Security Question
Richard June
rjune at bravegnuworld.com
Wed Feb 16 14:28:45 UTC 2005
On Wednesday 16 February 2005 09:04, Tomas Mraz wrote:
> On Wed, 2005-02-16 at 08:37 -0500, Richard June wrote:
> > <snip>
> >
> > > The problem is that I don't see how anyone could login using ssh to
> > > account with !! in /etc/shadow. I have to suppose that there were
> >
> > three words, ssh pubkey authentication.
>
> This doesn't apply as the attacker would have to have the ssh private
> key of a public key which would have to be installed in the
> ~apache/.ssh/authorized_keys what I don't suppose.
> However I've been mistaken with the /etc/shadow - the real thing is in
> the /etc/passwd line - if the second field is empty (no 'x' there) that
> means the password is empty and sshd would allow logging in.
Default config is for ssh to not allow emtpy passwords to login *AND* to put
either x or !! into the passwd field in /etc/passwd.
Thus for sshd to allow sombody to log in like that, the user (or the attacker
through some other means) would have to edit /etc/passwd, and enable empty
passwords in sshd_config, and restart ssh(though if you have the first two
done, the last should be simple)
and in the event of users such as apache, you have to change the shell
from /bin/false to /bin/bash or something.
--
Public Key available Here:
http://www.bravegnuworld.com/~rjune/pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20050216/3eeb158d/attachment.sig>
More information about the fedora-devel-list
mailing list