sshd: it is permit to login with a Empty Password
Dario Lesca
d.lesca at solinos.it
Wed Nov 24 22:03:14 UTC 2004
On a standard installation of FC1 and FC2 (and FC3?) is permit to login
with a user with a empty password ... is this correct?
[root at igloo root]# man sshd_config
> PermitEmptyPasswords
> When password authentication is allowed, it specifies whether the
> server allows login to accounts with empty password strings. The
> default is “no”.
[root at igloo root]# grep PermitEmptyPasswords /etc/ssh/sshd_config
#PermitEmptyPasswords no
[root at igloo root]# useradd nopasswd
[root at igloo root]# passwd -d nopasswd
Removing password for user nopasswd.
passwd: Success
[root at igloo root]# ssh nopasswd at localhost
nopasswd at localhost's password: <type ENTER>
Permission denied, please try again.
nopasswd at localhost's password: <type "x" then ENTER>
[nopasswd at igloo nopasswd]$ id
uid=505(nopasswd) gid=507(nopasswd) gruppi=507(nopasswd)
[nopasswd at igloo nopasswd]$
How to disable this "feature"?
Many thanks
--
Dario Lesca <d.lesca at solinos.it>
More information about the fedora-list
mailing list