https://bugzilla.mindrot.org/show_bug.cgi?id=3257
Bug ID: 3257
Summary: PasswordAuthentication is no, but still accepts
password
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: [email protected]
Reporter: [email protected]
$ sudo sshd -d -T -C user=gqqnbig | grep passwordauthentication
debug1: sshd version OpenSSH_8.4, OpenSSL 1.1.1f 31 Mar 2020
debug1: user qiqig matched group list certificateLoginOnly at line 2
sshd tells if gqqnbig logs in, passwordauthentication is no.
Then I use psftp to log in with password. It succeeds.
> psftp [email protected]
Using username "gqqnbig".
[email protected]'s password:
Remote working directory is /home/gqqnbig
I use default /etc/ssh/sshd_config, but I add certificateLoginOnly.conf
in sshd_config.d.
$ cat /etc/ssh/sshd_config.d/certificateLoginOnly.conf
# Example of overriding settings on a per-user basis
Match Group certificateLoginOnly
PasswordAuthentication no
If I move the Match block to sshd_config, I can no longer use password
to log in.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
