Re: openSSH, SecureCRT, RSA

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Quoted text here. Click to load it

That would be bad.  Does your account have no password, and is
PermitEmptyPasswords set to yes in sshd_config?

I suspect this is the case and those clients are being permitted via the
"none" authentication.
Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: openSSH, SecureCRT, RSA

Quoted text here. Click to load it

These statements appear contradictory to me; what are you trying to say?


  Richard Silverman

Re: openSSH, SecureCRT, RSA

Sorry.  I seem to have left out some important indications of time.

Before I connect using SecureCRT and RSA, everything works as normal (3rd
party can't get in).  After authenticating with SecureCRT and RSA, anybody
can sign in, even without the appropriate key.

The behavior is key specific.  If I generate two keys and include them both
in my authorized_keys file, and log in with SecureCRT, I can fix the problem
by deleting the key I signed in with.

And yes, the account has a password, and no, PermitEmptyPasswords is set to


Site Timeline