From owner-freebsd-ports Tue Sep 15 02:50:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA29883 for freebsd-ports-outgoing; Tue, 15 Sep 1998 02:50:32 -0700 (PDT) (envelope-from owner-freebsd-ports@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA29855 for ; Tue, 15 Sep 1998 02:50:19 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id CAA24092; Tue, 15 Sep 1998 02:50:01 -0700 (PDT) Received: from ice.42.org (ice.42.org [194.246.250.222]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA29148; Tue, 15 Sep 1998 02:46:07 -0700 (PDT) (envelope-from sec@ice.42.org) Received: (from sec@localhost) by ice.42.org (8.8.8/8.8.8) id LAA07570; Tue, 15 Sep 1998 11:45:47 +0200 (CEST) (envelope-from sec) Message-Id: <199809150945.LAA07570@ice.42.org> Date: Tue, 15 Sep 1998 11:45:47 +0200 (CEST) From: sec@42.org Reply-To: sec@ice.42.org To: FreeBSD-gnats-submit@FreeBSD.ORG Cc: torstenb@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: ports/7931: Ssh allows root login with no password Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 7931 >Category: ports >Synopsis: Ssh allows root login with no password >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Sep 15 02:50:00 PDT 1998 >Last-Modified: >Originator: Stefan Zehl >Organization: >Release: FreeBSD 2.2.7-STABLE i386 >Environment: FreeBSD ice 2.2.7-STABLE FreeBSD 2.2.7-STABLE #0: Sun Sep 13 20:48:44 CEST 1998 sec@ice:/usr/src/sys/compile/ICE i386 ssh port version: # New ports collection makefile for: ssh # Version required: 1.2.25 # Date created: 30 Jul 1995 # Whom: torstenb@FreeBSD.ORG >Description: If you don't have a root password set (and yes, I've seen quite some machines with that setup, since FreeBSD allows no remote root logins) ssh lets you in without any password. >How-To-Repeat: ssh host -l root >Fix: I thing either PermitEmptyPasswords no or PermitRootLogin no should be set in the default sshd-config >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message