Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 71233

Summary: ssh default config could use some tweaking
Product: Gentoo Linux Reporter: phar <phar>
Component: [OLD] Core systemAssignee: SpanKY <vapier>
Status: RESOLVED FIXED    
Severity: normal CC: aliz
Priority: Low    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
Package list:
Runtime testing required: ---

Description phar 2004-11-14 19:21:53 UTC 
because the base layout uses pam, the sshd_config file might do better if changed from

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

to

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

since the default behavour is to allow password authentication.. what happens if  PasswordAuthentication is set to "yes" or remmed out is that after an unsuccessful round of pam authentication, ssh provides its own prompt and allows the user to login..

so any config with pam on ssh will not work as promised.
Comment 1 SpanKY gentoo-dev 2004-11-15 21:09:02 UTC 
baselayout doesnt use pam

openssh has pam as an option ... you can simply `USE=-pam emerge openssh` and openssh wont support it

i updated the config option to set 'PasswordAuthentication no' if USE=pam