blob: c905fdc454c73480d1434ab2d37146ab1cd343be (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] SSH PAM configuration
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20SSH%20PAM%20configuration&In-Reply-To=%3C5028BD2B.9090905%40kde.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="018095.html">
<LINK REL="Next" HREF="018097.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] SSH PAM configuration</H1>
<B>Anne Wilson</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20SSH%20PAM%20configuration&In-Reply-To=%3C5028BD2B.9090905%40kde.org%3E"
TITLE="[Mageia-dev] SSH PAM configuration">annew at kde.org
</A><BR>
<I>Mon Aug 13 10:39:07 CEST 2012</I>
<P><UL>
<LI>Previous message: <A HREF="018095.html">[Mageia-dev] SSH PAM configuration
</A></li>
<LI>Next message: <A HREF="018097.html">[Mageia-dev] SSH PAM configuration
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#18096">[ date ]</a>
<a href="thread.html#18096">[ thread ]</a>
<a href="subject.html#18096">[ subject ]</a>
<a href="author.html#18096">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 13/08/12 08:34, Guillaume Rousse wrote:
><i> Le 12/08/2012 21:57, David Walser a écrit :
</I>>><i> Johnny A. Solbu wrote:
</I>>>><i> On Sunday 12 August 2012 19:28, David Walser wrote:
</I>>>>><i> Through the PAM configuration for SSH shipped with the
</I>>>>><i> openssh-server package, root login is broken. Here's why.
</I>>>>><i> /etc/pam.d/sshd has: auth required pam_listfile.so item=user
</I>>>>><i> sense=deny file=/etc/ssh/denyusers
</I>>>>><i>
</I>>>>><i> The file /etc/ssh/denyusers has "root" in it by default.
</I>>>><i>
</I>>>><i> I read somewhere some time ago that PermitRootLogin in
</I>>>><i> sshd_config is ignored if PAM is used. That may be the reason
</I>>>><i> for this.
</I>>><i>
</I>>><i> Nope, I just tested it and that is not true.
</I>><i> There is an explicit comment in the configuration file: # Depending
</I>><i> on your PAM configuration, # PAM authentication via
</I>><i> ChallengeResponseAuthentication may bypass # the setting of
</I>><i> "PermitRootLogin without-password".
</I>><i>
</I>><i> My understanding is just than some specific PAM configuration
</I>><i> would eventually allow root user to authenticate through a
</I>><i> password, instead of a key.
</I>><i>
</I>><i> Regarding your original problem, feel free to commit the relevant
</I>><i> modifications.
</I>
Why would anyone need root login over ssh? I don't allow it on my
server and it has never caused me any problems. Su to root works
perfectly well and avoids the security risk, so I don't understand
this thread.
Anne
- --
Need KDE help? Try
<A HREF="http://userbase.kde.org">http://userbase.kde.org</A> or
<A HREF="http://forum.kde.org">http://forum.kde.org</A>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - <A HREF="http://enigmail.mozdev.org/">http://enigmail.mozdev.org/</A>
iEYEARECAAYFAlAovSkACgkQj93fyh4cnBc8AQCbBY28p9fxW2LtWV9G89b1VlnT
spYAn3hJGydYD5jdpNtSYTnjDznI4hED
=c6wq
-----END PGP SIGNATURE-----
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="018095.html">[Mageia-dev] SSH PAM configuration
</A></li>
<LI>Next message: <A HREF="018097.html">[Mageia-dev] SSH PAM configuration
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#18096">[ date ]</a>
<a href="thread.html#18096">[ thread ]</a>
<a href="subject.html#18096">[ subject ]</a>
<a href="author.html#18096">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
