[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

sshd: it is permit to login with a Empty Password



On a standard installation of FC1 and FC2 (and FC3?) is permit to login
with a user with a empty password ... is this correct?

[root igloo root]# man sshd_config
> PermitEmptyPasswords
>     When password authentication is allowed, it specifies whether the
>     server allows login to accounts with empty password strings.  The
>     default is ânoâ.
[root igloo root]# grep PermitEmptyPasswords /etc/ssh/sshd_config
#PermitEmptyPasswords no
[root igloo root]# useradd nopasswd
[root igloo root]# passwd -d nopasswd
Removing password for user nopasswd.
passwd: Success
[root igloo root]# ssh nopasswd localhost
nopasswd localhost's password: <type ENTER>
Permission denied, please try again.
nopasswd localhost's password: <type "x" then ENTER>
[nopasswd igloo nopasswd]$ id
uid=505(nopasswd) gid=507(nopasswd) gruppi=507(nopasswd)
[nopasswd igloo nopasswd]$

How to disable this "feature"?

Many thanks

-- 
Dario Lesca <d lesca solinos it>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]