[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#271822: PermitRootLogin without-password actually does the same as PermitRootLogin yes

On Wed, Sep 15, 2004 at 03:58:17PM +0200, Jonas Meurer wrote:
> after i tested it on two differnent boxes, one with up-to-date sarge,
> and one with up-to-date sid, i'm quite confident, that the
> PermitRootLogin option at sshd_config doesn't understand the
> without-password value.
> 
> after i changed PermitRootLogin from 'yes' to 'without-password', i was
> still able to login from a remote box without any key, and with typing
> the root password, not the key passphrase.

Are you sure you disabled PAM authentication which is the default
authentication method in the current packages? It is documented that
there are password based authentication methods that aren't covered by
without-password:
<quote sshd_config(5)>
If this option is set to ``without-password'' password authenti-
cation is disabled for root.  Note that other authentication
methods (e.g., keyboard-interactive/PAM) may still allow root to
login using a password.
</quote>

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/
Reply to: