On Mon, 2003-01-20 at 18:06, Christoph J�ger wrote: > Hi all! > > OpenSSH Release 3.4p1-PM4 from pkgmaster.com > > Today I just tried to ssh-login to the box authorized_keys. I just > have a "small" problem here: with user root it is working fine, but > with all other users it is not working. I created the dir in the home > dir and placed pub key into authorized_keys: > /home/sites/siteXX/users/USERNAME/.ssh/authorized_keys > > At login the box is always asking for the users password - it's not the > key's password it's the users pwd. I also compared the configs it with my other > servers (no cobalt), and I didn't found some reasonable differences. > > Some cobalt hole? Some special config?
It's Cobalt "speciality". Home dirs of users are created group-writable, which is considered insecure by ssh (other user in your group is able to replace .ssh in your home with the one containing her authorized_keys and thus steal your identity). Manually "chmod g-w $HOME" and you'll be able to login. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
