Re: secuirty bug with /etc/login.access
From: Dag-Erling Smørgrav (des_at_des.no)
To: email@example.com Date: Thu, 19 Feb 2004 16:44:26 +0100
Sven Pfeifer <firstname.lastname@example.org> writes:
> this looks like, you have configured
> PasswordAuthentication yes
> Protocol 2,1
> in your servers /etc/ssh/sshd_config. So your client is trying to
> authenticate to the _local_ id-File. If this is failing (3 times) then
> it tries the PasswordAuthentication at the _remote_ maschine.
Uh, no. There is never any attempt by the client to authenticate the
user against the client machine's password database. All four prompts
are issued by the remote machine. The first three are from PAM, the
fourth is OpenSSH's built-in password authentication which apparently
does not respect login.access. The solution is to disable password
authentication in /etc/ssh/sshd_config; this should be the default now
that PAM works.
-- Dag-Erling Smørgrav - email@example.com _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "email@example.com"