secuirty bug with /etc/login.access

• Previous message: Jacques A. Vidrine: "Re: is this mbuf problem real?"
• Next in thread: Sven Pfeifer: "Re: secuirty bug with /etc/login.access"
• Reply: Sven Pfeifer: "Re: secuirty bug with /etc/login.access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 19 Feb 2004 12:04:50 +1100
To: freebsd-security@freebsd.org

/etc/login.access does not work 100% over ssh.

I have the following line in login.access

-:ray:ALL EXCEPT LOCAL

Which I believe means the user 'ray' can not login from anywhere unless
it is a local login.

So, I tested it over ssh from a remote box

tigger@piglet:~% ssh ray@sonic.cbnmediaX.com.au
Password:
Password:
Password:
ray@sonic.cbnmediaX.com.au's password:
Last login: Sat Feb 14 12:29:45 2004 from dsl-38.226.240.
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California. All rights
reserved.

FreeBSD 5.2-RELEASE-p2 (SONIC) #1: Sun Feb 8 01:18:08 EST 2004

(I'm 100% sure I typed the password correct each time)
As you can see, I'm denied access each time until the 'ray@sonic...'
option is presented, then I'm allowed in.

I personally think this is a security hole but I'm happy to admit it
could be a configuration issue at my end. Please let me know if its a
problem at my end.

Thanks for your time.

-Tig

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Jacques A. Vidrine: "Re: is this mbuf problem real?"
• Next in thread: Sven Pfeifer: "Re: secuirty bug with /etc/login.access"
• Reply: Sven Pfeifer: "Re: secuirty bug with /etc/login.access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SSH login automation, get stuck at the last step. ... The ssh server that I am copying the public key to is not a typical ... The user "root" to login this box can not access the ... puts stderr "EXP username requested and sent " ... (comp.lang.tcl) SUMMARY: how to set correct path? ... ven if we login with ssh. ... For BASH login shell, place the system wide ENV variables, such as PATH, ... You can set Use_login in the sshd_config to yes and restart sshd. ... (SunManagers) Re: ssh brute force attacks ... What you are most likely seeing are SSH worms on hacked PCs that scan ... -- use a separate username/password for SSH access, ... -- enforce more complex usernames & passwords for all users on the server ... Instead require the user to login as a non-root user first, ... (comp.os.linux.misc) Public Authentication Problem on Batch Job using SCP2 when SSH Client Reboot ... to a SSH server, HOST2. ... for secure ftp login. ... The login ID is a local user account ... we found that scp2 run failed every time the SSH client ... (comp.security.ssh) Re: Any Way to Defeat Cracker Login Attempts? (OS X) ... In article <080320061657581395%darrell.usenet5@xxxxxxxxxxxxx>, Darrell ... that will work provided none of the Macs in your SSH session ... are protected by login passwords. ... (comp.sys.mac.system)