Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] SSHD - limiting access to one account - how?
  • From: Martin Leweling <lewelin@xxxxxxxxxxxxxxx>
  • Date: Mon, 4 Feb 2002 14:36:08 +0100
  • Message-id: <20020204133607.74F6910A8@xxxxxxxxxxxxxxxxxxxxxxxx>

On Monday 04 February 2002 13:54, Tobias Burnus wrote:
> Hi Steven,
> > And if some option is commented out in the sshd_config does it use the
> > default option?
> SSHD has to, what else should it use ...
> > What exploits are there for the "UseLogin" option?
> > e.g.. #UseLogin no
> UseLogin allows one to do a "ssh foo" and then enter the password.
> If you disallow login you need to have a authorised key.

Sorry, but this is not quite correct. You are mistaking "UseLogin" for
"PasswordAuthentication". "UseLogin" means to use the OS supplied
external login (/bin/login) for authentication. "man sshd" is your friend.

For vulnerability info on "UseLogin" see,

Note that "UseLogin yes" ( _not_ default ) also means you are
inheriting all security holes of login, see e.g.

Many vendors, including SuSE, Sun etc. have issued patches for login.

> Tobias

Martin Leweling
Institut fuer Planetologie, WWU Muenster
Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany

< Previous Next >
Follow Ups