Re: Signing Packages.gz

[Julian Gilbey <J.D.Gilbey@qmw.ac.uk>]

On Sat, Apr 01, 2000 at 04:56:59PM -0700, Jason Gunthorpe wrote:
> 
> On Sun, 2 Apr 2000, Julian Gilbey wrote:
> 
> > On Sat, Apr 01, 2000 at 03:16:23PM -0700, Jason Gunthorpe wrote:
> > > How many people
> > > foward ssh agents and put that key in their home .ssh/authorized_keys?
> > 
> > What does that mean?  It could easily be that I am doing something
> > wrong without even realising it....
> 
> If you can ssh into your machine using RSA authentication and the key you
> use for that is in your ssh agent and you forward your agent then you can
> ssh from master back to your home machine without a password - and thus so
> can root. 

I think I understand now, thanks.  In my case I had done this:

On my home machine, I have an identity in .ssh/identity.pub.
I copied that into .ssh/authorized_keys on master (possibly using the
LDAP system).
I *also* copied it into .ssh/authorized_keys on my home machine.

That extra copy on my home machine (somehow) allows root to snoop my
identity and so get into my home machine without a password.

Solution: remove the identity from .ssh/authorized_keys on my home
machine.  If I were really paranoid, I ought to reinstall everything
on my home machine in case I'd already been hacked.

   Julian

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

  Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
        Debian GNU/Linux Developer,  see http://www.debian.org/~jdg
  Donate free food to the world's hungry: see http://www.thehungersite.com/