similar to: PermitRootLogin proplem

http://bugzilla.mindrot.org/show_bug.cgi?id=1216 Summary: Warn via Logwatch when sshd PermitRootLogin is in effect Product: Portable OpenSSH Version: 4.3p2 Platform: ix86 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org

I'm running version 4.7p1 of OpenSSH on a Linux system (it was originally a RedHat system, but I've changed almost everything.) When I originally built OpenSSH I used the config option --without-pam, and installed the software in /usr/local. I explicitly forbade root login with sshd (by setting the PermitRootLogin to "no" in the sshd_config file), but found that I could login as

Steps to reproduce: 1) PermitRootLogin no in sshd_config 2) login with "root" user from other host Present behaviour: 1) it asks for password 3 times and only then close the connection. 2) cpu consumption during bruteforce "attacks". Expected behaviour: Immediate disconnect/login fail Workaround is to change ssh port, or ban IP after some login fails, or limit IP that can

Greetings, I know that part of the following has been discussed here before but please bear with me. We are running on Solaris versions 2.6 - 9 with a NISplus name service. The permissions on the NISplus password map have been modified to limit read access to the encrypted password field of the passwd table to only the entry owner and the table administrators. See:

I have "PermitRootLogin no" in my sshd_config, but under Tru64 and SIA, the root login attempts still get passed to the SIA system (so I get lots of warnings about failed root logins). On systems with a "max failed attempts" setting, the root account can be locked out this way. I started looking at the code, and I'm not sure I understand what I see. In auth-passwd.c,

It works for the "yes" case but not for the "without-password" case. The function that checks (auth_root_allowed(auth_method) is special cased for "password". The Pam case sends "keyboard-interactive/pam" which like all other authentication methods except password succeeds. Here is a patch to make it work for me. Please feel free to criticize as

Hello, I'm currently experiencing the issue laid out in this thread from last year: http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106908815129641&w=2 The discussion that ensued resulted in a number of ideas on how best to 'fix' this issue. The two that seemed most reasonable were: 1. implement a pubkey-only option to PermitRootLogin that would only allow root to login

http://bugzilla.mindrot.org/show_bug.cgi?id=486 Summary: "PermitRootLogin no" can implicitly reveal root password Product: Portable OpenSSH Version: 3.5p1 Platform: All OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at

Hi all, among other things, we provide shell access to various unix based platforms for our students and university staff. Recently, there has been increasing number of root login attacks on one particular Tru64 machine running OpenSSH. The host is configured with "PermitRootLogin no" but every once in a while SIA auth with TCB enhanced security locks the root account. I suppose

https://bugzilla.mindrot.org/show_bug.cgi?id=2164 Bug ID: 2164 Summary: PermitRootLogin=without-password as default Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

I updated my Solaris 8 machines from openssh-2.3.0p1 to 2.5.1p1 yesterday and it fixed the cron/audit issue but now root logins are no longer permitted. I updated it to 2.5.1p2 this morning and that is still the case: golfer:/[207]# ssh -v tsunami OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug: Reading configuration data /var/ssh/ssh_config debug: Applying options for *

Hello all, I was running some tests with openssh 3.7.1p2 and I noticed that PermitRootLogin without-password does not work when PAM is enabled. In fact, when PAM is enabled, PermitRootLogin will work as "yes" if " without-password" is used, no matter what kind of authentication is used for root login. Is that a bug, I missed something in the configurations, or expected

Hi All, While testing another patch, I found that I could not longer log in as root, even if PermitRootLogin was yes. It seems to be the following code in auth_password: $ cvs diff -r1.48 -r1.49 auth-passwd.c [snip] #ifndef HAVE_CYGWIN - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + if (pw->pw_uid == 0 && options.permit_root_login !=

Hi, I am using OpenSSH 3.9p1. For " UsePAM yes/no " option with " PermitRootLogin without-password", the server functionality differs. For " UsePAM yes ", the server allows authentication thru password, meanwhile " UsePAM no " does not. I have fixed that problem and the patch is given below.

https://bugzilla.mindrot.org/show_bug.cgi?id=2354 Bug ID: 2354 Summary: please document that PermitRootLogin really checks for uid=0 Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation

Hi, 2 servers running Suse Linux 7.1 kernel 2.2.19 i386, rsync 2.5.5 compiled on these boxes. These are two FEP's with 32 modems, working as master/slave rsync is using dedicated 100 base T network interfaces (eth1) , crossover cable between them, only rsync traffic allowed on these interfaces. rsync run every 30 seconds It seems to be a bug when it attempt's to transfer very large

Using openssh-3.4p1 on Linux I noticed that PermitRootLogin=forced-commands-only does not work if UsePrivilegeSeparation is enabled; but it does work if privsep is disabled. Here are excerpts of debug from the server. -----------UsePrivilegeSeparation DISABLED------- ... Found matching DSA key: 56:9d:72:b0:4f:67:2e:ed:06:e7:41:03:e2:86:52:0d^M debug1: restore_uid^M debug1: ssh_dss_verify:

hello every body , last few days ago , i posted problem while running the built in server WEBrick ,and the brother Reacher give me some solutions about it .you can get posts in the Post from here http://groups.google.com/group/rubyonrails-talk/browse_thread/thread/9a93dc425f5524cc i used all the options that viewed to me but it didn''t work all, so any one can help me fix this proplem

Hi, I am following the tutorial on the hostingrails site but running into problems. I am pretty sure my files match everything that is in the tutorials. here is whats in my production.log file: ActiveRecord::StatementInvalid (Mysql::Error: Table ''hrkoloa_typo.triggers'' doesn''t exist: SELECT * FROM triggers WHERE (due_at <= ''2006-06-19 22:37:23'')

Hi, Ever since 'without-password' became an option, I've thought it would make a better default (and I actually used to patch it that way when I was the Debian Maintainer. My successors think that it's more important to minimise the size of the patch, which is also a reasonable point). The thing that prompted me to finally mention this here, is this story: