[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Putty 0.45 vs. SSH Login

On Mon, May 06, 2002 at 03:08:45PM +0200, "Bernhard R. Link" <brl@pcpool00.mathematik.uni-freiburg.de> wrote:
> I rather think ssh should check also earlier for root
> and not even call PAM when root login is not permitted
> and someone tries to log in as root.

This will reveal that root login is never permitted. Probably no big
deal, but it would be nice if it could be avoided.
> It just makes to sleep better if you know, that even if pam
> gots confused, they get no directly into root. (I know, ssh to
> user and su will do it either, but a security
> measure more, that does not hurt, is always a good thing)

I disagree. By that reasoning it would be even better if OpenSSH
double-checked all of PAM's work. That would add bloat to ssh and
possibly even introduce new security problems. If you're going to rely
on PAM, you should rely on PAM.

Tim van Erven <tripudium@chello.nl>
OpenPGP Key ID: 712CB811        Fingerprint: F6C9 61EE 242C C012 36D5
                                             BBF8 6310 D557 712C B811

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: