Date: Tue, 30 May 2023 21:11:03 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@FreeBSD.org> To: David Chisnall <theraven@FreeBSD.org> Cc: Mike Karels <mike@karels.net>, bob prohaska <fbsd@www.zefox.net>, freebsd-current@freebsd.org Subject: Re: Surprise null root password Message-ID: <86sfbdk52w.fsf@ltc.des.no> In-Reply-To: <850FF076-A511-4802-8D7C-2029752C3345@FreeBSD.org> (David Chisnall's message of "Sat, 27 May 2023 10:39:12 %2B0100") References: <ZHDt21wFlpJfQKEs@www.zefox.net> <ZHFqzf9A90L9NfJb@www.zefox.net> <E29BDD31-BB38-41F8-B1F9-422CBEC7143D@karels.net> <850FF076-A511-4802-8D7C-2029752C3345@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
David Chisnall <theraven@FreeBSD.org> writes: > There was a very nasty POLA violation a release or two ago. OpenSSH > defaults to disallowing empty passwords and so having a null password > was a convenient way of allowing people to su or locally log into that > user but disallowing ssh. This option does not work in recent > versions of FreeBSD. Turning on the option to permit root login while > keeping the root password blank used to be (mostly) safe because it > permitted su to root from people in the wheel group, root login via > SSH key remotely (for ‘everything is broken I can’t log in as a user > whose home directory is not on the root filesystem’ recovery) and > local login as root from consoles marked as secure. It now permits > root login from the network with a blank password. That is incorrect. PermitRootLogin defaults to “no” in FreeBSD and to “prohibit-password” upstream (and presumably in the port), while PermitEmptyPasswords defaults to “no” both in FreeBSD and upstream, cf. crypto/openssh/servconf.c (search for “permit_root” and “permit_empty”). DES -- Dag-Erling Smørgrav - des@FreeBSD.orghelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86sfbdk52w.fsf>