Re: Putty 0.45 vs. SSH Login

To: debian-security@lists.debian.org
Subject: Re: Putty 0.45 vs. SSH Login
From: Tim van Erven <tripudium@chello.nl>
Date: Mon, 6 May 2002 15:52:21 +0200
Message-id: <[🔎] 20020506135221.GA521@tve.dhs.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20020506130844.GB14004@pcpool00.mathematik.uni-freiburg.de>
References: <[🔎] 20020505093336.A24873@delfar.ee> <[🔎] 20020505124956.GA1774@darwin.crans.org> <[🔎] 20020505150836.GA2757@tve.dhs.org> <[🔎] 20020505121549.B19227@khazad-dum> <[🔎] 20020505172329.GA496@tve.dhs.org> <[🔎] 20020506130844.GB14004@pcpool00.mathematik.uni-freiburg.de>

On Mon, May 06, 2002 at 03:08:45PM +0200, "Bernhard R. Link" <brl@pcpool00.mathematik.uni-freiburg.de> wrote:
> I rather think ssh should check also earlier for root
> and not even call PAM when root login is not permitted
> and someone tries to log in as root.

This will reveal that root login is never permitted. Probably no big
deal, but it would be nice if it could be avoided.
    
> It just makes to sleep better if you know, that even if pam
> gots confused, they get no directly into root. (I know, ssh to
> user and su will do it either, but a security
> measure more, that does not hurt, is always a good thing)

I disagree. By that reasoning it would be even better if OpenSSH
double-checked all of PAM's work. That would add bloat to ssh and
possibly even introduce new security problems. If you're going to rely
on PAM, you should rely on PAM.

-- 
Tim van Erven <tripudium@chello.nl>
OpenPGP Key ID: 712CB811        Fingerprint: F6C9 61EE 242C C012 36D5
                                             BBF8 6310 D557 712C B811


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Putty 0.45 vs. SSH Login
  - From: "Bernhard R. Link" <brl@pcpool00.mathematik.uni-freiburg.de>
- Re: Putty 0.45 vs. SSH Login
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

References:
- Putty 0.45 vs. SSH Login
  - From: Rauno "Linnamäe" <raunzz@delfar.ee>
- Re: Putty 0.45 vs. SSH Login
  - From: Vincent Hanquez <tab@crans.org>
- Re: Putty 0.45 vs. SSH Login
  - From: Tim van Erven <tripudium@chello.nl>
- Re: Putty 0.45 vs. SSH Login
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Putty 0.45 vs. SSH Login
  - From: Tim van Erven <tripudium@chello.nl>
- Re: Putty 0.45 vs. SSH Login
  - From: "Bernhard R. Link" <brl@pcpool00.mathematik.uni-freiburg.de>

Prev by Date: Re: Putty 0.45 vs. SSH Login
Next by Date: named problem
Previous by thread: Re: Putty 0.45 vs. SSH Login
Next by thread: Re: Putty 0.45 vs. SSH Login
Index(es):
- Date
- Thread