bugzilla-daemon at mindrot.org
2004-Apr-20 00:08 UTC
[Bug 843] sshd_config.5: add warning to PasswordAuthentication
http://bugzilla.mindrot.org/show_bug.cgi?id=843
Summary: sshd_config.5: add warning to PasswordAuthentication
Product: Portable OpenSSH
Version: 3.8p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: sascha-openssh-bugs at silbe.org
>From the sample sshd_config:
=== Begin ==# Set this to 'yes' to enable PAM authentication (via
challenge-response)
# and session processing. Depending on your PAM configuration, this may
# bypass the setting of 'PasswordAuthentication' and
'PermitEmptyPasswords'
#UsePAM no
=== End ==
Please add an appropriate warning regarding the use of UsePAM to the
PasswordAuthentication section of sshd_config.5.
Thanks!
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-May-03 09:21 UTC
[Bug 843] sshd_config.5: add warning to PasswordAuthentication
http://bugzilla.mindrot.org/show_bug.cgi?id=843 ------- Additional Comments From dtucker at zip.com.au 2004-05-03 19:21 ------- Created an attachment (id=624) --> (http://bugzilla.mindrot.org/attachment.cgi?id=624&action=view) Add detail to UsePAM section of sshd_config How's this? For those that don't speak nroff (I don't I just mimic the bits that look like what I want :-), the text is: UsePAM Enables the Pluggable Authentication Module interface. To authenticate via PAM you must use ChallengeResponseAuthentication (keyboard-interactive for SSHv2, TIS for SSHv1) so you should also set PasswordAuthentication to ``no''. If UsePAM and PasswordAuthentication are both enabled, then users may authenticate via the native password mechanism, bypassing the PAM auth module. In such a case, the PAM account and session modules will still be checked. If UsePAM is enabled you will not be able to run sshd as a non- root user. The default is ``no''. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-May-04 03:30 UTC
[Bug 843] sshd_config.5: add warning to PasswordAuthentication
http://bugzilla.mindrot.org/show_bug.cgi?id=843
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #624 is|0 |1
obsolete| |
------- Additional Comments From dtucker at zip.com.au 2004-05-04 13:30 -------
Created an attachment (id=625)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=625&action=view)
Update UsePAM entry in sshd_config
Update nroff formatting based on feedback from jmc@
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-May-12 01:54 UTC
[Bug 843] sshd_config.5: add warning to PasswordAuthentication
http://bugzilla.mindrot.org/show_bug.cgi?id=843 ------- Additional Comments From djm at mindrot.org 2004-05-12 11:54 -------> Enables the Pluggable Authentication Module interface. To > authenticate via PAM you must use ChallengeResponseAuthentication > (keyboard-interactive for SSHv2, TIS for SSHv1) so you should > also set PasswordAuthentication to ``no''.Perhaps something like this: Enables the Pluggable Authentication Module interface. If set to ``yes'', this will enable PAM authentication using ChallengeResponseAuthentication and PAM account and session module processing for all authentication types. Because PAM challenge-response authentication usually serves an equivalent role to password authentication, you should disable either PasswordAuthentication or ChallengeResponseAuthentication. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-May-12 02:04 UTC
[Bug 843] sshd_config.5: add warning to PasswordAuthentication
http://bugzilla.mindrot.org/show_bug.cgi?id=843
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #625 is|0 |1
obsolete| |
------- Additional Comments From dtucker at zip.com.au 2004-05-12 12:04 -------
Created an attachment (id=632)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=632&action=view)
Incorporate djm's changes.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-May-13 06:53 UTC
[Bug 843] sshd_config.5: add warning to PasswordAuthentication
http://bugzilla.mindrot.org/show_bug.cgi?id=843
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |822
nThis| |
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From dtucker at zip.com.au 2004-05-13 16:53 -------
Patch #632 has been committed. Thanks for the report.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.