[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sshd directive ignored

On Sun, 2005-02-27 at 15:35 -0500, Mason Loring Bliss wrote:

> This seems like a bad sort of default behaviour. I would recommend that
> a note be added somewhere prominent that indicates this to folks who
> are familiar with ssh but not with the impact of that PAM statement...

That would be nice since I've seen quite a few compromised boxes running
unstable whose owners turned off PasswordAuthentication and either
didn't notice that it made no difference or didn't bother to check.

I have to admit being deceived that way once too. Luckily not for long -
I hadn't copied my public key on that machine yet and I was asked for a
password which of course was accepted to my surprise.

Best regards,
Martin Orda

Reply to: