Re: SSH login from user with empty password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 10/10/2013 03:12 PM, David C. Miller wrote:
> SSH by default will use a key pair if found but then drops back to 
> login password. It will also fall back to password if the keypair has 
> a passphrase and you just hit retrun without type it in. SSH won't 
> allow you to connect because the password in the shadow file is blank. 
> Basically if you don't have a password it should not allow you to 
> login regardless. From a security standpoint it makes sense to never 
> allow blank passwords. Just give the account a long 25 character 
> random password and then setup SSH key pairs.

 From what I read, it sounds like you are saying that you can't log in 
with keypairs unless a password has been set. If so, this appears to be 
incorrect, at least as of CentOS 6. To test this, I did the following:

[root@norman ~]# adduser testnopw
[root@norman ~]# su - testnopw
[testnopw@norman ~]$ mkdir .ssh && chmod 600 .ssh;
[testnopw@norman ~]$ nano .ssh/authorized_keys
< - pasted id_dsa.pub from another account ->
[testnopw@norman ~]$ chmod 600 .ssh/authorized_keys


Now, as another account on the same server:

[bens@norman] ssh testnopw@localhost
Enter passphrase for key '/home/bens/.ssh/id_dsa':
[testnopw@norman ~]$

Never, in the above script, was a password set.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux