[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-bugs
Subject: [Bug 1394] New: SCP used to overwrite key
From: bugzilla-daemon () bugzilla ! mindrot ! org
Date: 2007-11-27 12:09:14
Message-ID: bug-1394-705 () http ! bugzilla ! mindrot ! org/
[Download RAW message or body]
https://bugzilla.mindrot.org/show_bug.cgi?id=1394
Summary: SCP used to overwrite key
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: scp
AssignedTo: bitbucket@mindrot.org
ReportedBy: FoxDie7987@gmail.com
Hi, I don't know if this is a bug, but I have been searching in Google
and the project's web, and I haven't found anything. I think that I
haven't found anything because my bad English, but I put this here
because I don't know what to do. I'm using an up to date Gentoo 2007.0,
with openssh 4.7-r1 (marked as stable), and ssh with a key with
passphrase. I have found that if I do an "scp key.pub
user@hostname:/home/user/.ssh/authorized_keys", scp ask me for the user
password and not for the key, so if I know the password of the user, I
can overwrite the key and get the control of that machine. I don't know
if this is a problem of my configuration (same as Gentoo default, but
without permission of root and password login), a patched version of
the Gentoo team, or of the original version. Thanks, and sorry if I'm
wrong and I have made that the person who reads this wastes his time.
Sorry also for my mistakes, as I mentioned above, I have a bad English
but I'm trying to improve it.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic