This is the mail archive of the
cygwin@sourceware.cygnus.com
mailing list for the Cygwin project.
No this has a nasty bite
- To: "Cygwin" <cygwin at sourceware dot cygnus dot com>
- Subject: No this has a nasty bite
- From: "Prentis Brooks" <prentis at aol dot net>
- Date: Fri, 26 May 2000 13:45:37 -0400
Alright, this is a problem... Corinna, if you happen to have a quick
solution before I start trying to dig around in the source, please let me
know.
Here is the problem:
You have RSA Authentication enabled and running as user foo on port 22. You
have another Daemon running SSH with password authentication on port 26. If
user bar sets up RSA keys in his/her home directory and then connects to
port 22, it will authenticate him/her via the keys in bar's home directory
and then promptly drop them to the shell as foo... this is bad.
Any ideas on how to:
1) Identify who the RSA enabled process is running under
2) Once one is known, ensure that the user coming in is the user we are
running under, rejecting if not.
Prentis
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com