On Tue, 03/01/22, 2022 at 09:21:48AM +1100, Darren Tucker wrote: > What options did you configure it with? In particular, did you enable PAM? ./configure --with-md5-passwords --with-pam --with-privsep-path=/var/lib/sshd/ --sysconfdir=/etc/ssh8.6 > Have you verified that the sshd has not been tampered with? Yes > "standard" as in "vendor-supplied" or "as we normally set them"? vendor-supplied. > I'd be having a very close look at the PAM config. I've seen multiple > instances where a misconfigured PAM stack failed open and accepted > either an empty password or any password. One instance also ended up > being used for spam as you describe. > You can use pam-test-harness.c (https://www.dtucker.net/patches/) to > test your config. Thanks Darren. I'll try your test harness. My chief concern is whether there is/was something off in the standard Ubuntu PAM setup. Best, Whit _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
