Security Question
Tomas Mraz
tmraz at redhat.com
Wed Feb 16 09:51:31 UTC 2005
On Tue, 2005-02-15 at 14:11 -0800, Scott Becker wrote:
> I've already set a proper password but on a twin testing machine the !!s
> are there, before and after running my setup commands to change the
> shell. Here's the top of message with the login and logout lines:
> Feb 13 06:36:09 backup sshd(pam_unix)[422]: authentication failure;
> logname= uid=0 euid=0 tty=NODEVssh ruser=
> rhost=dsl-82-199-133-138.dutchdsl.nl user=apache
> Feb 13 06:36:17 backup sshd(pam_unix)[425]: session opened for user
> apache by (uid=48)
> Feb 13 06:53:58 backup named[31607]: lame server resolving
> '173.4.248.61.in-addr.arpa' (in '4.248.61.in-addr.arpa'?): 203.240.193.11#53
> Feb 13 06:53:58 backup named[31607]: lame server resolving
> '173.4.248.61.in-addr.arpa' (in '4.248.61.in-addr.arpa'?): 203.251.201.1#53
> Feb 13 07:00:44 backup sshd(pam_unix)[425]: session closed for user apache
The problem is that I don't see how anyone could login using ssh to
account with !! in /etc/shadow. I have to suppose that there were
nothing instead of !! and then the login could succeed - the attacker
would first try no password which wouldn't be allowed if
PermitEmptyPassword is set to 'no' in /etc/ssh/sshd_config and then he
would try any password and he would be allowed in. What versions of pam
and openssh do you have?
--
Tomas Mraz <tmraz at redhat.com>
More information about the fedora-devel-list
mailing list