[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] ssh authorized_keys problem on cobalt raq4r
- Subject: Re: [cobalt-security] ssh authorized_keys problem on cobalt raq4r
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: 21 Jan 2003 11:59:46 +0300
- Organization:
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Mon, 2003-01-20 at 18:06, Christoph Jäger wrote:
> Hi all!
>
> OpenSSH Release 3.4p1-PM4 from pkgmaster.com
>
> Today I just tried to ssh-login to the box authorized_keys. I just
> have a "small" problem here: with user root it is working fine, but
> with all other users it is not working. I created the dir in the home
> dir and placed pub key into authorized_keys:
> /home/sites/siteXX/users/USERNAME/.ssh/authorized_keys
>
> At login the box is always asking for the users password - it's not the
> key's password it's the users pwd. I also compared the configs it with my other
> servers (no cobalt), and I didn't found some reasonable differences.
>
> Some cobalt hole? Some special config?
It's Cobalt "speciality". Home dirs of users are created
group-writable, which is considered insecure by ssh (other user in your
group is able to replace .ssh in your home with the one containing her
authorized_keys and thus steal your identity).
Manually "chmod g-w $HOME" and you'll be able to login.
Eugene