sshd: it is permit to login with a Empty Password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On a standard installation of FC1 and FC2 (and FC3?) is permit to login
with a user with a empty password ... is this correct?

[root@igloo root]# man sshd_config
> PermitEmptyPasswords
>     When password authentication is allowed, it specifies whether the
>     server allows login to accounts with empty password strings.  The
>     default is ânoâ.
[root@igloo root]# grep PermitEmptyPasswords /etc/ssh/sshd_config
#PermitEmptyPasswords no
[root@igloo root]# useradd nopasswd
[root@igloo root]# passwd -d nopasswd
Removing password for user nopasswd.
passwd: Success
[root@igloo root]# ssh nopasswd@localhost
nopasswd@localhost's password: <type ENTER>
Permission denied, please try again.
nopasswd@localhost's password: <type "x" then ENTER>
[nopasswd@igloo nopasswd]$ id
uid=505(nopasswd) gid=507(nopasswd) gruppi=507(nopasswd)
[nopasswd@igloo nopasswd]$

How to disable this "feature"?

Many thanks

-- 
Dario Lesca <d.lesca@xxxxxxxxxx>
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux