OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes (followup)
Ben Lindstrom
mouring at etoh.eviladmin.org
Thu Jul 10 23:32:05 EST 2003
Would be nice for a complete sshd -d -d -d output. I've tracked back
through the code and I don't see how a single platform could have a
problem with it unless the problem is in auth_password(). Which is an
utter mess and nearly untrackable.
- Ben
On Thu, 10 Jul 2003, Vikash Badal - PCS wrote:
> Greetings,
>
> Problem : Openssh3.6.1p2 on UnixWare 7.1.1 allows access to passwordless
> account without a valid key when sshd_config has PasswordAuthentication no
> + PermitEmptyPasswords yes
>
> Attempts:
> Installed maintence pack3 and recompiled both OpenSSH and OpenSSL (0.9.7b)
> with native c compiler.
>
> Recompiled both OpenSSH and OpenSSL (0.9.7b) with gcc (2.95.2).
>
> Still the same problem.
>
> Looking at auth2.c line 185-190:
> authenticated = m->userauth(authctxt);
> sets authenticate to 1 when PermitEmptyPasswords ==> yes
>
> I found only one reference to userauth()
> in sshconnect2.c (line 279)
>
> I do not understand the code m->userauth(authctxt);
>
> Please assist.
>
> Vikash
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list