From owner-freebsd-questions  Wed Jun 26 17:20:13 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from rhymer.cogsci.ed.ac.uk (rhymer.cogsci.ed.ac.uk [129.215.144.8])
	by hub.freebsd.org (Postfix) with ESMTP id BBD9637C571
	for <questions@FreeBSD.ORG>; Wed, 26 Jun 2002 16:51:40 -0700 (PDT)
Received: (from richard@localhost)
	by rhymer.cogsci.ed.ac.uk (8.9.3/8.9.3) id AAA17507
	for questions@FreeBSD.ORG; Thu, 27 Jun 2002 00:51:38 +0100 (BST)
Date: Thu, 27 Jun 2002 00:51:38 +0100 (BST)
Message-Id: <200206262351.AAA17507@rhymer.cogsci.ed.ac.uk>
From: Richard Tobin <richard@cogsci.ed.ac.uk>
Subject: ssh question
To: questions@FreeBSD.ORG
Organization: just say no
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

While checking my ssh configuration, I was shocked to discover that I
could log in to accounts with no password set by giving any non-empty
password.  What have I got misconfigured for this to happen?

I am running 4.6 have the standard 4.6 /etc/ssh/sshd_config.

PermitEmptyPasswords is no.  Setting it to yes allows passwordless
users to log in without being prompted for a password at all; with it
set to no I am prompted for a password and any non-empty string seems
to work.

-- Richard

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message