Re: secuirty bug with /etc/login.access

From: Dag-Erling Smørgrav (des_at_des.no)
Date: 02/19/04

  • Next message: Dorin H: "traffic normalizer for ipfw?"
    To: freebsd-security@freebsd.org
    Date: Thu, 19 Feb 2004 16:44:26 +0100
    
    

    Sven Pfeifer <sven@yagonna.de> writes:
    > this looks like, you have configured
    >
    > PasswordAuthentication yes
    > and
    > Protocol 2,1
    >
    > in your servers /etc/ssh/sshd_config. So your client is trying to
    > authenticate to the _local_ id-File. If this is failing (3 times) then
    > it tries the PasswordAuthentication at the _remote_ maschine.

    Uh, no. There is never any attempt by the client to authenticate the
    user against the client machine's password database. All four prompts
    are issued by the remote machine. The first three are from PAM, the
    fourth is OpenSSH's built-in password authentication which apparently
    does not respect login.access. The solution is to disable password
    authentication in /etc/ssh/sshd_config; this should be the default now
    that PAM works.

    DES

    -- 
    Dag-Erling Smørgrav - des@des.no
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Dorin H: "traffic normalizer for ipfw?"