From owner-freebsd-security Thu Mar 14 8:43:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 9E86937B416; Thu, 14 Mar 2002 08:43:01 -0800 (PST) Received: from caddis.yogotech.com (caddis.yogotech.com [206.127.123.130]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id JAA26423; Thu, 14 Mar 2002 09:42:54 -0700 (MST) (envelope-from nate@yogotech.com) Received: (from nate@localhost) by caddis.yogotech.com (8.11.6/8.11.6) id g2EGgr139282; Thu, 14 Mar 2002 09:42:53 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15504.54029.424057.761653@caddis.yogotech.com> Date: Thu, 14 Mar 2002 09:42:53 -0700 To: "Crist J. Clark" Cc: Dag-Erling Smorgrav , security@FreeBSD.ORG Subject: Re: sshd UseLogin option In-Reply-To: <20020313230536.B29705@blossom.cjclark.org> References: <20020313230536.B29705@blossom.cjclark.org> X-Mailer: VM 6.96 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Could someone please explain to me why we don't use sshd's UseLogin > > option by default? I know that there was a security hole related to > > that option recently, but that's not a real reason - security holes > > can show up anywhere - so is there anything that makes UseLogin a > > particularly bad idea? > > Who uses system passwords with ssh(1)? We do for our remote access boxes that have numerous users accessing them. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message