ssh
Erik Osterholm
freebsd-lists-erik at erikosterholm.org
Wed Oct 31 11:11:32 PDT 2007
On Wed, Oct 31, 2007 at 03:09:36PM +0000, Daniel Bye wrote:
> On Wed, Oct 31, 2007 at 03:23:57PM +0100, Michael Grant wrote:
> > > Yeah, I misread your problem. Are you saying that you want to su to root,
> > > but still have some variables set as they were on the account you sued from?
> > > So you have a user named Michael, say, and you su to root, but when you ssh
> > > you want Michael's .ssh to be the effective one?
> >
> > Well sort of. When I su, $HOME is set to my homedir and $USER set to
> > mgrant. This is fine. However, ssh (when sued) doesn't read
> > $HOME/.ssh, it reads /root/.ssh. And it's not defaulting to logging
> > into the remote machine as $USER, it tries to log in as root. It does
> > this because it's hardwired in the code more or less as follows (I've
> > extracted the relevant code from ssh.c):
> >
> > original_real_uid = getuid();
> > pw = getpwuid(original_real_uid);
> > sprintf(buf, "%s/%s", pw->pw_dir, "ssh-config");
> > read_config_file(buf);
> > options.user = strdup(pw->pw_name);
> >
> > Like I said, it seems like a bug to me. Personally I would have done
> > a getenv("HOME") and getenv("USER") myself instead of depending on the
> > userid. Probably they had good reason for doing it the way they did
> > it.
>
> Probably to do with the fact that both $HOME and $USER can be set by the
> user to any arbitrary value:
>
> [daniel at torus:~] --->$ echo $USER $HOME
> daniel /home/daniel
> [daniel at torus:~] --->$ USER=root
> [daniel at torus:~] --->$ HOME=/root
> [daniel at torus:/home/daniel] --->$ echo $USER $HOME
> root /root
> [daniel at torus:/home/daniel] --->$ cd
> [daniel at torus:~] --->$ pwd
> /root
>
> Not so good for security!
>
> Dan
But the same effect can be achieved by specifying the identity file:
ssh -i /root/.ssh/id_dsa
So this file still needs appropriate permissions to prevent misuse by
other users. I'm pretty curious to know why the developers chose this
path. If it's not actually a bug, but a security concern, then it
would be a good learning experience for me!
Erik
More information about the freebsd-questions
mailing list