Wrong permissions for $HOME
Dag-Erling Smørgrav
des at des.no
Sat Nov 19 07:05:07 EST 2011
"Roman B." <rbyshko at gmail.com> writes:
> If attacker has stolen valid key, then trying to log in with this key
> will give him either a shell or the information that user directory or
> .ssh is writable (if we assume there was no other problem),
Uh, no. The only thing the attacker knows is that public-key
authentication with that particular key did not succeed. There are a
number of reasons why it would fail: there might not be a valid
authorized_keys file at all, there might be one but the key is not
listed there, it might be listed but with restrictions (e.g. "from")
which the client does not satisfy, etc.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the openssh-unix-dev
mailing list