Re: SSH, PubkeyAuthentication and UsePam - security problem or RTFM?
On Tue, 20 Apr 2004, Adrian 'Dagurashibanipal' von Bidder wrote:
> [Matthew, Colin - I suspect you're on debian-security anyway. If so, no
> need to reply off-list; I just wanted to make sure you see this, since
> I considered filing a bug about this.]
>
> Hi,
>
> Package: ssh
> Version: 1:3.8p1-3
> Tags: bug-not-filed
>
> I have a cople of issues with UsePam in ssh.
>
> First, it seems to always enable PasswordAuthentication. All my systems
> have 'PasswordAuthentication no' and 'PubkeyAuthentication yes', so I
> was very surprised when I was prompted for a password trying to login
> to one of the systems, to an account with an outdated authorized_keys
> file. Investigation showed that 'UsePam yes' is causing this behaviour
> (i.e. 'UsePam no' turns off PasswordAuthentication).
you are not seeing PasswordAuthentication, you are seeing
keyboard-interactive authentication. They are two distinct things and get
enabled/disabled separately.
Bye
Giacomo
--
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
Reply to: