[linux] sshd overuje heslom aj ked by nemal...

Matus Horvath Matus.Horvath na nextra.sk
Čtvrtek Červen 10 17:24:23 CEST 2004


Thursday, June 10, 2004, 4:07:48 PM, you wrote:

>> Mozno pozri co je v /etc/pam.d/ssh

M> # PAM configuration for the Secure Shell service

M> # Disallow non-root logins when /etc/nologin exists.
M> auth       required     pam_nologin.so

M> # Read environment variables from /etc/environment and
M> # /etc/security/pam_env.conf.
M> auth       required     pam_env.so # [1]

M> # Standard Un*x authentication.
M> @include common-auth

Neviem co je v common-auth, ale tipoval by som ze ked tento include
zakomentujes, mozno dosiahnes aby hesla sshd nebral. Pripadne
si okopiruj subor common-auth (ak to je subor) napriklad na
common-auth-ssh, includuj ho namiesto common-auth a zmen ho tak
aby nebral hesla z /etc/shadow.

Nemen priamo common-auth, lebo si pravdepodobne odpilis aj
prihlasovanie z virtualneho teminalu. A ked nieco pomenis, skus
sa prihlasit na inom terminali ako root aby si mal istotu ze si
to nezakazal. Nie je dobry postup najprv sa odhlasit a az potom
zistit ze sa uz nemozes prihlasit :))

inak: man pam

M> # Standard Un*x authorization.
M> @include common-account

M> # Standard Un*x session setup and teardown.
M> @include common-session

M> # Print the message of the day upon successful login.
M> session    optional     pam_motd.so # [1]

M> # Print the status of the user's mailbox upon successful login.
M> session    optional     pam_mail.so standard noenv # [1]

M> # Set up user limits from /etc/security/limits.conf.
M> session    required     pam_limits.so

M> # Standard Un*x password updating.
M> @include common-password

Matus Horvath

/\/\ /-\ "|" \_/ $    ]-[ () |^ \/ /-\ "|" ]-[
ICQ: 33936477
mailto:Matus.Horvath na nextra.sk
http://www.elf.stuba.sk/~horvathm




Další informace o konferenci linux