similar to: [Bug 2164] New: PermitRootLogin=without-password as default

https://bugzilla.mindrot.org/show_bug.cgi?id=2354 Bug ID: 2354 Summary: please document that PermitRootLogin really checks for uid=0 Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Documentation

https://bugzilla.mindrot.org/show_bug.cgi?id=2456 Bug ID: 2456 Summary: gssapi-keyex blocked by PermitRootLogin=without-password Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=2445 Bug ID: 2445 Summary: Fix gssapi-with-mic support when is set to PermitRootLogin without-password Product: Portable OpenSSH Version: 7.0p1 Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: sshd

It works for the "yes" case but not for the "without-password" case. The function that checks (auth_root_allowed(auth_method) is special cased for "password". The Pam case sends "keyboard-interactive/pam" which like all other authentication methods except password succeeds. Here is a patch to make it work for me. Please feel free to criticize as

Steps to reproduce: 1) PermitRootLogin no in sshd_config 2) login with "root" user from other host Present behaviour: 1) it asks for password 3 times and only then close the connection. 2) cpu consumption during bruteforce "attacks". Expected behaviour: Immediate disconnect/login fail Workaround is to change ssh port, or ban IP after some login fails, or limit IP that can

https://bugzilla.mindrot.org/show_bug.cgi?id=2061 Bug ID: 2061 Summary: Request for PermitRootLogin to be enforced prior to credential check Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Other OS: OpenBSD Status: NEW Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=2618 Bug ID: 2618 Summary: net-misc/openssh-7.2_p2: Terribly slow Interactive Logon Product: Portable OpenSSH Version: 7.2p2 Hardware: amd64 OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=1586 Summary: [FEATURE REQ] PermitRootLogin and restricting to specific hosts Product: Portable OpenSSH Version: 5.2p1 Platform: amd64 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Miscellaneous

On Tue, Jul 17, 2018 at 6:22 PM, Damien Miller <djm at mindrot.org> wrote: > > > On Tue, 17 Jul 2018, Rob Marshall wrote: > >> Hi, >> >> I built OpenSSH 7.7p1-1 to try to include some security fixes for an old OS >> version (SLES 10). We use a special PAM module for root to allow us to >> provide auto-expiring passwords. There is, however, one root

http://bugzilla.mindrot.org/show_bug.cgi?id=1216 Summary: Warn via Logwatch when sshd PermitRootLogin is in effect Product: Portable OpenSSH Version: 4.3p2 Platform: ix86 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2128 Bug ID: 2128 Summary: ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file Product: Portable OpenSSH Version: -current Hardware: Other OS: Other Status: NEW Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=1980 dajoker at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dajoker at gmail.com --- Comment #6 from dajoker at gmail.com --- The ' openssh-unix-dev at mindrot.org' mailing list thread

Hi, OpenSSH 2.9p2 behaves differently with 'PermitRootLogin without-password' than does SSH 2.2.27 with 'PermitRootLogin nopwd': nopython.imorgan 153> ssh root at sun523 root at sun523's password: ROOT LOGIN REFUSED FROM nopython.nas.nasa.gov nopython.imorgan 154> ssh root at sun566 root at sun566's password: Permission denied. In the case of OpenSSH, you simply

Hi All, I noticed that if I put: AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file, pub/priv key authentication no longer worked. I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010 on Archlinux. Sam ****************** Here is my WORKING config ****************** Port 22 ListenAddress 0.0.0.0 Protocol 2 PermitRootLogin no PubkeyAuthentication yes #AuthorizedKeysFile

http://bugzilla.mindrot.org/show_bug.cgi?id=486 Summary: "PermitRootLogin no" can implicitly reveal root password Product: Portable OpenSSH Version: 3.5p1 Platform: All OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at

http://bugzilla.mindrot.org/show_bug.cgi?id=1319 Summary: ssh-keygen does not properly handle multiple keys Product: Portable OpenSSH Version: 4.5p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: bitbucket at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2190 Bug ID: 2190 Summary: Nagios command check_ssh Product: Portable OpenSSH Version: 6.2p1 Hardware: ix86 OS: FreeBSD Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

Hi. I have a client machine using ssh as root via key authorization to a server. The client uses rsync to send backup data to the server. I use ForceCommand to allow only this activity when using key authorization. But I also want to be able to ssh as root with a required password to do whatever I like. So I thought that in addition to root, I'd make a rootback account:

https://bugzilla.mindrot.org/show_bug.cgi?id=1554 Summary: No feedback when configuration file permissions are set incorrectly. Product: Portable OpenSSH Version: 5.1p1 Platform: ix86 OS/Version: Cygwin on NT/2k Status: NEW Severity: minor Priority: P3 Component: ssh AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=1841 Summary: Error message if key not first in authorized_keys file Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org