[9236] in bugtraq
Re: SSH 1.x and 2.x Daemon
daemon@ATHENA.MIT.EDU (John RIddoch)
Tue Jan 26 16:09:07 1999
Date: Tue, 26 Jan 1999 09:25:36 +0000
Reply-To: John Riddoch <jr@master.scms.rgu.ac.uk>
From: John RIddoch <jr@SCMS.RGU.AC.UK>
To: BUGTRAQ@NETSPACE.ORG
>Furthermore, if the account is disabled in /etc/passwd and a user logs in
>via a public key, they are still allowed access. (So just diabling a user
>account is not enough anymore. You have to look for uses of public keys as
>well.)
You get the same effect if a user has ~/.rhosts file using rsh/rlogin
>This may not exist in the 2.x series (I have not tested it there), but it
>does occur in the 1.2.x series. (I have not tested the latest version on
>this...)
>
>I would verify the above before panic, but I have seen it occur under one
>such install of 1.2.x. (I will have to look up the version. The drive was
>removed soon after due to hacker d00dz.)
I can verify that using keys and ssh-agent under ssh-2.0.11 (Sparc Solaris
2.6) allows login if the (NIS) account has been disabled.
However, this is no less or greater a problem than the .rhosts file. There
are tools to detect for .rhosts files in disabled accounts; perhaps the
writers of those scripts might be able to add a check for public keys under
ssh?
--
John Riddoch Email: jr@scms.rgu.ac.uk Telephone: (01224)262730
Room C4, School of Computer and Mathematical Science
Robert Gordon University, Aberdeen, AB25 1HG
"Yoda of Borg are we: Futile is resistance. Assimilate you, we will"
