Re: [d-security] SSH
On Thu, May 16, 2002 at 02:26:37PM +0200, Pawel Romanek wrote:
> Then I was playing with sshd I had discovered
> that it checks only 8 (first) characters
> of my password, the remainder can be omitted ;)
That's normal for passwords using the standard unix crypt() function (like
"aI24pyUVhurNU" in /etc/shadow) and can be avoided by using md5 passwords
(like "$1$6E9lY9qv$KsAJ8K7yPlkdQoQurSds/0" in /etc/shadow) or maybe an
authentication other than /etc/shadow.
Read the docs in /usr/share/doc/passwd and "man 3 crypt".
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com
- From: Pawel Romanek <firstname.lastname@example.org>