#1687 Disallow root SSH public key authentication
Closed: Fixed None Opened 7 years ago by jcholast.

pam_sss does not allow users named "root" to authenticate. Do the same thing for SSH by rejecting public key requests for users named "root" in sss_ssh_authorizedkeys.


Fields changed

owner: somebody => jcholast

Not a security issue -- someone would have to create a user named "root" on the IPA server and if someone has the power to create users on IPA server, we're busted anyway.

Honza says the patch is two lines. I think 1.9.4 makes sense.

milestone: NEEDS_TRIAGE => SSSD 1.9.4

Fields changed

patch: 0 => 1
status: new => assigned

resolution: => fixed
status: assigned => closed

Metadata Update from @jcholast:
- Issue assigned to jcholast
- Issue set to the milestone: SSSD 1.9.4

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2729

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata