From owner-freebsd-questions Tue Feb 11 19:44:28 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA91237B401 for ; Tue, 11 Feb 2003 19:44:27 -0800 (PST) Received: from mail.hitmedia.com (mail.hitmedia.com [205.162.11.163]) by mx1.FreeBSD.org (Postfix) with SMTP id 4BF8A43F93 for ; Tue, 11 Feb 2003 19:44:27 -0800 (PST) (envelope-from bsd@hitmedia.com) Received: (qmail 11534 invoked by uid 0); 12 Feb 2003 03:44:57 -0000 Date: Tue, 11 Feb 2003 19:44:57 -0800 From: BSD baby To: freebsd-questions@freebsd.org Subject: OpenSSH security hole on FreeBSD? Message-ID: <20030211194457.A22618@mail.hitmedia.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I install OpenSSH like this: cd /usr/ports/security/openssh-portable make -DOPENSSH_OVERWRITE_BASE install That puts things here: /usr/bin/ssh /usr/sbin/sshd /etc/ssh/sshd_config BUT... it seems to be IGNORING the sshd_config! TWO major security holes: #1 - It won't let me turn off passwords (PasswordAuthentication no) #2 - It only requires I type the first 8 characters of my password! (I use 16-character password.) I don't have these problems on OpenBSD. Any idea why they would be on FreeBSD? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message