From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Prentis Brooks" To: "cygwin" Subject: RE: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite] Date: Sat, 27 May 2000 20:58:00 -0000 Message-id: References: <39303F67.D6C4E256@vinschen.de> X-SW-Source: 2000-05/msg01026.html Thanks Corinna, I will not be in the office until Tuesday (Memorial Day holiday here in the US). At that time I will apply your updated binaries and continue from there. Also, I quickly glanced through the diff file but did not see how you corrected this... or at least you corrected it in a way completely different from what I was looking to do. Would you mind telling me how you solved the problem of unauthorized access to a another account? (specifically, being able to login to RSA enabled SSHD eventhough your RSA key is not part of that SSHD's user's authorized_key file.) -----Original Message----- From: corinna@snoopy.vinschen.de [ mailto:corinna@snoopy.vinschen.de]On Behalf Of Corinna Vinschen Sent: Saturday, May 27, 2000 5:35 PM To: Prentis Brooks Cc: Cygwin Subject: [ANNOUNCEMENT]: patched openSSH-1.2.2 [was Re: No this has a nasty bite] Prentis Brooks wrote: > You have RSA Authentication enabled and running as user foo on port 22. You > have another Daemon running SSH with password authentication on port 26. If > user bar sets up RSA keys in his/her home directory and then connects to > port 22, it will authenticate him/her via the keys in bar's home directory > and then promptly drop them to the shell as foo... this is bad. Should be solved in my new version. You will find it in ftp://ftp.franken.de/pub/win32/develop/gnuwin32/cygwin/porters/Vinschen_Cori nna/V1.1.1 files openssh-1.2.2-2.README openssh-1.2.2-2.tar.gz openssh-1.2.2-2.diff Have fun, Corinna -- Corinna Vinschen Cygwin Developer Cygnus Solutions, a Red Hat company -- Want to unsubscribe from this list? Send a message to cygwin-unsubscribe@sourceware.cygnus.com