Bugtraq mailing list archives
Re: SSH 1.x and 2.x Daemon
From: jr () SCMS RGU AC UK (John RIddoch)
Date: Tue, 26 Jan 1999 09:25:36 +0000
Furthermore, if the account is disabled in /etc/passwd and a user logs in via a public key, they are still allowed access. (So just diabling a user account is not enough anymore. You have to look for uses of public keys as well.)
You get the same effect if a user has ~/.rhosts file using rsh/rlogin
This may not exist in the 2.x series (I have not tested it there), but it does occur in the 1.2.x series. (I have not tested the latest version on this...) I would verify the above before panic, but I have seen it occur under one such install of 1.2.x. (I will have to look up the version. The drive was removed soon after due to hacker d00dz.)
I can verify that using keys and ssh-agent under ssh-2.0.11 (Sparc Solaris 2.6) allows login if the (NIS) account has been disabled. However, this is no less or greater a problem than the .rhosts file. There are tools to detect for .rhosts files in disabled accounts; perhaps the writers of those scripts might be able to add a check for public keys under ssh? -- John Riddoch Email: jr () scms rgu ac uk Telephone: (01224)262730 Room C4, School of Computer and Mathematical Science Robert Gordon University, Aberdeen, AB25 1HG "Yoda of Borg are we: Futile is resistance. Assimilate you, we will"
Current thread:
- Re: SSH 1.x and 2.x Daemon John RIddoch (Jan 26)