bugzilla-daemon at mindrot.org
2002-Apr-26 04:23 UTC
[Bug 227] New: 2nd Client Instance Can Login Without Authorization
http://bugzilla.mindrot.org/show_bug.cgi?id=227 Summary: 2nd Client Instance Can Login Without Authorization Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: drchang at hawaii.edu I'm using Red Hat Linux 7.2 with the Red Hat binary RPM version of OpenSSH 3.1p1. I've noticed that when I'm logged in to the server from my local network using SSH2 and public key authentication, if I log in from another SSH2 client, an unauthorized key will be able to login to the server. Additionally, if a valid key is present on the 2nd client, no passphrase will be prompted for when connecting. In each instance, I'm logging into the same user account. In summary, if I'm logged in already, and I then I login using another client using public key authentication, the 2nd instance will not require a valid key for the server. All forms of authentication by host have been disabled in sshd_config. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Seemingly Similar Threads
- [Bug 227] 2nd Client Instance Can Login Without Authorization
- [Bug 159] New: Password-Authentication with openssh-3.1p1 fails
- Password from open filedescriptor
- [Bug 434] New: ssh-add doesn't always add all identities to ssh-agent
- Password-Authentication with openssh-3.1p1 fails