search for: permitrootlogin

Displaying 20 results from an estimated 275 matches for "permitrootlogin".

2008 Feb 07
1
"PermitRootLogin no" fails
...running version 4.7p1 of OpenSSH on a Linux system (it was originally a RedHat system, but I've changed almost everything.) When I originally built OpenSSH I used the config option --without-pam, and installed the software in /usr/local. I explicitly forbade root login with sshd (by setting the PermitRootLogin to "no" in the sshd_config file), but found that I could login as root. Examination of the code revealed that PermitRootLogin is only dealt with in auth-pam.c, which is surrounded by #ifdef USE_PAM/#endif. I rebuilt OpenSSH with the --with-pam option enabled, installed, set PermitRootLogi...
2003 Nov 18
4
3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwor ds
....use_pam) { Buffer m; buffer_init(&m); -----Original Message----- From: Damien Miller [mailto:djm at mindrot.org] Sent: Dienstag, 18. November 2003 00:50 To: Edgar, Bob Cc: openssh-unix-dev at mindrot.org Subject: Re: 3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwords Edgar, Bob wrote: > What all of the above means in terms of OpenSSH is that > PasswordAuthentication will not function and that UsePAM is required. > While this functions properly for normal users it has one very negative > security implication w...
2003 Nov 17
1
3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwords
...when issuing requests to any secure RPC services. What all of the above means in terms of OpenSSH is that PasswordAuthentication will not function and that UsePAM is required. While this functions properly for normal users it has one very negative security implication with respect to root logins: PermitRootLogin is not respected when UsePAM is in effect. I submit that ignoring the PermitRootLogin directive is counter intuitive and that doing so opens a serious security hole for the unwary. As this behavior is documented it can be considered a feature but I would like to propose that this decision be revis...
2006 Aug 09
4
[Bug 1216] Warn via Logwatch when sshd PermitRootLogin is in effect
http://bugzilla.mindrot.org/show_bug.cgi?id=1216 Summary: Warn via Logwatch when sshd PermitRootLogin is in effect Product: Portable OpenSSH Version: 4.3p2 Platform: ix86 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: rus...
2016 Feb 17
3
centos7 :: ks.cfg :: customisation of sshd
...rovisioning) first make sure ssh is started services --enabled=sshd,chronyd then .. i imagine that in the %post section %post --interpreter=/usr/bin/bash --log=/root/ks-post.log 1. i could use sed to change the port sed -i 's/#Port\ 22/Port 60000/' /etc/ssh/sshd_config 2. sed -i 's/#PermitRootLogin\ yes/PermitRootLogin\ yes/' /etc/ssh/sshd_config 3. enable key access mkdir -p /root/.ssh chmod 700 /root/.ssh cat << EOF >> /root/.ssh/authorized_keys my_ssh_pubkey EOF 4. semanage port -a -t ssh_port_t -p tcp 60000 5. firewall-cmd --permanent --zone=public --add-port=60000/tcp 6....
2015 Feb 21
2
PermitRootLogin default (was: "PermitRootLogin no" should not proceed with root login)
On Sat, 2015-02-21 at 23:36 +0000, Philip Hands wrote: > I'm glad to say that the default for the Debian package Unfortunately, Debian overdid it quite a lot and also set a number of not so smart (respectively security-critical) defaults: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765632 So it's like 1:1 ;-) Cheers, Chris. -------------- next part -------------- A non-text
2006 Feb 13
2
PermitRootLogin proplem
Hi all, I think that there is a security problem with the PermitRootLogin option. I asked an root ssh connection: $ ssh root at machine root at machine's password: I typed no password, this prompt stayed in place. In a second time, I changed the PermitRootLogin to no, and then restart ssh server. Third, I typed the password on the previous prompt, and the acce...
2004 Mar 22
1
PermitRootLogin issues
...laid out in this thread from last year: http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106908815129641&w=2 The discussion that ensued resulted in a number of ideas on how best to 'fix' this issue. The two that seemed most reasonable were: 1. implement a pubkey-only option to PermitRootLogin that would only allow root to login using pubkey authentication. 2. implement a more flexible arrangement where a list of allowed authentication methods could passed to PermitRootLogin. I looked through the code and it seems that both are straightforward to code, but obviously 1 is much less wo...
