Date: Thu, 19 Feb 2004 12:04:50 +1100 From: Tig <tigger@onemoremonkey.com> To: freebsd-security@freebsd.org Subject: secuirty bug with /etc/login.access Message-ID: <20040219120450.1854b521@piglet.goo>
next in thread | raw e-mail | index | archive | help
/etc/login.access does not work 100% over ssh.
I have the following line in login.access
-:ray:ALL EXCEPT LOCAL
Which I believe means the user 'ray' can not login from anywhere unless
it is a local login.
So, I tested it over ssh from a remote box
tigger@piglet:~% ssh ray@sonic.cbnmediaX.com.au
Password:
Password:
Password:
ray@sonic.cbnmediaX.com.au's password:
Last login: Sat Feb 14 12:29:45 2004 from dsl-38.226.240.
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights
reserved.
FreeBSD 5.2-RELEASE-p2 (SONIC) #1: Sun Feb 8 01:18:08 EST 2004
(I'm 100% sure I typed the password correct each time)
As you can see, I'm denied access each time until the 'ray@sonic...'
option is presented, then I'm allowed in.
I personally think this is a security hole but I'm happy to admit it
could be a configuration issue at my end. Please let me know if its a
problem at my end.
Thanks for your time.
-Tig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040219120450.1854b521>