On Wednesday 16 February 2005 09:04, Tomas Mraz wrote: > On Wed, 2005-02-16 at 08:37 -0500, Richard June wrote: > > <snip> > > > > > The problem is that I don't see how anyone could login using ssh to > > > account with !! in /etc/shadow. I have to suppose that there were > > > > three words, ssh pubkey authentication. > > This doesn't apply as the attacker would have to have the ssh private > key of a public key which would have to be installed in the > ~apache/.ssh/authorized_keys what I don't suppose. > However I've been mistaken with the /etc/shadow - the real thing is in > the /etc/passwd line - if the second field is empty (no 'x' there) that > means the password is empty and sshd would allow logging in. Default config is for ssh to not allow emtpy passwords to login *AND* to put either x or !! into the passwd field in /etc/passwd. Thus for sshd to allow sombody to log in like that, the user (or the attacker through some other means) would have to edit /etc/passwd, and enable empty passwords in sshd_config, and restart ssh(though if you have the first two done, the last should be simple) and in the event of users such as apache, you have to change the shell from /bin/false to /bin/bash or something. -- Public Key available Here: http://www.bravegnuworld.com/~rjune/pubkey.asc
Attachment:
pgp0Q1gCoTkOB.pgp
Description: PGP signature