similar to: [Bug 652] PermitEmptyPasswords option silently ignored

If I have PasswordAuthentication yes PermitEmptyPasswords no I'm not able to log in using authorized key authentication if my password is blank. This changed when upgrading from portable 3.7.1p1 to 3.7.1p2. My thoughts were PermitEmptyPasswords would only be used if authenticating with a password. ./configure --with-pam --prefix=/usr --sysconfdir=/etc/ssh

Greetings, When PasswordAuthentication no + PermitEmptyPasswords yes SSH2 allows access to a passwordless account without a valid key. This is my patch: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ wormhole# diff -u auth2-none.c.old auth2-none.c --- auth2-none.c.old Thu Jul 17 06:23:24 2003 +++ auth2-none.c Thu Jul 17 06:44:42 2003 @@ -100,7 +100,9 @@ if (check_nt_auth(1,

http://bugzilla.mindrot.org/show_bug.cgi?id=755 Summary: PermitEmptyPasswords ignored Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Greetings, Problem : Openssh3.6.1p2 on UnixWare 7.1.1 allows access to passwordless account without a valid key when sshd_config has PasswordAuthentication no + PermitEmptyPasswords yes Attempts: Installed maintence pack3 and recompiled both OpenSSH and OpenSSL (0.9.7b) with native c compiler. Recompiled both OpenSSH and OpenSSL (0.9.7b) with gcc (2.95.2). Still the same problem. Looking at

Greetings, > -----Original Message----- > From: Vikash Badal - PCS > Sent: 10 July 2003 07:36 > To: 'Tim Rice' > Subject: RE: OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + > PasswordAuthentication no + PermitEmptyPasswords yes > > > Greetings, > > Using gcc (2.95.2) + maintenance pack 2 > > Will try maintenance pack 3 and recompile > > Thanks.

Greetings, I recently discovered a problem with OpenSSH 3.6.1p2 and UnixWare 7.1.1 (as well as OpenServer 5.0.X and SCO 3.2v4.2) When I set up sshd_config as follows: PasswordAuthentication no PermitEmptyPasswords yes and try to connect to a password less account ( I know its a F*up, but that's the application ID10Ts .... ) I can get in using the SSH2 version without a valid key, the

Greetings, complete debug below > -----Original Message----- > From: Ben Lindstrom [mailto:mouring at etoh.eviladmin.org] > Sent: 10 July 2003 03:32 > To: Vikash Badal - PCS > Cc: 'openssh-unix-dev at mindrot.org' > Subject: Re: OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + > PasswordAuthentication no + PermitEmptyPasswords yes (followup) > > > > Would be

Hi, after installing 3.6.1p2 I noticed spurious PAM login failures even with PermitEmptyPasswords set to "no": sshd(pam_unix)[1740]: authentication failure; logname=XXX uid=0 euid=0 tty=NODEVssh ruser= rhost=localhost user=XXX After looking at the code I noticed the following in the portability p2 patch: +++ openssh-3.6.1p2/auth-passwd.c 2003-04-29 19:12:08.000000000 +1000

https://bugzilla.mindrot.org/show_bug.cgi?id=2475 Bug ID: 2475 Summary: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled Product: Portable OpenSSH Version: 7.1p1 Hardware: ix86 OS: Linux Status: NEW

http://bugzilla.mindrot.org/show_bug.cgi?id=235 Summary: While PermitEmptyPasswords no, user can connect, entering ANY other password Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo:

Hi, the following problem occurs on Solaris 2.6. openssh-3.7p1 and openssh-3.7.1p1 both show the same behaviour. openssh is configure with: CC='gcc -L/usr/LOCAL/lib -I/usr/LOCAL/include' ./configure --prefix=/usr/LOCAL --sysconfdir=/etc/ssh --sbindir=/usr/local/sbin --libexecdir=/usr/local/libexec --with-pam --with-tcp-wrappers --with-ssl-dir=/usr/LOCAL/ssl

Hi, I hope I'm not asking some FAQ, but I can't compile openssh-2.9p2 on maas34:openssh-2.9p2 {173} uname -a SunOS maas34 5.6 Generic_105181-23 sun4u sparc SUNW,Ultra-5_10 using: maas34:openssh-2.9p2 {174} gcc -v Reading specs from /opt/local/gcc-2.95.2/lib/gcc-lib/sparc-sun-solaris2.6/2.95.2/specs gcc version 2.95.2 19991024 (release) I get: maas34:openssh-2.9p2 {172}

I am writing to report a bug in openssh-2.3.0p1, and to suggest a fix. I have OpenSSH installed on a Solaris 8 box. The output of uname -a is: > SunOS dipper.csi.cam.ac.uk 5.8 Generic_108528-06 sun4u sparc SUNW,Ultra-5_10 OpenSSH was configured with the following options: > ./configure --prefix=/jackdaw --with-default-path=/jackdaw/bin:/usr/bin On this OS, with this configuration, it

I noticed while investigating Debian Bug #93200 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=93200&repeatmerged=yes) that sshd refuses a login if /etc/pam.d/ssh doesn't specify "nullok" after the pam_unix.so module -- is there any way to resolve this problem? It seems that OpenSSH should override PAM in this case, someone posted a patch on 6/19 that appears to address this

http://bugzilla.mindrot.org/show_bug.cgi?id=235 ------- Additional Comments From mouring at eviladmin.org 2002-05-06 06:09 ------- Created an attachment (id=92) Try the following patch to auth-passwd.c ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=235 stevesk at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From stevesk at pobox.com 2002-07-18 15:17

Hey everyone, I wanted to add support for denying PTY allocation through OpenSSH. I'm not certain if this is quite thorough enough for all cases, but for me it might work for the moment. I know that you can currently do this through authorized_keys, but as far as I know that only works for an actual key. In my use case, I wanted a user with no password which is forced to run a specific

http://bugzilla.mindrot.org/show_bug.cgi?id=609 Summary: empty password accounts can login with random password Product: Portable OpenSSH Version: 3.6.1p2 Platform: ix86 OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=609 Summary: empty password accounts can login with random password Product: Portable OpenSSH Version: 3.6.1p2 Platform: ix86 OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

Portable OpenSSH 3.7.1p2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/portable.html shortly. Please note that this is a release to address issues in the portable version only. The items mentioned below do not affect the OpenBSD version. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client