"PermitRootLogin no" fails
Darren Tucker
dtucker at zip.com.au
Fri Feb 8 20:00:56 EST 2008
Danny Mitchell wrote:
> I'm running version 4.7p1 of OpenSSH on a Linux system (it was
> originally a RedHat system, but I've changed almost everything.) When
> I originally built OpenSSH I used the config option --without-pam, and
> installed the software in /usr/local. I explicitly forbade root login
> with sshd (by setting the PermitRootLogin to "no" in the sshd_config
> file), but found that I could login as root. Examination of the code
> revealed that PermitRootLogin is only dealt with in auth-pam.c, which
> is surrounded by #ifdef USE_PAM/#endif.
It is also checked in auth.c in auth_root_allowed(), which is used as a
final check in auth1.c and auth2.c.
> I rebuilt OpenSSH with the
> --with-pam option enabled, installed, set PermitRootLogin to "no", and
> restarted. It still permits root login.
What configure options did you build with? Did you remember to use
--sysconfdir option to tell it to use the same files as the vendor sshd
(probably /etc/ssh)? By default, OpenSSH Portable uses config files in
/usr/local/etc.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list