Date: Sat, 20 Jan 2007 17:01:03 +0100 (CET) From: Christian Baer <christian.baer@uni-dortmund.de> To: freebsd-questions@freebsd.org Subject: Re: ssh public key authentification Message-ID: <eotebv$1g7a$1@nermal.rz1.convenimus.net> References: <eooa8o$14k0$2@nermal.rz1.convenimus.net> <200701181701.04719.kirk@strauser.com> <20070119151015.GC25249@submonkey.net> <200701190953.29017.kirk@strauser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 19 Jan 2007 09:53:23 -0600 Kirk Strauser wrote: >> Why not? Group write is plenty enough for someone else to replace the >> .ssh directory with another one, so sshd checks for that. > > To replace it with another 700 directory owned by the user, containing a 40= > file also owned by the user? That obviously isn't possible - at least not directly. I would be feasible to replace and existing ssh_config in the user's directory if this had too liberal rights and the file were located at ~, not ~/.ssh/. If the attacker got at the config-file he or she could put in a new position for the authorized_keys and thus replace the file. All very theoretical and not likely since the defaults of FreeBSD won't allow it. root must mess up for this one. Does root ever mess up? :-) I think it's more likely that the sshd only checks this one directory in case of public key authentification. If it is group- or world- writable it doesn't trust the key file. Checking the exact location and the file itself if there is any chance it could be tampered with would result in a more complex algorithm and complexity is something you try to avoid in security matters. Regards Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?eotebv$1g7a$1>