Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Am new to ssh and hope someone can help me out while I learn more about it...
I was experimenting with logging into my server using ssh. I find that with the usePAM = yes option,
(a) I get a normal login option (ie linux user account) if I simply hit return at the pass phrase request (even though I've set a pass phrase). Further, I can login to the account using the normal linux login,
(b) I directly get the linux login prompt when attempting to login into an account for which I haven't inserted the public-key. And, I can login there too.
I imagine that there's a reason for the public-private key approach to setting up an ssh session, so, am a bit concerned that it allows a linux account login. As I understand it, if it does allow a linux account login, then the passwords are being transmitted in plain text?
Thinking my logic to be true, I set usePAM = no and now I always & only get the request for the pass phrase. Naive me thinks it good, but frankly really don't have a good understanding of what's happening on the authentication front!! Any help/thoughts would be much appreciated!! Would much appreciate a nod onn whether my settings below are insecure (I realize that such a question does depend on the environment & type of use, but any absolute no-no's?)
Thanks!!
SSH: OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
OS: CentOS 4.4
----------------------------------------
Some sshd_config parameter settings:
----------------------------------------
# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
Protocol 2
SyslogFacility AUTH
LogLevel INFO
PermitRootLogin no
MaxAuthTries 10
PasswordAuthentication no
ChallengeResponseAuthentication yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM no
Don't worry. No passwords are being transmitted in plain text. They are encrypted by the ssh client and decrypted by the ssh server. If this was not true, then there would be a lot more identity theft
Thanks, but for certain cases is encryption/decrypt. possible? One of the accounts that I tried to ssh into, I hadn't placed the public key, and I got a linux type login prompt (and could log in when usePAM=yes)...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.