I want to set up a machine which has an account with no password that can
only be used locally, i.e. you cannot login over the network.
The machine is in a room which is normally locked. It needs access to the
network for videoconferencing, and this seemed a reasonable way to do
things rather than putting passwords on post-it notes or Web pages.
This is on a PC running RedHat Linux (7.0)
I thought I had this working by specifying an entry in
/etc/usertty - I could login from the console, but using ssh got a
password challenge.
When I tried to set it up on another machine I found that any non-null
string would work as a password logging in with ssh, and in fact that
I could login from other virtual consoles than the one I had listed.
I see that I can specify DenyUsers in sshd_config, which gives the effect
I want (since telnet, rlogin etc. are disabled). But I wondered what was
going on.
Hmm, if PermitEmptyPasswords is set to yes, then I can login using ssh
with no password. With it set to no, sshd wants a password but it is
ignored.
/etc/usertty is mentioned in the manpage and info page for "login",
but I can not see it in the binary nor see that it is even being accessed
so I wonder what gives (I know this isn't really an openssh question)
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security at triumf.ca
