From owner-freebsd-questions  Wed Jun 26 18:58:47 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from rhymer.cogsci.ed.ac.uk (rhymer.cogsci.ed.ac.uk [129.215.144.8])
	by hub.freebsd.org (Postfix) with ESMTP id BCABE37BBB8
	for <questions@FreeBSD.ORG>; Wed, 26 Jun 2002 18:45:24 -0700 (PDT)
Received: (from richard@localhost)
	by rhymer.cogsci.ed.ac.uk (8.9.3/8.9.3) id CAA19739;
	Thu, 27 Jun 2002 02:45:23 +0100 (BST)
Date: Thu, 27 Jun 2002 02:45:23 +0100 (BST)
Message-Id: <200206270145.CAA19739@rhymer.cogsci.ed.ac.uk>
From: Richard Tobin <richard@cogsci.ed.ac.uk>
Subject: Re: ssh question
To: Richard Tobin <richard@cogsci.ed.ac.uk>, questions@FreeBSD.ORG
In-Reply-To: Richard Tobin's message of Thu, 27 Jun 2002 00:51:38 +0100 (BST)
Organization: just say no
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I wrote:

> While checking my ssh configuration, I was shocked to discover that I
> could log in to accounts with no password set by giving any non-empty
> password.  What have I got misconfigured for this to happen?

It appears to be PAM that is doing this, rather than ssh itself.  The
code in auth-passwd.c wouldn't allow it.

PermitEmptyPasswords makes ssh reject empty passwords typed by the
user, but non-empty ones get passed to PAM which accepts any password
for a passwordless account.

-- Richard

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message