Bug 1394

Hi, I don't know if this is a bug, but I have been searching in Google and the project's web, and I haven't found anything. I think that I haven't found anything because my bad English, but I put this here because I don't know what to do. I'm using an up to date Gentoo 2007.0, with openssh 4.7-r1 (marked as stable), and ssh with a key with passphrase. I have found that if I do an "scp key.pub user@hostname:/home/user/.ssh/authorized_keys", scp ask me for the user password and not for the key, so if I know the password of the user, I can overwrite the key and get the control of that machine. I don't know if this is a problem of my configuration (same as Gentoo default, but without permission of root and password login), a patched version of the Gentoo team, or of the original version. Thanks, and sorry if I'm wrong and I have made that the person who reads this wastes his time. Sorry also for my mistakes, as I mentioned above, I have a bad English but I'm trying to improve it.