SSH: Reject requests for authorized keys of root

https://fedorahosted.org/sssd/ticket/1687
author: Jan Cholasta <jcholast@redhat.com> 2012-11-22 18:04:30 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2012-12-20 18:53:17 +0100
commit: adfe9a19e085f6575bb55f2a304903cf944d2202 (patch)
tree: c5378a362cf7c3e39b7728f150394d09135f00ac
parent: d5c513f213d49b70b809ee74715483dd1c50d242 (diff)
download: sssd-adfe9a19e085f6575bb55f2a304903cf944d2202.tar.gz
sssd-adfe9a19e085f6575bb55f2a304903cf944d2202.tar.xz
sssd-adfe9a19e085f6575bb55f2a304903cf944d2202.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c
index 7de523fad..687e8887e 100644
--- a/src/responder/ssh/sshsrv_cmd.c
+++ b/src/responder/ssh/sshsrv_cmd.c
@@ -65,6 +65,11 @@ sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx)
           ("Requesting SSH user public keys for [%s] from [%s]\n",
            cmd_ctx->name, cmd_ctx->domname ? cmd_ctx->domname : "<ALL>"));
 
+    if (strcmp(cmd_ctx->name, "root") == 0) {
+        ret = ENOENT;
+        goto done;
+    }
+
     if (cmd_ctx->domname) {
         cmd_ctx->domain = responder_get_domain(cmd_ctx, cctx->rctx,
                                                cmd_ctx->domname);
author	Jan Cholasta <jcholast@redhat.com>	2012-11-22 18:04:30 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2012-12-20 18:53:17 +0100
commit	adfe9a19e085f6575bb55f2a304903cf944d2202 (patch)
tree	c5378a362cf7c3e39b7728f150394d09135f00ac
parent	d5c513f213d49b70b809ee74715483dd1c50d242 (diff)
download	sssd-adfe9a19e085f6575bb55f2a304903cf944d2202.tar.gz sssd-adfe9a19e085f6575bb55f2a304903cf944d2202.tar.xz sssd-adfe9a19e085f6575bb55f2a304903cf944d2202.zip