Date: Tue, 15 Sep 1998 11:45:47 +0200 (CEST) From: sec@42.org To: FreeBSD-gnats-submit@FreeBSD.ORG Cc: torstenb@FreeBSD.ORG Subject: ports/7931: Ssh allows root login with no password Message-ID: <199809150945.LAA07570@ice.42.org>
next in thread | raw e-mail | index | archive | help
>Number: 7931 >Category: ports >Synopsis: Ssh allows root login with no password >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Sep 15 02:50:00 PDT 1998 >Last-Modified: >Originator: Stefan Zehl >Organization: >Release: FreeBSD 2.2.7-STABLE i386 >Environment: FreeBSD ice 2.2.7-STABLE FreeBSD 2.2.7-STABLE #0: Sun Sep 13 20:48:44 CEST 1998 sec@ice:/usr/src/sys/compile/ICE i386 ssh port version: # New ports collection makefile for: ssh # Version required: 1.2.25 # Date created: 30 Jul 1995 # Whom: torstenb@FreeBSD.ORG >Description: If you don't have a root password set (and yes, I've seen quite some machines with that setup, since FreeBSD allows no remote root logins) ssh lets you in without any password. >How-To-Repeat: ssh host -l root >Fix: I thing either PermitEmptyPasswords no or PermitRootLogin no should be set in the default sshd-config >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809150945.LAA07570>