[linux] sshd overuje heslom aj ked by nemal...

Matthew matthew na centrum.sk
Úterý Červen 15 10:09:14 CEST 2004 

Dakujem za nasmerovanie. Pomohlo.

Tu je riesenie pre ostatnych, keby sa stretli s podobnym problemom:

Po prestudovani pam dokumentacie, adresara a suborov /etc/pam.d A porovnanie
s druhou konfiguraciou na inom pocitaci na ktorom mi to bezalo bez problemov
(woody). Som zistil ze staci zmenit v /etc/ssh/sshd_config nastavenie UsePAM
na no. :-)

Pouzivam vyhradne PubkeyAuthentication. Myslite si ze si to mozem dovolit?
Nie je s vypnutim pam autentifikacie spojene nejake riziko? Myslim ze nie,
ale pre istotu sa spytam.


----- Original Message ----- 
From: "Matus Horvath" <Matus.Horvath na nextra.sk>
To: "Vseobecna diskusia o Linuxe" <linux na lists.linux.sk>
Sent: Thursday, June 10, 2004 5:24 PM
Subject: Re[4]: [linux] sshd overuje heslom aj ked by nemal...


> Thursday, June 10, 2004, 4:07:48 PM, you wrote:
>
> >> Mozno pozri co je v /etc/pam.d/ssh
>
> M> # PAM configuration for the Secure Shell service
>
> M> # Disallow non-root logins when /etc/nologin exists.
> M> auth       required     pam_nologin.so
>
> M> # Read environment variables from /etc/environment and
> M> # /etc/security/pam_env.conf.
> M> auth       required     pam_env.so # [1]
>
> M> # Standard Un*x authentication.
> M> @include common-auth
>
> Neviem co je v common-auth, ale tipoval by som ze ked tento include
> zakomentujes, mozno dosiahnes aby hesla sshd nebral. Pripadne
> si okopiruj subor common-auth (ak to je subor) napriklad na
> common-auth-ssh, includuj ho namiesto common-auth a zmen ho tak
> aby nebral hesla z /etc/shadow.
>
> Nemen priamo common-auth, lebo si pravdepodobne odpilis aj
> prihlasovanie z virtualneho teminalu. A ked nieco pomenis, skus
> sa prihlasit na inom terminali ako root aby si mal istotu ze si
> to nezakazal. Nie je dobry postup najprv sa odhlasit a az potom
> zistit ze sa uz nemozes prihlasit :))
>
> inak: man pam
>
> M> # Standard Un*x authorization.
> M> @include common-account
>
> M> # Standard Un*x session setup and teardown.
> M> @include common-session
>
> M> # Print the message of the day upon successful login.
> M> session    optional     pam_motd.so # [1]
>
> M> # Print the status of the user's mailbox upon successful login.
> M> session    optional     pam_mail.so standard noenv # [1]
>
> M> # Set up user limits from /etc/security/limits.conf.
> M> session    required     pam_limits.so
>
> M> # Standard Un*x password updating.
> M> @include common-password
>
> Matus Horvath
>
> /\/\ /-\ "|" \_/ $    ]-[ () |^ \/ /-\ "|" ]-[
> ICQ: 33936477
> mailto:Matus.Horvath na nextra.sk
> http://www.elf.stuba.sk/~horvathm
>
> _______________________________________________
> http://lists.linux.sk/listinfo/linux
> Prehladavanie archivu: http://search.lists.linux.sk
> Meta FAQ: http://faq.lists.linux.sk
>
>


-=x=-
Skontrolované antivírovým programom NOD32

Další informace o konferenci linux