bugzilla-daemon at mindrot.org
2002-Apr-26 04:23 UTC
[Bug 227] New: 2nd Client Instance Can Login Without Authorization
http://bugzilla.mindrot.org/show_bug.cgi?id=227
Summary: 2nd Client Instance Can Login Without Authorization
Product: Portable OpenSSH
Version: 3.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: security
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: drchang at hawaii.edu
I'm using Red Hat Linux 7.2 with the Red Hat binary RPM version of OpenSSH
3.1p1.
I've noticed
that when I'm logged in to the server from my local network using SSH2 and
public key
authentication, if I log in from another SSH2 client, an unauthorized key will
be able to login to
the server. Additionally, if a valid key is present on the 2nd client, no
passphrase will be
prompted for when connecting. In each instance, I'm logging into the same
user account.
In
summary, if I'm logged in already, and I then I login using another client
using public key
authentication, the 2nd instance will not require a valid key for the server.
All forms of
authentication by host have been disabled in sshd_config.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 227] 2nd Client Instance Can Login Without Authorization
- [Bug 159] New: Password-Authentication with openssh-3.1p1 fails
- Password from open filedescriptor
- [Bug 434] New: ssh-add doesn't always add all identities to ssh-agent
- Password-Authentication with openssh-3.1p1 fails
Wisdom of the Ancients
