On Wednesday 16 February 2005 09:04, Tomas Mraz wrote:
On Wed, 2005-02-16 at 08:37 -0500, Richard June wrote:
> <snip>
>
> > The problem is that I don't see how anyone could login using ssh to
> > account with !! in /etc/shadow. I have to suppose that there were
>
> three words, ssh pubkey authentication.
This doesn't apply as the attacker would have to have the ssh private
key of a public key which would have to be installed in the
~apache/.ssh/authorized_keys what I don't suppose.
However I've been mistaken with the /etc/shadow - the real thing is in
the /etc/passwd line - if the second field is empty (no 'x' there) that
means the password is empty and sshd would allow logging in.
Default config is for
ssh to not allow emtpy passwords to login *AND* to put
either x or !! into the passwd field in /etc/passwd.
Thus for sshd to allow sombody to log in like that, the user (or the attacker
through some other means) would have to edit /etc/passwd, and enable empty
passwords in sshd_config, and restart ssh(though if you have the first two
done, the last should be simple)
and in the event of users such as apache, you have to change the shell
from /bin/false to /bin/bash or something.
--
Public Key available Here:
http://www.bravegnuworld.com/~rjune/pubkey.asc