Date: Thu, 19 Feb 2004 16:44:26 +0100 From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) To: freebsd-security@freebsd.org Subject: Re: secuirty bug with /etc/login.access Message-ID: <xzpwu6jul9h.fsf@dwp.des.no> In-Reply-To: <20040219123349.GB23725@yagonna.de> (Sven Pfeifer's message of "Thu, 19 Feb 2004 13:33:49 %2B0100") References: <20040219120450.1854b521@piglet.goo> <20040219123349.GB23725@yagonna.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Sven Pfeifer <sven@yagonna.de> writes: > this looks like, you have configured > > PasswordAuthentication yes > and > Protocol 2,1 > > in your servers /etc/ssh/sshd_config. So your client is trying to > authenticate to the _local_ id-File. If this is failing (3 times) then > it tries the PasswordAuthentication at the _remote_ maschine. Uh, no. There is never any attempt by the client to authenticate the user against the client machine's password database. All four prompts are issued by the remote machine. The first three are from PAM, the fourth is OpenSSH's built-in password authentication which apparently does not respect login.access. The solution is to disable password authentication in /etc/ssh/sshd_config; this should be the default now that PAM works. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpwu6jul9h.fsf>