[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] ssh authorized_keys problem on cobalt raq4r

Subject: Re: [cobalt-security] ssh authorized_keys problem on cobalt raq4r
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: 21 Jan 2003 11:59:46 +0300
Organization:
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Mon, 2003-01-20 at 18:06, Christoph Jäger wrote:
> Hi all!
> 
> OpenSSH Release 3.4p1-PM4 from pkgmaster.com
> 
> Today I just tried to ssh-login to the box authorized_keys. I just
> have a "small" problem here: with user root it is working fine, but
> with all other users it is not working. I created the dir in the home
> dir and placed pub key into authorized_keys:
> /home/sites/siteXX/users/USERNAME/.ssh/authorized_keys
> 
> At login the box is always asking for the users password - it's not the
> key's password it's the users pwd. I also compared the configs it with my other
> servers (no cobalt), and I didn't found some reasonable differences.
> 
> Some cobalt hole? Some special config?

It's Cobalt "speciality".  Home dirs of users are created
group-writable, which is considered insecure by ssh (other user in your
group is able to replace .ssh in your home with the one containing her
authorized_keys and thus steal your identity).

Manually "chmod g-w $HOME" and you'll be able to login.

Eugene

Follow-Ups:
- Re[2]: [cobalt-security] ssh authorized_keys problem on cobalt raq4r
  - From: Christoph Jäger

References:
- [cobalt-security] ssh authorized_keys problem on cobalt raq4r
  - From: Christoph Jäger

Prev by Date: Re: [cobalt-security] Bug-Travel
Next by Date: Re[2]: [cobalt-security] ssh authorized_keys problem on cobalt raq4r
Previous by thread: [cobalt-security] ssh authorized_keys problem on cobalt raq4r
Next by thread: Re[2]: [cobalt-security] ssh authorized_keys problem on cobalt raq4r

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index