[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: [cobalt-security] ssh authorized_keys problem on cobalt raq4r
- Subject: Re[2]: [cobalt-security] ssh authorized_keys problem on cobalt raq4r
- From: Christoph Jäger <christoph.jaeger@xxxxxxxxx>
- Date: Tue, 21 Jan 2003 10:48:23 +0100
- Organization: abaton EDV Dienstleistungs GmbH
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Eugene!
Made the trick, but I have still the same problem. The key is there
and everithing is just working as root. This is a putty-win snip, but the
same msg'S from *UX servers.
--- snip ---
Looking up host "HOSTNAME"
Connecting to 000.000.000.000 port 22
Server version: SSH-1.99-OpenSSH_3.4p1
We claim version: SSH-1.5-PuTTY-Release-0.53
Using SSH protocol version 1
Received public keys
Host key fingerprint is:
1024 33:6c:09:da:d7:a9:db:ce:10:78:59:63:2c:46:2b:54
Encrypted session key
Using 3DES encryption
Trying to enable encryption...
Successfully started encryption
Sent username "USER"
Pageant is running. Requesting keys.
Pageant has 1 SSH1 keys
Trying Pageant key #0
This key matches configured key file
Key refused
USER@HOSTNAME's password:
--- snip ---
thx, christoph jäger
--------------------
On Mon, 2003-01-20 at 18:06, Christoph Jäger wrote:
> Hi all!
>
> OpenSSH Release 3.4p1-PM4 from pkgmaster.com
>
> Today I just tried to ssh-login to the box authorized_keys. I just
> have a "small" problem here: with user root it is working fine, but
> with all other users it is not working. I created the dir in the home
> dir and placed pub key into authorized_keys:
> /home/sites/siteXX/users/USERNAME/.ssh/authorized_keys
>
> At login the box is always asking for the users password - it's not the
> key's password it's the users pwd. I also compared the configs it with my other
> servers (no cobalt), and I didn't found some reasonable differences.
>
> Some cobalt hole? Some special config?
It's Cobalt "speciality". Home dirs of users are created
group-writable, which is considered insecure by ssh (other user in your
group is able to replace .ssh in your home with the one containing her
authorized_keys and thus steal your identity).
Manually "chmod g-w $HOME" and you'll be able to login.
Eugene
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security