[Bug 263045] sshd allows password logins when "PasswordAuthentication no" is set

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 263045] sshd allows password logins when "PasswordAuthentication no" is set"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 04 Apr 2022 21:51:31 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263045

--- Comment #2 from donaldcallen@gmail.com ---
Running 13.1 RC1.

I saw the same thing with the 13 release. sshd_config says the default is no
password authentication, but you can ssh/scp in with a password, running the
stock sshd_config.

I'm confused by your statement 'Setting "KbdInteractiveAuthentication no"
disables password authentication completely in all these branches.'. That
statement is true, but "PasswordAuthentication no" should be sufficient to
disable password authentication (that's what it says!!) and that's not the case
with 13 release or 13.1 RC1. 

But it is the case with DragonFlyBSD 6.2.1. DragonFly's default setup:

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#KbdInteractiveAuthentication yes

does NOT allow password logins.

-- 
You are receiving this mail because:
You are the assignee for the bug.