[Mageia-dev] SSH PAM configuration
Anne Wilson
annew at kde.org
Mon Aug 13 10:39:07 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 13/08/12 08:34, Guillaume Rousse wrote:
> Le 12/08/2012 21:57, David Walser a écrit :
>> Johnny A. Solbu wrote:
>>> On Sunday 12 August 2012 19:28, David Walser wrote:
>>>> Through the PAM configuration for SSH shipped with the
>>>> openssh-server package, root login is broken. Here's why.
>>>> /etc/pam.d/sshd has: auth required pam_listfile.so item=user
>>>> sense=deny file=/etc/ssh/denyusers
>>>>
>>>> The file /etc/ssh/denyusers has "root" in it by default.
>>>
>>> I read somewhere some time ago that PermitRootLogin in
>>> sshd_config is ignored if PAM is used. That may be the reason
>>> for this.
>>
>> Nope, I just tested it and that is not true.
> There is an explicit comment in the configuration file: # Depending
> on your PAM configuration, # PAM authentication via
> ChallengeResponseAuthentication may bypass # the setting of
> "PermitRootLogin without-password".
>
> My understanding is just than some specific PAM configuration
> would eventually allow root user to authenticate through a
> password, instead of a key.
>
> Regarding your original problem, feel free to commit the relevant
> modifications.
Why would anyone need root login over ssh? I don't allow it on my
server and it has never caused me any problems. Su to root works
perfectly well and avoids the security risk, so I don't understand
this thread.
Anne
- --
Need KDE help? Try
http://userbase.kde.org or
http://forum.kde.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlAovSkACgkQj93fyh4cnBc8AQCbBY28p9fxW2LtWV9G89b1VlnT
spYAn3hJGydYD5jdpNtSYTnjDznI4hED
=c6wq
-----END PGP SIGNATURE-----
More information about the Mageia-dev
mailing list