Re: sshd directive ignored
On Sun, 2005-02-27 at 15:35 -0500, Mason Loring Bliss wrote:
> This seems like a bad sort of default behaviour. I would recommend that
> a note be added somewhere prominent that indicates this to folks who
> are familiar with ssh but not with the impact of that PAM statement...
That would be nice since I've seen quite a few compromised boxes running
unstable whose owners turned off PasswordAuthentication and either
didn't notice that it made no difference or didn't bother to check.
I have to admit being deceived that way once too. Luckily not for long -
I hadn't copied my public key on that machine yet and I was asked for a
password which of course was accepted to my surprise.
--
Best regards,
Martin Orda
http://www.securityshells.com
Reply to: