From owner-freebsd-security@FreeBSD.ORG Tue Nov 15 20:53:07 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA3E5106564A for ; Tue, 15 Nov 2011 20:53:07 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 9DB398FC16 for ; Tue, 15 Nov 2011 20:53:06 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id 94DB15790; Tue, 15 Nov 2011 20:53:05 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 5D9698E88; Tue, 15 Nov 2011 21:53:05 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Guy Helmer References: <98001F9B-0B96-4D17-9EAE-08B12A1C1C75@palisadesystems.com> Date: Tue, 15 Nov 2011 21:53:05 +0100 In-Reply-To: <98001F9B-0B96-4D17-9EAE-08B12A1C1C75@palisadesystems.com> (Guy Helmer's message of "Tue, 15 Nov 2011 10:39:31 -0600") Message-ID: <861ut9rtu6.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: Possible pam_ssh bug? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Nov 2011 20:53:07 -0000 Guy Helmer writes: > I have a shell user who is able to login to his accounts via sshd on > FreeBSD 8.2 using any password. The user had a .ssh/id_rsa and > .ssh/id_rsa.pub key pair without a password but nullok was not > specified, so I think this should be considered a bug. Agreed. Not quite sure how to fix it, but I'll look into it and try to get a patch in before 9.0. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no