From owner-freebsd-questions  Wed Jun 26 18:29:21 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from midway.uchicago.edu (midway.uchicago.edu [128.135.12.12])
	by hub.freebsd.org (Postfix) with ESMTP id E506637DD5C
	for <questions@FreeBSD.ORG>; Wed, 26 Jun 2002 18:26:33 -0700 (PDT)
Received: from Yggdrasil (adsl-68-20-38-180.dsl.chcgil.ameritech.net [68.20.38.180])
	by midway.uchicago.edu (8.12.2/8.12.2) with ESMTP id g5R1QUVU020148;
	Wed, 26 Jun 2002 20:26:30 -0500 (CDT)
Content-Type: text/plain;
  charset="iso-8859-1"
From: David Syphers <dsyphers@uchicago.edu>
Reply-To: dsyphers@uchicago.edu
To: Richard Tobin <richard@cogsci.ed.ac.uk>, questions@FreeBSD.ORG
Subject: Re: ssh question
Date: Wed, 26 Jun 2002 20:26:35 -0500
User-Agent: KMail/1.4.1
References: <200206262351.AAA17507@rhymer.cogsci.ed.ac.uk>
In-Reply-To: <200206262351.AAA17507@rhymer.cogsci.ed.ac.uk>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200206262026.35513.dsyphers@uchicago.edu>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wednesday 26 June 2002 06:51 pm, Richard Tobin wrote:
> While checking my ssh configuration, I was shocked to discover that I
> could log in to accounts with no password set by giving any non-empty
> password.  What have I got misconfigured for this to happen?

Is this not normal?  I don't really know, but the accounts are passwordless... 
well, why do you expect them to need a password to log in?

> I am running 4.6 have the standard 4.6 /etc/ssh/sshd_config.
> 
> PermitEmptyPasswords is no.  Setting it to yes allows passwordless
> users to log in without being prompted for a password at all; with it
> set to no I am prompted for a password and any non-empty string seems
> to work.

This also seems logical - PermitEmptyPasswords functions as the name implies.

Why is this surprising?  Did it used to be different on an earlier version of 
FreeBSD?

-David

-- 
Everyone who believes in telekinesis, raise my hand...

Astronomy and Astrophysics Center
The University of Chicago

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message