Re: sshd directive ignored

To: debian-security@lists.debian.org
Subject: Re: sshd directive ignored
From: Marcin Orda <marcin.orda@bgnet.pl>
Date: Sun, 27 Feb 2005 23:55:25 +0100
Message-id: <[🔎] 1109544926.3585.17.camel@localhost.localdomain>
In-reply-to: <[🔎] 20050227203530.GF23380@acheron.in.hades>
References: <[🔎] 20050227203530.GF23380@acheron.in.hades>

On Sun, 2005-02-27 at 15:35 -0500, Mason Loring Bliss wrote:

> This seems like a bad sort of default behaviour. I would recommend that
> a note be added somewhere prominent that indicates this to folks who
> are familiar with ssh but not with the impact of that PAM statement...

That would be nice since I've seen quite a few compromised boxes running
unstable whose owners turned off PasswordAuthentication and either
didn't notice that it made no difference or didn't bother to check.

I have to admit being deceived that way once too. Luckily not for long -
I hadn't copied my public key on that machine yet and I was asked for a
password which of course was accepted to my surprise.

-- 
Best regards,
Martin Orda
http://www.securityshells.com

Reply to:

References:
- sshd directive ignored
  - From: Mason Loring Bliss <mason@blisses.org>

Prev by Date: sshd directive ignored
Previous by thread: sshd directive ignored
Index(es):
- Date
- Thread