Re: Putty 0.45 vs. SSH Login
On Mon, May 06, 2002 at 03:08:45PM +0200, "Bernhard R. Link" <firstname.lastname@example.org> wrote:
> I rather think ssh should check also earlier for root
> and not even call PAM when root login is not permitted
> and someone tries to log in as root.
This will reveal that root login is never permitted. Probably no big
deal, but it would be nice if it could be avoided.
> It just makes to sleep better if you know, that even if pam
> gots confused, they get no directly into root. (I know, ssh to
> user and su will do it either, but a security
> measure more, that does not hurt, is always a good thing)
I disagree. By that reasoning it would be even better if OpenSSH
double-checked all of PAM's work. That would add bloat to ssh and
possibly even introduce new security problems. If you're going to rely
on PAM, you should rely on PAM.
Tim van Erven <email@example.com>
OpenPGP Key ID: 712CB811 Fingerprint: F6C9 61EE 242C C012 36D5
BBF8 6310 D557 712C B811
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com