From owner-freebsd-questions@FreeBSD.ORG Wed Jan 14 17:24:51 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4049116A4CE for ; Wed, 14 Jan 2004 17:24:51 -0800 (PST) Received: from postino-1.etat.lu (postino-1.etat.lu [194.154.205.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id D236443D73 for ; Wed, 14 Jan 2004 17:24:49 -0800 (PST) (envelope-from didier.wiroth@mcesr.etat.lu) Received: from avirus.cie.etat.lu (avirus.cie.etat.lu [148.110.136.55]) by postino-1.etat.lu (Postfix) with ESMTP id 1D6A333651D for ; Thu, 15 Jan 2004 02:24:49 +0100 (CET) Received: from hermes-1 (localhost [127.0.0.1]) by avirus.cie.etat.lu (8.11.7+Sun/8.8.8) with ESMTP id i0F1OlM02143 for ; Thu, 15 Jan 2004 02:24:47 +0100 (MET) Received: from conversion-daemon.mail.etat.lu by mail.etat.lu (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) id <0HRI00J01B5BHM@mail.etat.lu> for freebsd-questions@freebsd.org; Thu, 15 Jan 2004 02:24:48 +0100 (MET) Received: from etat.lu (mail.etat.lu [148.110.136.60])18 2003)) freebsd-questions@freebsd.org; Thu, 15 Jan 2004 02:24:47 +0100 (MET) Received: from [192.168.1.74] by mail.etat.lu (mshttpd); Thu, 15 Jan 2004 02:24:47 +0100 Date: Thu, 15 Jan 2004 02:24:47 +0100 From: Didier Wiroth To: freebsd-questions@freebsd.org Message-id: <130d319f1f.19f1f130d3@etat.lu> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.14 (built Mar 18 2003) Content-type: text/plain; charset=us-ascii Content-language: fr Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: fr Priority: normal Subject: sshd, how is this possible, security bug? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jan 2004 01:24:51 -0000 Hi, using freebsd 5.2 release. Below you can see what is not commented out in my sshd_config file, which is almost the default: #$FreeBSD: src/crypto/openssh/sshd_config,v 1.33 2003/09/24 19:20:23 des Exp $ #VersionAddendum FreeBSD-20030924 Protocol 2 ListenAddress x.y.z.x LoginGraceTime 60 PubkeyAuthentication yes PasswordAuthentication no PermitEmptyPasswords no PrintMotd yes PrintLastLog yes AllowGroups ssh Banner /usr/local/etc/ssh/banner Subsystem sftp /usr/libexec/sftp-server I'm using ssh windows client version 3.2.9 from: http://www.ssh.com I get a passphrase prompt, I enter xyz, press enter, than I'm prompted to enter my "password", I enter the password and I have my prompt: me@mypc: Is this a security bug, a misconfiguration or what? I thought I had disabled password authentication with: PasswordAuthentication no thx a lot