[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [d-security] SSH

On Thu, May 16, 2002 at 02:26:37PM +0200, Pawel Romanek wrote:
> Then I was playing with sshd I had discovered
> that it checks only 8 (first) characters
> of my password, the remainder can be omitted ;)
That's normal for passwords using the standard unix crypt() function (like
"aI24pyUVhurNU" in /etc/shadow) and can be avoided by using md5 passwords
(like "$1$6E9lY9qv$KsAJ8K7yPlkdQoQurSds/0" in /etc/shadow) or maybe an
authentication other than /etc/shadow. 

Read the docs in /usr/share/doc/passwd and "man 3 crypt".
> Regards
> P.R.


To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: