxDie7987 at gmail.com
Hi, I don't know if this is a bug, but I have been searching in Google
and the project's web, and I haven't found anything. I think that I
haven't found anything because my bad English, but I put this here
because I don't know what to do. I'm using an up to date Gentoo 2007.0,
with openssh 4.7-r1 (marked as stable), and ssh with a key with
passphrase. I have found that if I do an "scp key.pub
user at hostname:/home/user/.ssh/authorized_keys", scp ask me for the user
password and not for the key, so if I know the password of the user, I
can overwrite the key and get the control of that machine. I don't know
if this is a problem of my configuration (same as Gentoo default, but
without permission of root and password login), a patched version of
the Gentoo team, or of the original version. Thanks, and sorry if I'm
wrong and I have made that the person who reads this wastes his time.
Sorry also for my mistakes, as I mentioned above, I have a bad English
but I'm trying to improve it.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list