Security Question

Tomas Mraz tmraz at redhat.com
Wed Feb 16 14:04:56 UTC 2005


On Wed, 2005-02-16 at 08:37 -0500, Richard June wrote:
> <snip>
> > The problem is that I don't see how anyone could login using ssh to
> > account with !! in /etc/shadow. I have to suppose that there were
> three words, ssh pubkey authentication.
This doesn't apply as the attacker would have to have the ssh private
key of a public key which would have to be installed in the
~apache/.ssh/authorized_keys what I don't suppose.
However I've been mistaken with the /etc/shadow - the real thing is in
the /etc/passwd line - if the second field is empty (no 'x' there) that
means the password is empty and sshd would allow logging in.

-- 
Tomas Mraz <tmraz at redhat.com>




More information about the fedora-devel-list mailing list