[Bug 1394] New: SCP used to overwrite key

[bugzilla-daemon at bugzilla.mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=1394

           Summary: SCP used to overwrite key
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: scp
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: FoxDie7987 at gmail.com


Hi, I don't know if this is a bug, but I have been searching in Google
and the project's web, and I haven't found anything. I think that I
haven't found anything because my bad English, but I put this here
because I don't know what to do. I'm using an up to date Gentoo 2007.0,
with openssh 4.7-r1 (marked as stable), and ssh with a key with
passphrase. I have found that if I do an "scp key.pub
user at hostname:/home/user/.ssh/authorized_keys", scp ask me for the user
password and not for the key, so if I know the password of the user, I
can overwrite the key and get the control of that machine. I don't know
if this is a problem of my configuration (same as Gentoo default, but
without permission of root and password login), a patched version of
the Gentoo team, or of the original version. Thanks, and sorry if I'm
wrong and I have made that the person who reads this wastes his time.
Sorry also for my mistakes, as I mentioned above, I have a bad English
but I'm trying to improve it.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.