Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
November 25, 2004, 9:35 am
rate this thread
I'm using openSSH 3.8.p1 on SuSE Linux Enterprise Sever 9 (SLES 9).
I've set the following in the sshd_config:
=> I shouldn't be able to login as root with a password, but it works:
Accepted keyboard-interactive/pam for root from ::ffff:xxx.xxx.xxx.xxx
port 4108 ssh2
If I set 'UsePAM no' everything works as expected.
In future I' ve to use PAM to get LDAP authentication => what I' ve to
do get it working.
Exists a special PAM-modul?
Re: PermitRootLogin without-password and UsePAM yes doesn't work
From a protocol standpoint, that's not "password" authentication, it's
keyboard-interactive via PAM. Now it happens that PAM uses a password,
but sshd has know way of knowing that, it could have been a S/Key, a
token or something.
The man page isn't all that clear about that in 3.8x, but it's a little
clearer in 3.9p1. At some point it would be good to extend
PermitRootLogin to allow a comma-separated list of auth methods or
Upgrade to 3.9p1 and disable ChallengeResponseAuthentication.
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum