Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
09-25-2007, 10:30 PM
|
#16
|
LQ Newbie
Registered: Mar 2004
Distribution: windows 7
Posts: 21
Rep:
|
Quote:
Originally Posted by slimm609
and that should work fine
user1@local_1 to user1@remote_1 should work fine. but user1@local_1 to user2@remote_1 will not. same as user1@local_1 to root@remote_1 will not work.
|
Let's clarify all this with real names, or at least as real as I care for.
Are you telling me that this below snippet can't happen?
Code:
[stormpunk@bishop ~]$ ssh root@192.168.2.201
Last login: Tue Sep 25 16:06:14 2007 from 192.168.2.252
[root@space2 ~]# exit
logout
Connection to 192.168.2.201 closed.
[stormpunk@bishop ~]$ ssh stormpunk@192.168.2.201
Last login: Tue Sep 25 16:07:47 2007 from 192.168.2.252
[stormpunk@space2 ~]$
|
|
|
09-26-2007, 06:13 AM
|
#17
|
Member
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430
Rep:
|
do a sshd -d -d -d and paste it. then also do an md5 on both key files.
|
|
|
09-26-2007, 06:24 AM
|
#18
|
Senior Member
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530
Rep:
|
Please dis-regard this post.
|
|
|
09-26-2007, 09:47 AM
|
#19
|
LQ Newbie
Registered: Mar 2004
Distribution: windows 7
Posts: 21
Rep:
|
Code:
[root@space2 ~]# /usr/local/sbin/sshd -d -d -d
debug2: load_server_config: filename /usr/local/etc/sshd_config
debug2: load_server_config: done config len = 172
debug2: parse_server_config: config /usr/local/etc/sshd_config len 172
debug3: /usr/local/etc/sshd_config:21 setting Protocol 2
debug3: /usr/local/etc/sshd_config:110 setting Subsystem sftp /usr/local/libexec/sftp-server
debug1: sshd version OpenSSH_4.7p1
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/local/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-d'
debug1: rexec_argv[3]='-d'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Bind to port 22 on :: failed: Address already in use.
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.
Cannot bind any address.
Code:
[root@space2 ~]# md5sum /home/stormpunk/.ssh/authorized_keys /root/.ssh/authorized_keys
af5bc8180a60fa8d29a4beeabcd734dc /home/stormpunk/.ssh/authorized_keys
af5bc8180a60fa8d29a4beeabcd734dc /root/.ssh/authorized_keys
I don't know how much more proof you'd like to have. This is possible. You can clearly see the files are the same.
This is running on OpenSSH_4.7p1, OpenSSL 0.9.8e 23 Feb 2007. I have other versions in action which produce the same results.
I've done it for years like this. Lots of different OpenSSL and OpenSSH versions. It works. Before you start requesting more evidence, maybe you should figure out what you've been doing wrong all this time.
|
|
|
09-26-2007, 01:11 PM
|
#20
|
Member
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430
Rep:
|
Well i guess i am mistaken but even the ssh documents say that it will not work
From a security aspect you would never want to do what you are doing because now someone would not have to get root only your user account then use your keys for root to the other machine
|
|
|
All times are GMT -5. The time now is 10:40 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|