Bad Password - #010#012#015#177INCORRECT : ssh -> pam -> libpam_sqlite -> sqlite3
Ángel González
keisial at gmail.com
Thu Mar 6 09:28:51 EST 2014
For future archive searchers:
> Why does OpenSSH replaces the password entered by the user with the
> bad password - "\b\n\r\177INCORRECT
There are some situations where sshd determines a user can't log in.
Typical samples of that are DenyUsers or PermitRootLogin.
In those cases sshd *still* calls PAM, so that delays set by it are
still performed to the user (without leaking info about accounts
existing, disabled, etc.). But in order to ensure it can't succeed,
replaces the password with that impossible one.
More information about the openssh-unix-dev
mailing list