71233 – ssh default config could use some tweaking

Bug 71233 - ssh default config could use some tweaking

Summary: ssh default config could use some tweaking

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All All

Importance:	Low normal (vote)
Assignee:	SpanKY

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-11-14 19:21 UTC by phar
Modified:	2004-11-15 21:09 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description phar 2004-11-14 19:21:53 UTC

because the base layout uses pam, the sshd_config file might do better if changed from

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

to

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

since the default behavour is to allow password authentication.. what happens if  PasswordAuthentication is set to "yes" or remmed out is that after an unsuccessful round of pam authentication, ssh provides its own prompt and allows the user to login..

so any config with pam on ssh will not work as promised.

Comment 1 SpanKY gentoo-dev

2004-11-15 21:09:02 UTC

baselayout doesnt use pam

openssh has pam as an option ... you can simply `USE=-pam emerge openssh` and openssh wont support it

i updated the config option to set 'PasswordAuthentication no' if USE=pam