Re: [d-security] SSH

To: Pawel Romanek <promanek@hektor.umcs.lublin.pl>
Cc: debian-security@lists.debian.org
Subject: Re: [d-security] SSH
From: Christian Hammers <ch@debian.org>
Date: Thu, 16 May 2002 14:36:10 +0200
Message-id: <[🔎] 20020516123610.GD25391@westend.com>
Mail-followup-to: Christian Hammers <ch@debian.org>, Pawel Romanek <promanek@hektor.umcs.lublin.pl>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20020516142637.A11782@hektor.umcs.lublin.pl>
References: <[🔎] 20020516142637.A11782@hektor.umcs.lublin.pl>

On Thu, May 16, 2002 at 02:26:37PM +0200, Pawel Romanek wrote:
> Then I was playing with sshd I had discovered
> that it checks only 8 (first) characters
> of my password, the remainder can be omitted ;)
That's normal for passwords using the standard unix crypt() function (like
"aI24pyUVhurNU" in /etc/shadow) and can be avoided by using md5 passwords
(like "$1$6E9lY9qv$KsAJ8K7yPlkdQoQurSds/0" in /etc/shadow) or maybe an
authentication other than /etc/shadow. 

Read the docs in /usr/share/doc/passwd and "man 3 crypt".
 
> Regards
> P.R.
bye,

-christian-


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- SSH
  - From: Pawel Romanek <promanek@hektor.umcs.lublin.pl>

Prev by Date: SSH
Next by Date: Re: SSH
Previous by thread: SSH
Next by thread: Re: SSH
Index(es):
- Date
- Thread