[Bug 204475] security/openssh-portable: documentation: fully disabling password authentication
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Nov 11 18:01:16 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204475
Bug ID: 204475
Summary: security/openssh-portable: documentation: fully
disabling password authentication
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: bdrewery at FreeBSD.org
Reporter: Mark.Martinec at ijs.si
Flags: maintainer-feedback?(bdrewery at FreeBSD.org)
Assignee: bdrewery at FreeBSD.org
When installing the openssh-portable (7.1.p1_2,1) the following
advice is displayed:
[...]
Users are encouraged to create single-purpose users with ssh keys, disable
Password auth with 'PasswordAuthentication no' and define very narrow sudo
privileges instead of using root for automated tasks.
which is half-true / misleading.
Actually it is necessary to also set:
ChallengeResponseAuthentication no
otherwise the PAM mechanism will still allow authentication
through a password if authentication with a key fails,
leaving a host open to password-guessing attacks.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list