Date: Fri, 27 Sep 2002 14:35:03 -0700 (PDT) From: Archie Cobbs <archie@dellroad.org> To: freebsd-stable@freebsd.org Subject: sshd_config vs. PAM Message-ID: <200209272135.g8RLZ3We005877@arch20m.dellroad.org>
next in thread | raw e-mail | index | archive | help
Yow! I was surprised to notice that setting these parameters: PasswordAuthentication no PermitRootLogin without-password in /etc/ssh/sshd_config have absolutely NO effect! This is because now /etc/pam.conf seems to control everything (?) This seems to violate POLA in a very dangerous way. Nor is this documented anywhere in the ssh man pages... in fact, they lie and tell you that these options increase security. I recommend that we either detach sshd from PAM, or else stop documenting and pretending that /etc/ssh/sshd_config actually controls this stuff. -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209272135.g8RLZ3We005877>