Date: Wed, 26 Jun 2002 20:26:35 -0500 From: David Syphers <dsyphers@uchicago.edu> To: Richard Tobin <richard@cogsci.ed.ac.uk>, questions@FreeBSD.ORG Subject: Re: ssh question Message-ID: <200206262026.35513.dsyphers@uchicago.edu> In-Reply-To: <200206262351.AAA17507@rhymer.cogsci.ed.ac.uk> References: <200206262351.AAA17507@rhymer.cogsci.ed.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 26 June 2002 06:51 pm, Richard Tobin wrote: > While checking my ssh configuration, I was shocked to discover that I > could log in to accounts with no password set by giving any non-empty > password. What have I got misconfigured for this to happen? Is this not normal? I don't really know, but the accounts are passwordless... well, why do you expect them to need a password to log in? > I am running 4.6 have the standard 4.6 /etc/ssh/sshd_config. > > PermitEmptyPasswords is no. Setting it to yes allows passwordless > users to log in without being prompted for a password at all; with it > set to no I am prompted for a password and any non-empty string seems > to work. This also seems logical - PermitEmptyPasswords functions as the name implies. Why is this surprising? Did it used to be different on an earlier version of FreeBSD? -David -- Everyone who believes in telekinesis, raise my hand... Astronomy and Astrophysics Center The University of Chicago To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206262026.35513.dsyphers>