2015 Feb 21
2
"PermitRootLogin no" should not proceed with root login
Steps to reproduce: 1) PermitRootLogin no in sshd_config 2) login with "root" user from other host Present behaviour: 1) it asks for password 3 times and only then close the connection. 2) cpu consumption during bruteforce "attacks". Expected behaviour: Immediate disconnect/login fail Workaround is to change ssh p...
2009 Apr 08
0
sshd: ssh_config default setting - PermitRootLogin yes
[Please keep CC, I'm not in this list] The default settings for PermitRootLogin appears to be 'yes'. Increased number of attacks target the ssh port 22 and root logins directly[1] throught the Internet. Would it be possible to tighten the initial installation by defaulting PermitRootLogin to 'no' (or even in *.c) in forthcoming releases and have administrator...
2003 Feb 06
2
[Bug 486] New: "PermitRootLogin no" can implicitly reveal root password
http://bugzilla.mindrot.org/show_bug.cgi?id=486 Summary: "PermitRootLogin no" can implicitly reveal root password Product: Portable OpenSSH Version: 3.5p1 Platform: All OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at...
2005 Apr 07
1
PermitRootLogin and Tru64 SIA
I have "PermitRootLogin no" in my sshd_config, but under Tru64 and SIA, the root login attempts still get passed to the SIA system (so I get lots of warnings about failed root logins). On systems with a "max failed attempts" setting, the root account can be locked out this way. I started looking at the cod...
2015 Feb 20
6
[Bug 2354] New: please document that PermitRootLogin really checks for uid=0
https://bugzilla.mindrot.org/show_bug.cgi?id=2354 Bug ID: 2354 Summary: please document that PermitRootLogin really checks for uid=0 Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee: unassigned-...
2013 Oct 23
7
[Bug 2164] New: PermitRootLogin=without-password as default
https://bugzilla.mindrot.org/show_bug.cgi?id=2164 Bug ID: 2164 Summary: PermitRootLogin=without-password as default Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org...
2015 Jul 29
2
Fedora change that will probably affect RHEL
On 07/28/2015 04:29 PM, Warren Young wrote: > They turned off "PermitRootLogin yes" and "Protocol 1" in EL6 or EL7, the previous low-hanging fruit. Do you think those were bad decisions, too? As far as I know, PermitRootLogin has not been set to "no" by default. At least, I've never seen that on a system I've installed. Am I missing some...
2013 Jan 14
3
[Bug 2061] New: Request for PermitRootLogin to be enforced prior to credential check
https://bugzilla.mindrot.org/show_bug.cgi?id=2061 Bug ID: 2061 Summary: Request for PermitRootLogin to be enforced prior to credential check Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Other OS: OpenBSD Status: NEW Severity: enhancement Priority: P5...
2015 Sep 02
3
[Bug 2456] New: gssapi-keyex blocked by PermitRootLogin=without-password
https://bugzilla.mindrot.org/show_bug.cgi?id=2456 Bug ID: 2456 Summary: gssapi-keyex blocked by PermitRootLogin=without-password Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter...
2015 Aug 19
3
[Bug 2445] New: Fix gssapi-with-mic support when is set to PermitRootLogin without-password
https://bugzilla.mindrot.org/show_bug.cgi?id=2445 Bug ID: 2445 Summary: Fix gssapi-with-mic support when is set to PermitRootLogin without-password Product: Portable OpenSSH Version: 7.0p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: si...
2003 Jan 29
2
PermitRootLogin=yes no longer lets root login
Hi All, While testing another patch, I found that I could not longer log in as root, even if PermitRootLogin was yes. It seems to be the following code in auth_password: $ cvs diff -r1.48 -r1.49 auth-passwd.c [snip] #ifndef HAVE_CYGWIN - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_NO_PASSW...
2003 May 06
0
[Bug 486] "PermitRootLogin no" can implicitly reveal root password
...---------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Additional Comments From cjwatson at debian.org 2003-05-06 10:08 ------- This has reoccurred as of 3.6.1p2. With 3.6.1p1, there was no delay for a root login when PermitRootLogin was off regardless of whether the supplied password was correct or not. With 3.6.1p2 and "PermitRootLogin no", an incorrect password for root incurs a delay while a correct password does not. (Apologies if this should have been a new bug.) ------- You are receiving this mail because:...