[ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite]
Prentis Brooks
prentis@aol.net
Sat May 27 20:58:00 GMT 2000
Thanks Corinna,
I will not be in the office until Tuesday (Memorial Day holiday here in the
US). At that time I will apply your updated binaries and continue from
there. Also, I quickly glanced through the diff file but did not see how
you corrected this... or at least you corrected it in a way completely
different from what I was looking to do. Would you mind telling me how you
solved the problem of unauthorized access to a another account?
(specifically, being able to login to RSA enabled SSHD eventhough your RSA
key is not part of that SSHD's user's authorized_key file.)
-----Original Message-----
From: corinna@snoopy.vinschen.de [ mailto:corinna@snoopy.vinschen.de]On
Behalf Of Corinna Vinschen
Sent: Saturday, May 27, 2000 5:35 PM
To: Prentis Brooks
Cc: Cygwin
Subject: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a
nasty bite]
Prentis Brooks wrote:
> You have RSA Authentication enabled and running as user foo on port 22.
You
> have another Daemon running SSH with password authentication on port 26.
If
> user bar sets up RSA keys in his/her home directory and then connects to
> port 22, it will authenticate him/her via the keys in bar's home directory
> and then promptly drop them to the shell as foo... this is bad.
Should be solved in my new version. You will find it in
ftp://ftp.franken.de/pub/win32/develop/gnuwin32/cygwin/porters/Vinschen_Cori
nna/V1.1.1
files
openssh-1.2.2-2.README
openssh-1.2.2-2.tar.gz
openssh-1.2.2-2.diff
Have fun,
Corinna
--
Corinna Vinschen
Cygwin Developer
Cygnus Solutions, a Red Hat company
--
Want to unsubscribe from this list?
Send a message to cygwin-unsubscribe@sourceware.cygnus.com
More information about the Cygwin
mailing list