bugzilla-daemon at mindrot.org
2003-May-06 00:08 UTC
[Bug 486] "PermitRootLogin no" can implicitly reveal root password
http://bugzilla.mindrot.org/show_bug.cgi?id=486
cjwatson at debian.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
------- Additional Comments From cjwatson at debian.org 2003-05-06 10:08
-------
This has reoccurred as of 3.6.1p2. With 3.6.1p1, there was no delay for a root
login when PermitRootLogin was off regardless of whether the supplied password
was correct or not. With 3.6.1p2 and "PermitRootLogin no", an
incorrect password
for root incurs a delay while a correct password does not.
(Apologies if this should have been a new bug.)
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Seemingly Similar Threads
- [Bug 486] New: "PermitRootLogin no" can implicitly reveal root password
- [Bug 486] "PermitRootLogin no" can implicitly reveal root password
- [Bug 3788] New: "sshd -T" describes "PermitRootLogin prohibit-password" as "without-password"
- [Bug 995] PermitRootLogin by IP address block specification
- "PermitRootLogin no" should not proceed with root login
Wisdom of the Ancients
