[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
sshd: it is permit to login with a Empty Password
- From: Dario Lesca <d lesca solinos it>
- To: Fedora Project List <fedora-list redhat com>
- Cc: Fedora Devel <fedora-devel-list redhat com>
- Subject: sshd: it is permit to login with a Empty Password
- Date: Wed, 24 Nov 2004 23:03:14 +0100
On a standard installation of FC1 and FC2 (and FC3?) is permit to login
with a user with a empty password ... is this correct?
[root igloo root]# man sshd_config
> PermitEmptyPasswords
> When password authentication is allowed, it specifies whether the
> server allows login to accounts with empty password strings. The
> default is ânoâ.
[root igloo root]# grep PermitEmptyPasswords /etc/ssh/sshd_config
#PermitEmptyPasswords no
[root igloo root]# useradd nopasswd
[root igloo root]# passwd -d nopasswd
Removing password for user nopasswd.
passwd: Success
[root igloo root]# ssh nopasswd localhost
nopasswd localhost's password: <type ENTER>
Permission denied, please try again.
nopasswd localhost's password: <type "x" then ENTER>
[nopasswd igloo nopasswd]$ id
uid=505(nopasswd) gid=507(nopasswd) gruppi=507(nopasswd)
[nopasswd igloo nopasswd]$
How to disable this "feature"?
Many thanks
--
Dario Lesca <d lesca solinos it>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]