© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Message-Id: <1095984517.
Date: Fri, 24 Sep 2004 02:08:37 +0200
From: Christian Guggenberger <email address hidden>
To: <email address hidden>
Cc: <email address hidden>, <email address hidden>, <email address hidden>
Subject: Bug#271822: PermitRootLogin without-password actually does the same as PermitRootLogin yes
>On 16/09/2004 Frank Lichtenheld wrote:
>> On Wed, Sep 15, 2004 at 03:58:17PM +0200, Jonas Meurer wrote:
>> > after i changed PermitRootLogin from 'yes' to 'without-password', i was
>> > still able to login from a remote box without any key, and with typing
>> > the root password, not the key passphrase.
>>
>> Are you sure you disabled PAM authentication which is the default
>> authentication method in the current packages? It is documented that
>> there are password based authentication methods that aren't covered by
>> without-password:
>> <quote sshd_config(5)>
>> If this option is set to ``without-
>> cation is disabled for root. Note that other authentication
>> methods (e.g., keyboard-
>> login using a password.
>> </quote>
>if i use
>UsePAM no
>
>even normal user pam logins don't work any longer.
>
>that's not what i want.
well, you can enable PAM, but you then need to disable ChallengeResponse Authentifiaction (enabled by default).
This will prevent root logins with password when 'without-password' is set.
Keep in mind that in this case passwords will go encrypted over the net.
cheers.
- Christian
--
\|/ ____ \|/
"@'/ .. \'@"
/_| \__/ |_\
\__U_/