[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-bugs
Subject:    [Bug 1394] New: SCP used to overwrite key
From:       bugzilla-daemon () bugzilla ! mindrot ! org
Date:       2007-11-27 12:09:14
Message-ID: bug-1394-705 () http ! bugzilla ! mindrot ! org/
[Download RAW message or body]

https://bugzilla.mindrot.org/show_bug.cgi?id=1394

           Summary: SCP used to overwrite key
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: scp
        AssignedTo: bitbucket@mindrot.org
        ReportedBy: FoxDie7987@gmail.com


Hi, I don't know if this is a bug, but I have been searching in Google
and the project's web, and I haven't found anything. I think that I
haven't found anything because my bad English, but I put this here
because I don't know what to do. I'm using an up to date Gentoo 2007.0,
with openssh 4.7-r1 (marked as stable), and ssh with a key with
passphrase. I have found that if I do an "scp key.pub
user@hostname:/home/user/.ssh/authorized_keys", scp ask me for the user
password and not for the key, so if I know the password of the user, I
can overwrite the key and get the control of that machine. I don't know
if this is a problem of my configuration (same as Gentoo default, but
without permission of root and password login), a patched version of
the Gentoo team, or of the original version. Thanks, and sorry if I'm
wrong and I have made that the person who reads this wastes his time.
Sorry also for my mistakes, as I mentioned above, I have a bad English
but I'm trying to improve it.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic