SSH: Reject requests for authorized keys of root

https://fedorahosted.org/sssd/ticket/1687
author: Jan Cholasta <jcholast@redhat.com> 2012-11-22 18:04:30 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2012-12-10 19:09:30 +0100
commit: 8178921045c9785cec947c720e8f5caf6201d386 (patch)
tree: 8c2fc57786ebaa9a42f2d2a7438ee7982b806864 /src
parent: 2f4ff13a4413289e78e07da2a4e3e797fca20c03 (diff)
download: sssd-8178921045c9785cec947c720e8f5caf6201d386.tar.gz
sssd-8178921045c9785cec947c720e8f5caf6201d386.tar.xz
sssd-8178921045c9785cec947c720e8f5caf6201d386.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/responder/ssh/sshsrv_cmd.c b/src/responder/ssh/sshsrv_cmd.c
index 7de523fad..687e8887e 100644
--- a/src/responder/ssh/sshsrv_cmd.c
+++ b/src/responder/ssh/sshsrv_cmd.c
@@ -65,6 +65,11 @@ sss_ssh_cmd_get_user_pubkeys(struct cli_ctx *cctx)
           ("Requesting SSH user public keys for [%s] from [%s]\n",
            cmd_ctx->name, cmd_ctx->domname ? cmd_ctx->domname : "<ALL>"));
 
+    if (strcmp(cmd_ctx->name, "root") == 0) {
+        ret = ENOENT;
+        goto done;
+    }
+
     if (cmd_ctx->domname) {
         cmd_ctx->domain = responder_get_domain(cmd_ctx, cctx->rctx,
                                                cmd_ctx->domname);
author	Jan Cholasta <jcholast@redhat.com>	2012-11-22 18:04:30 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2012-12-10 19:09:30 +0100
commit	8178921045c9785cec947c720e8f5caf6201d386 (patch)
tree	8c2fc57786ebaa9a42f2d2a7438ee7982b806864 /src
parent	2f4ff13a4413289e78e07da2a4e3e797fca20c03 (diff)
download	sssd-8178921045c9785cec947c720e8f5caf6201d386.tar.gz sssd-8178921045c9785cec947c720e8f5caf6201d386.tar.xz sssd-8178921045c9785cec947c720e8f5caf6201d386.zip