This is the mail archive of the cygwin@sourceware.cygnus.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

No this has a nasty bite

To: "Cygwin" <cygwin at sourceware dot cygnus dot com>
Subject: No this has a nasty bite
From: "Prentis Brooks" <prentis at aol dot net>
Date: Fri, 26 May 2000 13:45:37 -0400

Alright, this is a problem... Corinna, if you happen to have a quick
solution before I start trying to dig around in the source, please let me
know.

Here is the problem:

You have RSA Authentication enabled and running as user foo on port 22.  You
have another Daemon running SSH with password authentication on port 26.  If
user bar sets up RSA keys in his/her home directory and then connects to
port 22, it will authenticate him/her via the keys in bar's home directory
and then promptly drop them to the shell as foo... this is bad.


Any ideas on how to:

1) Identify who the RSA enabled process is running under
2) Once one is known, ensure that the user coming in is the user we are
running under, rejecting if not.

Prentis


--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com

Follow-Ups:
- [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite]
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]