From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/2012-August/018101.html | 149 +++++++++++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 zarb-ml/mageia-dev/2012-August/018101.html (limited to 'zarb-ml/mageia-dev/2012-August/018101.html') diff --git a/zarb-ml/mageia-dev/2012-August/018101.html b/zarb-ml/mageia-dev/2012-August/018101.html new file mode 100644 index 000000000..adc8e2958 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-August/018101.html @@ -0,0 +1,149 @@ + + + + [Mageia-dev] SSH PAM configuration + + + + + + + + + +

[Mageia-dev] SSH PAM configuration

+ Anne Wilson + annew at kde.org +
+ Mon Aug 13 12:01:23 CEST 2012 +

+
+ +
-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+On 13/08/12 09:58, Pascal Terjan wrote:
+> On Mon, Aug 13, 2012 at 9:39 AM, Anne Wilson <annew at kde.org>
+> wrote:
+>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
+>> 
+>> On 13/08/12 08:34, Guillaume Rousse wrote:
+>>> Le 12/08/2012 21:57, David Walser a écrit :
+>>>> Johnny A. Solbu wrote:
+>>>>> On Sunday 12 August 2012 19:28, David Walser wrote:
+>>>>>> Through the PAM configuration for SSH shipped with the 
+>>>>>> openssh-server package, root login is broken.  Here's
+>>>>>> why. /etc/pam.d/sshd has: auth required pam_listfile.so
+>>>>>> item=user sense=deny file=/etc/ssh/denyusers
+>>>>>> 
+>>>>>> The file /etc/ssh/denyusers has "root" in it by default.
+>>>>> 
+>>>>> I read somewhere some time ago that PermitRootLogin in 
+>>>>> sshd_config is ignored if PAM is used. That may be the
+>>>>> reason for this.
+>>>> 
+>>>> Nope, I just tested it and that is not true.
+>>> There is an explicit comment in the configuration file: #
+>>> Depending on your PAM configuration, # PAM authentication via 
+>>> ChallengeResponseAuthentication may bypass # the setting of 
+>>> "PermitRootLogin without-password".
+>>> 
+>>> My understanding is just than some specific PAM configuration 
+>>> would eventually allow root user to authenticate through a 
+>>> password, instead of a key.
+>>> 
+>>> Regarding your original problem, feel free to commit the
+>>> relevant modifications.
+>> 
+>> Why would anyone need root login over ssh?  I don't allow it on
+>> my server and it has never caused me any problems.  Su to root
+>> works perfectly well and avoids the security risk, so I don't
+>> understand this thread.
+> 
+> Allowing login as root over ssh with a key can save things when
+> for some reason non local auth is down, like to fix the connection
+> to the ldap server (you can also create a local emergency account
+> for that usage).
+
+OK, thanks for the answer.  Looks like some more reading on this
+subject is required :-)  Although I do use login over ssh with keys
+(as user) I don't use ldap, so I've never come across this.
+
+Anne
+
+- -- 
+Need KDE help? Try
+http://userbase.kde.org or
+http://forum.kde.org
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
+
+iEYEARECAAYFAlAo0GsACgkQj93fyh4cnBfqXACePg37FlvBQ8xkei9+GNXivQdo
+IA4AoIppYO9aPb2YGG8aXA16fy86RxNg
+=Om7Z
+-----END PGP SIGNATURE-----
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1