Displaying 20 results from an estimated 275 matches for "permitrootlogin".
2008 Feb 07
1
"PermitRootLogin no" fails
...running version 4.7p1 of OpenSSH on a Linux system (it was
originally a RedHat system, but I've changed almost everything.) When
I originally built OpenSSH I used the config option --without-pam, and
installed the software in /usr/local. I explicitly forbade root login
with sshd (by setting the PermitRootLogin to "no" in the sshd_config
file), but found that I could login as root. Examination of the code
revealed that PermitRootLogin is only dealt with in auth-pam.c, which
is surrounded by #ifdef USE_PAM/#endif. I rebuilt OpenSSH with the
--with-pam option enabled, installed, set PermitRootLogi...
2003 Nov 18
4
3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwor ds
....use_pam) {
Buffer m;
buffer_init(&m);
-----Original Message-----
From: Damien Miller [mailto:djm at mindrot.org]
Sent: Dienstag, 18. November 2003 00:50
To: Edgar, Bob
Cc: openssh-unix-dev at mindrot.org
Subject: Re: 3.7.1P2, PermitRootLogin and PAM with hidden NISplus
passwords
Edgar, Bob wrote:
> What all of the above means in terms of OpenSSH is that
> PasswordAuthentication will not function and that UsePAM is required.
> While this functions properly for normal users it has one very negative
> security implication w...
2003 Nov 17
1
3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwords
...when issuing requests to any secure
RPC services.
What all of the above means in terms of OpenSSH is that
PasswordAuthentication will not function and that UsePAM is required.
While this functions properly for normal users it has one very negative
security implication with respect to root logins: PermitRootLogin is
not respected when UsePAM is in effect. I submit that ignoring the
PermitRootLogin directive is counter intuitive and that doing so opens
a serious security hole for the unwary. As this behavior is documented
it can be considered a feature but I would like to propose that this
decision be revis...
2006 Aug 09
4
[Bug 1216] Warn via Logwatch when sshd PermitRootLogin is in effect
http://bugzilla.mindrot.org/show_bug.cgi?id=1216
Summary: Warn via Logwatch when sshd PermitRootLogin is in effect
Product: Portable OpenSSH
Version: 4.3p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: rus...
2016 Feb 17
3
centos7 :: ks.cfg :: customisation of sshd
...rovisioning)
first make sure ssh is started
services --enabled=sshd,chronyd
then .. i imagine that in the %post section
%post --interpreter=/usr/bin/bash --log=/root/ks-post.log
1. i could use sed to change the port
sed -i 's/#Port\ 22/Port 60000/' /etc/ssh/sshd_config
2. sed -i 's/#PermitRootLogin\ yes/PermitRootLogin\ yes/' /etc/ssh/sshd_config
3. enable key access
mkdir -p /root/.ssh
chmod 700 /root/.ssh
cat << EOF >> /root/.ssh/authorized_keys
my_ssh_pubkey
EOF
4. semanage port -a -t ssh_port_t -p tcp 60000
5. firewall-cmd --permanent --zone=public --add-port=60000/tcp
6....
2015 Feb 21
2
PermitRootLogin default (was: "PermitRootLogin no" should not proceed with root login)
On Sat, 2015-02-21 at 23:36 +0000, Philip Hands wrote:
> I'm glad to say that the default for the Debian package
Unfortunately, Debian overdid it quite a lot and also set a number of
not so smart (respectively security-critical) defaults:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765632
So it's like 1:1 ;-)
Cheers,
Chris.
-------------- next part --------------
A non-text
2006 Feb 13
2
PermitRootLogin proplem
Hi all,
I think that there is a security problem with the PermitRootLogin
option.
I asked an root ssh connection:
$ ssh root at machine
root at machine's password:
I typed no password, this prompt stayed in place.
In a second time, I changed the PermitRootLogin to no, and then restart
ssh server.
Third, I typed the password on the previous prompt, and the acce...
2004 Mar 22
1
PermitRootLogin issues
...laid out in this thread from last year:
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106908815129641&w=2
The discussion that ensued resulted in a number of ideas on how best to
'fix' this issue. The two that seemed most reasonable were:
1. implement a pubkey-only option to PermitRootLogin that would only
allow root to login using pubkey authentication.
2. implement a more flexible arrangement where a list of allowed
authentication methods could passed to PermitRootLogin.
I looked through the code and it seems that both are straightforward to
code, but obviously 1 is much less wo...
