secuirty bug with /etc/login.access
Dag-ErlingSmørgrav
des at des.no
Thu Feb 19 07:44:34 PST 2004
Sven Pfeifer <sven at yagonna.de> writes:
> this looks like, you have configured
>
> PasswordAuthentication yes
> and
> Protocol 2,1
>
> in your servers /etc/ssh/sshd_config. So your client is trying to
> authenticate to the _local_ id-File. If this is failing (3 times) then
> it tries the PasswordAuthentication at the _remote_ maschine.
Uh, no. There is never any attempt by the client to authenticate the
user against the client machine's password database. All four prompts
are issued by the remote machine. The first three are from PAM, the
fourth is OpenSSH's built-in password authentication which apparently
does not respect login.access. The solution is to disable password
authentication in /etc/ssh/sshd_config; this should be the default now
that PAM works.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list