1. I should have said "an enabled empty root password makes possible passwordless root login via ssh and the console". In other words, /etc/securetty and /etc/pam.d/common-auth need to be (mis)configured.
2. ssh public key logins are not disabled by the use of '!'. Eg:
/etc/shadow
root:!:14196:0:99999:7:::
/var/log/auth.log
Dec 15 18:17:59 sec-intrepid-amd64 sshd[5654]: Accepted publickey for root from 192.168.122.1 port 43391 ssh2
Dec 15 18:17:59 sec-intrepid-amd64 sshd[5654]: pam_unix(sshd:session): session opened for user root by (uid=0)
sshd_config has:
PermitRootLogin yes
RSAAuthentication yes
PubkeyAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
#PasswordAuthentication yes
1. I should have said "an enabled empty root password makes possible passwordless root login via ssh and the console". In other words, /etc/securetty and /etc/pam. d/common- auth need to be (mis)configured.
2. ssh public key logins are not disabled by the use of '!'. Eg: 14196:0: 99999:7: ::
/etc/shadow
root:!:
/var/log/auth.log sshd:session) : session opened for user root by (uid=0)
Dec 15 18:17:59 sec-intrepid-amd64 sshd[5654]: Accepted publickey for root from 192.168.122.1 port 43391 ssh2
Dec 15 18:17:59 sec-intrepid-amd64 sshd[5654]: pam_unix(
sshd_config has: ation yes words no seAuthenticatio n no tication yes
PermitRootLogin yes
RSAAuthentication yes
PubkeyAuthentic
PermitEmptyPass
ChallengeRespon
#PasswordAuthen