Re: secuirty bug with /etc/login.access
From: Dag-Erling Smørgrav (des_at_des.no)
Date: 02/19/04
- Previous message: Peter Pentchev: "Re: [Fwd: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoSvulnerability]"
- In reply to: Sven Pfeifer: "Re: secuirty bug with /etc/login.access"
- Next in thread: Tig: "Re: secuirty bug with /etc/login.access"
- Reply: Tig: "Re: secuirty bug with /etc/login.access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: freebsd-security@freebsd.org Date: Thu, 19 Feb 2004 16:44:26 +0100
Sven Pfeifer <sven@yagonna.de> writes:
> this looks like, you have configured
>
> PasswordAuthentication yes
> and
> Protocol 2,1
>
> in your servers /etc/ssh/sshd_config. So your client is trying to
> authenticate to the _local_ id-File. If this is failing (3 times) then
> it tries the PasswordAuthentication at the _remote_ maschine.
Uh, no. There is never any attempt by the client to authenticate the
user against the client machine's password database. All four prompts
are issued by the remote machine. The first three are from PAM, the
fourth is OpenSSH's built-in password authentication which apparently
does not respect login.access. The solution is to disable password
authentication in /etc/ssh/sshd_config; this should be the default now
that PAM works.
DES
-- Dag-Erling Smørgrav - des@des.no _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Peter Pentchev: "Re: [Fwd: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoSvulnerability]"
- In reply to: Sven Pfeifer: "Re: secuirty bug with /etc/login.access"
- Next in thread: Tig: "Re: secuirty bug with /etc/login.access"
- Reply: Tig: "Re: secuirty bug with /etc/login.access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
