Re: Bypassing allowed_users with PAM in sshd?

To: Marcus Williams <marcus@quintic.co.uk>
Cc: debian-security@lists.debian.org
Subject: Re: Bypassing allowed_users with PAM in sshd?
From: Hans van Kranenburg <od251@xs4all.nl>
Date: Thu, 09 Nov 2006 11:14:21 +0100
Message-id: <[🔎] 4552FF7D.1060704@xs4all.nl>
In-reply-to: <[🔎] 4551EE58.5020003@quintic.co.uk>
References: <[🔎] 4551EE58.5020003@quintic.co.uk>

Marcus Williams wrote:
> 
> I noticed in logwatch reports today that someone had tried logging in
> as root to one of my servers recently. No surprise there as this
> happens every day. However I have explicitly set up a set of users in
>  allowed_users and root isnt one of them (I also have AllowRootLogin
> set to false).
> 
> Anybody got any idea?

Probably you enabled UsePAM together with
ChallengeResponseAuthentication. (see `man sshd_config`)

PAM does not know anything about the AllowUsers/Groups and
PermitRootLogin settings...

Hans

Reply to:

References:
- Bypassing allowed_users with PAM in sshd?
  - From: Marcus Williams <marcus@quintic.co.uk>

Prev by Date: Re: bind9 security problem?
Next by Date: UPDATE: Remote Root In Nvidia xserver Driver
Previous by thread: Bypassing allowed_users with PAM in sshd?
Next by thread: UPDATE: Remote Root In Nvidia xserver Driver
Index(es):
- Date
- Thread