Quoting Darren Tucker <dtucker@xxxxxxxxxx>: > Since committing that diff I've heard of people running in production > with no root password (ie *LK*, !! or similar). > > It's about the same amount of code to search for the first account with > a valid salt, which would avoid this problem in the case where the root > account doesn't have a real password. > > djm: what do you think? Since OpenSSH already makes use of an unprivileged user for privsep, why not take the next step of setting a (long) random password for it using the system's normal shadow password routines? If one is concerned about an accidentally "successful" login, you could perturb the supplied passphrase prior to passing it down to the authentication library to ensure a successful entry is impossible. Alternately, a second "dummy" account that's not used at all by the system which is a chroot jail with nothing in it with a random password? This way no bizarre system assumptions need be made, and it accommodates the wide range of "policy" preferences for the bulk of the userbase. =M= _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