2015 Feb 21
2
"PermitRootLogin no" should not proceed with root login
Steps to reproduce:
1) PermitRootLogin no in sshd_config
2) login with "root" user from other host
Present behaviour:
1) it asks for password 3 times and only then close the connection.
2) cpu consumption during bruteforce "attacks".
Expected behaviour:
Immediate disconnect/login fail
Workaround is to change ssh p...
2009 Apr 08
0
sshd: ssh_config default setting - PermitRootLogin yes
[Please keep CC, I'm not in this list]
The default settings for PermitRootLogin appears to be 'yes'.
Increased number of attacks target the ssh port 22 and root logins
directly[1] throught the Internet.
Would it be possible to tighten the initial installation by defaulting
PermitRootLogin to 'no' (or even in *.c) in forthcoming releases and
have administrator...
2003 Feb 06
2
[Bug 486] New: "PermitRootLogin no" can implicitly reveal root password
http://bugzilla.mindrot.org/show_bug.cgi?id=486
Summary: "PermitRootLogin no" can implicitly reveal root password
Product: Portable OpenSSH
Version: 3.5p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: security
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at...
2005 Apr 07
1
PermitRootLogin and Tru64 SIA
I have "PermitRootLogin no" in my sshd_config, but under Tru64 and SIA,
the root login attempts still get passed to the SIA system (so I get
lots of warnings about failed root logins). On systems with a "max
failed attempts" setting, the root account can be locked out this way.
I started looking at the cod...
2015 Feb 20
6
[Bug 2354] New: please document that PermitRootLogin really checks for uid=0
https://bugzilla.mindrot.org/show_bug.cgi?id=2354
Bug ID: 2354
Summary: please document that PermitRootLogin really checks for
uid=0
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
Assignee: unassigned-...
2013 Oct 23
7
[Bug 2164] New: PermitRootLogin=without-password as default
https://bugzilla.mindrot.org/show_bug.cgi?id=2164
Bug ID: 2164
Summary: PermitRootLogin=without-password as default
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org...
2015 Jul 29
2
Fedora change that will probably affect RHEL
On 07/28/2015 04:29 PM, Warren Young wrote:
> They turned off "PermitRootLogin yes" and "Protocol 1" in EL6 or EL7, the previous low-hanging fruit. Do you think those were bad decisions, too?
As far as I know, PermitRootLogin has not been set to "no" by default.
At least, I've never seen that on a system I've installed. Am I missing
some...
2013 Jan 14
3
[Bug 2061] New: Request for PermitRootLogin to be enforced prior to credential check
https://bugzilla.mindrot.org/show_bug.cgi?id=2061
Bug ID: 2061
Summary: Request for PermitRootLogin to be enforced prior to
credential check
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.1p1
Hardware: Other
OS: OpenBSD
Status: NEW
Severity: enhancement
Priority: P5...
2015 Sep 02
3
[Bug 2456] New: gssapi-keyex blocked by PermitRootLogin=without-password
https://bugzilla.mindrot.org/show_bug.cgi?id=2456
Bug ID: 2456
Summary: gssapi-keyex blocked by
PermitRootLogin=without-password
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter...
2015 Aug 19
3
[Bug 2445] New: Fix gssapi-with-mic support when is set to PermitRootLogin without-password
https://bugzilla.mindrot.org/show_bug.cgi?id=2445
Bug ID: 2445
Summary: Fix gssapi-with-mic support when is set to
PermitRootLogin without-password
Product: Portable OpenSSH
Version: 7.0p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: si...
2003 Jan 29
2
PermitRootLogin=yes no longer lets root login
Hi All,
While testing another patch, I found that I could not longer log in as
root, even if PermitRootLogin was yes. It seems to be the following
code in auth_password:
$ cvs diff -r1.48 -r1.49 auth-passwd.c
[snip]
#ifndef HAVE_CYGWIN
- if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+ if (pw->pw_uid == 0 && options.permit_root_login !=
PERMIT_NO_PASSW...
2003 May 06
0
[Bug 486] "PermitRootLogin no" can implicitly reveal root password
...----------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
------- Additional Comments From cjwatson at debian.org 2003-05-06 10:08 -------
This has reoccurred as of 3.6.1p2. With 3.6.1p1, there was no delay for a root
login when PermitRootLogin was off regardless of whether the supplied password
was correct or not. With 3.6.1p2 and "PermitRootLogin no", an incorrect password
for root incurs a delay while a correct password does not.
(Apologies if this should have been a new bug.)
------- You are receiving this mail because:...