From owner-freebsd-ports  Tue Sep 15 02:50:32 1998
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA29883
          for freebsd-ports-outgoing; Tue, 15 Sep 1998 02:50:32 -0700 (PDT)
          (envelope-from owner-freebsd-ports@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA29855
          for <freebsd-ports@FreeBSD.org>; Tue, 15 Sep 1998 02:50:19 -0700 (PDT)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id CAA24092;
	Tue, 15 Sep 1998 02:50:01 -0700 (PDT)
Received: from ice.42.org (ice.42.org [194.246.250.222])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA29148;
          Tue, 15 Sep 1998 02:46:07 -0700 (PDT)
          (envelope-from sec@ice.42.org)
Received: (from sec@localhost)
	by ice.42.org (8.8.8/8.8.8) id LAA07570;
	Tue, 15 Sep 1998 11:45:47 +0200 (CEST)
	(envelope-from sec)
Message-Id: <199809150945.LAA07570@ice.42.org>
Date: Tue, 15 Sep 1998 11:45:47 +0200 (CEST)
From: sec@42.org
Reply-To: sec@ice.42.org
To: FreeBSD-gnats-submit@FreeBSD.ORG
Cc: torstenb@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: ports/7931: Ssh allows root login with no password
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         7931
>Category:       ports
>Synopsis:       Ssh allows root login with no password
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 15 02:50:00 PDT 1998
>Last-Modified:
>Originator:     Stefan Zehl
>Organization:
>Release:        FreeBSD 2.2.7-STABLE i386
>Environment:

FreeBSD ice 2.2.7-STABLE FreeBSD 2.2.7-STABLE #0: Sun Sep 13 20:48:44 CEST 1998     sec@ice:/usr/src/sys/compile/ICE  i386

ssh port version:

# New ports collection makefile for:	ssh
# Version required:     1.2.25
# Date created:		30 Jul 1995
# Whom:			torstenb@FreeBSD.ORG

>Description:

If you don't have a root password set (and yes, I've seen quite some
machines with that setup, since FreeBSD allows no remote root logins)
ssh lets you in without any password.

>How-To-Repeat:

ssh host -l root

>Fix:

I thing either 

PermitEmptyPasswords no

or 

PermitRootLogin no

should be set in the default sshd-config
	
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message