1

User ``alice'' has public key access to server example.com. So he can do:

ssh root@example.com

without pwd.

Now on the same local machine root can do the same, i.e. he can access the remote machine without pwd. But I did not even generate a key pair for root. So it looks like root is using alice's private key to login to remote server. How can this happen? Bug, or misconfiguration, or a misunderstanding on my side?

Of course root has access to alice's id_rsa file but it is weird that it is using that file automatically.

4

2 回答 2

1

听起来 Alice 的身份文件是为机器配置的。往里看,/etc/ssh_config你应该找到一个指向 Alice 的 id_rsa 文件的 Identity 文件的条目。它应该看起来像这样:

IdentityFile ~Alice/.ssh/id_rsa

如果这是真的,这意味着 Alice 机器上的任何用户都可以以 root 身份 ssh 到 example.com 服务器。为防止这种情况,请从 ssh_config 中注释掉或删除此行。

于 2012-10-12T14:55:09.337 回答
-1

我认为是误会。用户“爱丽丝”具有 root 权限。这就是为什么 'Alice' 和 'root' 都可以以 root 身份 ssh 到 example.com - 两者都共享具有 root 权限的同一个用户组。检查 GID。

于 2012-10-12T09:24:35.663 回答