Date: Wed, 11 Nov 2015 18:01:16 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 204475] security/openssh-portable: documentation: fully disabling password authentication Message-ID: <bug-204475-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204475 Bug ID: 204475 Summary: security/openssh-portable: documentation: fully disabling password authentication Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: bdrewery@FreeBSD.org Reporter: Mark.Martinec@ijs.si Flags: maintainer-feedback?(bdrewery@FreeBSD.org) Assignee: bdrewery@FreeBSD.org When installing the openssh-portable (7.1.p1_2,1) the following advice is displayed: [...] Users are encouraged to create single-purpose users with ssh keys, disable Password auth with 'PasswordAuthentication no' and define very narrow sudo privileges instead of using root for automated tasks. which is half-true / misleading. Actually it is necessary to also set: ChallengeResponseAuthentication no otherwise the PAM mechanism will still allow authentication through a password if authentication with a key fails, leaving a host open to password-guessing attacks. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-204475-13>