https://bugzilla.mindrot.org/show_bug.cgi?id=3257
Bug ID: 3257
Summary: PasswordAuthentication is no, but still accepts
password
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-bugs@mindrot.org
Reporter: gqqnb2005@gmail.com
$ sudo sshd -d -T -C user=gqqnbig | grep passwordauthentication
debug1: sshd version OpenSSH_8.4, OpenSSL 1.1.1f 31 Mar 2020
debug1: user qiqig matched group list certificateLoginOnly at line 2
sshd tells if gqqnbig logs in, passwordauthentication is no.
Then I use psftp to log in with password. It succeeds.
> psftp qiqig@172.25.9.11
Using username "gqqnbig".
gqqnbig@172.25.9.11's password:
Remote working directory is /home/gqqnbig
I use default /etc/ssh/sshd_config, but I add certificateLoginOnly.conf
in sshd_config.d.
$ cat /etc/ssh/sshd_config.d/certificateLoginOnly.conf
# Example of overriding settings on a per-user basis
Match Group certificateLoginOnly
PasswordAuthentication no
If I move the Match block to sshd_config, I can no longer use password
to log in.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Bug ID: 3257
Summary: PasswordAuthentication is no, but still accepts
password
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-bugs@mindrot.org
Reporter: gqqnb2005@gmail.com
$ sudo sshd -d -T -C user=gqqnbig | grep passwordauthentication
debug1: sshd version OpenSSH_8.4, OpenSSL 1.1.1f 31 Mar 2020
debug1: user qiqig matched group list certificateLoginOnly at line 2
sshd tells if gqqnbig logs in, passwordauthentication is no.
Then I use psftp to log in with password. It succeeds.
> psftp qiqig@172.25.9.11
Using username "gqqnbig".
gqqnbig@172.25.9.11's password:
Remote working directory is /home/gqqnbig
I use default /etc/ssh/sshd_config, but I add certificateLoginOnly.conf
in sshd_config.d.
$ cat /etc/ssh/sshd_config.d/certificateLoginOnly.conf
# Example of overriding settings on a per-user basis
Match Group certificateLoginOnly
PasswordAuthentication no
If I move the Match block to sshd_config, I can no longer use password
to log in.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs