[Bug 3257] New: PasswordAuthentication is no, but still accepts password

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Jan 31 15:57:23 AEDT 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3257

            Bug ID: 3257
           Summary: PasswordAuthentication is no, but still accepts
                    password
           Product: Portable OpenSSH
           Version: 8.4p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: gqqnb2005 at gmail.com

$ sudo sshd -d -T -C user=gqqnbig | grep passwordauthentication
debug1: sshd version OpenSSH_8.4, OpenSSL 1.1.1f  31 Mar 2020
debug1: user qiqig matched group list certificateLoginOnly at line 2

sshd tells if gqqnbig logs in, passwordauthentication is no.


Then I use psftp to log in with password. It succeeds.

> psftp qiqig at 172.25.9.11
Using username "gqqnbig".
gqqnbig at 172.25.9.11's password:
Remote working directory is /home/gqqnbig


I use default /etc/ssh/sshd_config, but I add certificateLoginOnly.conf
in  sshd_config.d.

$ cat /etc/ssh/sshd_config.d/certificateLoginOnly.conf
# Example of overriding settings on a per-user basis
Match Group certificateLoginOnly
     PasswordAuthentication  no


If I move the Match block to sshd_config, I can no longer use password
to log in.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list