diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-August/018097.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-August/018097.html | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-August/018097.html b/zarb-ml/mageia-dev/2012-August/018097.html new file mode 100644 index 000000000..e95c22ff9 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-August/018097.html @@ -0,0 +1,127 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] SSH PAM configuration + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20SSH%20PAM%20configuration&In-Reply-To=%3CCA%2BCX%2BbjJatn1OUrrncZ%3DXSVPRTJqhNPDxt9qOHzK99UfqtqUbg%40mail.gmail.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="018096.html"> + <LINK REL="Next" HREF="018099.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] SSH PAM configuration</H1> + <B>Pascal Terjan</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20SSH%20PAM%20configuration&In-Reply-To=%3CCA%2BCX%2BbjJatn1OUrrncZ%3DXSVPRTJqhNPDxt9qOHzK99UfqtqUbg%40mail.gmail.com%3E" + TITLE="[Mageia-dev] SSH PAM configuration">pterjan at gmail.com + </A><BR> + <I>Mon Aug 13 10:58:06 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="018096.html">[Mageia-dev] SSH PAM configuration +</A></li> + <LI>Next message: <A HREF="018099.html">[Mageia-dev] SSH PAM configuration +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#18097">[ date ]</a> + <a href="thread.html#18097">[ thread ]</a> + <a href="subject.html#18097">[ subject ]</a> + <a href="author.html#18097">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Mon, Aug 13, 2012 at 9:39 AM, Anne Wilson <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">annew at kde.org</A>> wrote: +><i> -----BEGIN PGP SIGNED MESSAGE----- +</I>><i> Hash: SHA1 +</I>><i> +</I>><i> On 13/08/12 08:34, Guillaume Rousse wrote: +</I>>><i> Le 12/08/2012 21:57, David Walser a écrit : +</I>>>><i> Johnny A. Solbu wrote: +</I>>>>><i> On Sunday 12 August 2012 19:28, David Walser wrote: +</I>>>>>><i> Through the PAM configuration for SSH shipped with the +</I>>>>>><i> openssh-server package, root login is broken. Here's why. +</I>>>>>><i> /etc/pam.d/sshd has: auth required pam_listfile.so item=user +</I>>>>>><i> sense=deny file=/etc/ssh/denyusers +</I>>>>>><i> +</I>>>>>><i> The file /etc/ssh/denyusers has "root" in it by default. +</I>>>>><i> +</I>>>>><i> I read somewhere some time ago that PermitRootLogin in +</I>>>>><i> sshd_config is ignored if PAM is used. That may be the reason +</I>>>>><i> for this. +</I>>>><i> +</I>>>><i> Nope, I just tested it and that is not true. +</I>>><i> There is an explicit comment in the configuration file: # Depending +</I>>><i> on your PAM configuration, # PAM authentication via +</I>>><i> ChallengeResponseAuthentication may bypass # the setting of +</I>>><i> "PermitRootLogin without-password". +</I>>><i> +</I>>><i> My understanding is just than some specific PAM configuration +</I>>><i> would eventually allow root user to authenticate through a +</I>>><i> password, instead of a key. +</I>>><i> +</I>>><i> Regarding your original problem, feel free to commit the relevant +</I>>><i> modifications. +</I>><i> +</I>><i> Why would anyone need root login over ssh? I don't allow it on my +</I>><i> server and it has never caused me any problems. Su to root works +</I>><i> perfectly well and avoids the security risk, so I don't understand +</I>><i> this thread. +</I> +Allowing login as root over ssh with a key can save things when for +some reason non local auth is down, like to fix the connection to the +ldap server (you can also create a local emergency account for that +usage). +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="018096.html">[Mageia-dev] SSH PAM configuration +</A></li> + <LI>Next message: <A HREF="018099.html">[Mageia-dev] SSH PAM configuration +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#18097">[ date ]</a> + <a href="thread.html#18097">[ thread ]</a> + <a href="subject.html#18097">[ subject ]</a> + <a href="author.html#18097">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |