I respectfully disagree with Jamie Strandboge regarding his statement:
"ssh public key logins are not disabled by the use of '!'."
OpenSSH, when *not* relying on PAM for account checking (ie "UsePAM
no"), will itself consider an account "locked" if the user's password
field in the shadow file is
I respectfully disagree with Jamie Strandboge regarding his statement:
"ssh public key logins are not disabled by the use of '!'."
OpenSSH, when *not* relying on PAM for account checking (ie "UsePAM
no"), will itself consider an account "locked" if the user's password
field in the shadow file is
Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug has been fixed in newer releases of Ubuntu.
** Changed in: base-passwd (Ubuntu Intrepid)
Status: New = Invalid
--
root account has ! as default password
https://bugs.launchpad.net/bugs/296841
You
Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug has been fixed in newer releases of Ubuntu.
** Changed in: base-passwd (Ubuntu Intrepid)
Status: New = Invalid
--
root account has ! as default password
https://bugs.launchpad.net/bugs/296841
You
** Branch linked: lp:debian/base-passwd
--
root account has ! as default password
https://bugs.launchpad.net/bugs/296841
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vm-builder in ubuntu.
--
Ubuntu-server-bugs mailing list
** Branch linked: lp:debian/base-passwd
--
root account has ! as default password
https://bugs.launchpad.net/bugs/296841
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Branch linked: lp:ubuntu/karmic/vm-builder
--
root account has ! as default password
https://bugs.launchpad.net/bugs/296841
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Branch linked: lp:ubuntu/karmic/shadow
--
root account has ! as default password
https://bugs.launchpad.net/bugs/296841
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
** Branch linked: lp:~ubuntu-branches/ubuntu/dapper/shadow/dapper-
security
** Branch linked: lp:~ubuntu-branches/ubuntu/gutsy/shadow/gutsy-security
** Branch linked: lp:~ubuntu-branches/ubuntu/hardy/shadow/hardy-security
** Branch linked: lp:ubuntu/intrepid-updates/shadow
--
root account has
Part of the reason there's been a problem here is that the root user is
initially set up by base-passwd as follows:
root::0:0:root:/root:/bin/bash
I don't think the blank password is defensible in this day and age, and
will change this. I wouldn't like to backport this to Intrepid
immediately,
This bug was fixed in the package base-passwd - 3.5.21
---
base-passwd (3.5.21) unstable; urgency=low
* Set up the root user without a password by default, rather than giving
it an empty password. In this day and age the latter is not really a
defensible default (LP:
** Changed in: vmbuilder
Status: Fix Committed = Fix Released
--
root account has ! as default password
https://bugs.launchpad.net/bugs/296841
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
1. OK
2. I may not know enough detail here, but why would it then be that root
password '!' prevents me from logging with SSH key, but root password of
'*' allows me to do so? I was under impression that '!' in /etc/shadow
password field is used to disable logins for that account entirely.
--
1. I should have said an enabled empty root password makes possible
passwordless root login via ssh and the console. In other words,
/etc/securetty and /etc/pam.d/common-auth need to be (mis)configured.
2. ssh public key logins are not disabled by the use of '!'. Eg:
/etc/shadow
Hi Jamie,
Firstly, I'm curious with what sshd_config settings does sshd allow you
to connect having such root line in /etc/shadow without supplying
password.
Because even if I supply this config (neither of which I use in
practice):
PermitRootLogin yes
PasswordAuthentication yes
I still can't
A disabled empty root password (ie '*' in /etc/shadow) works fine. Eg,
using the below 'test.sh' script:
#!/bin/sh -e
for i in nullok nonull ; do
echo -n $i:
if printf '!\0' | unix_chkpwd root $i ; then
echo matched
else
echo did not match
fi
done
$ sudo head -1
This fix breaks logging into our OpenVZ and Linux-VServer virtual
machines created from debootstrapped templates. The routine by which you
check whether the root login should be disabled is wrong:
if printf '!\0' | unix_chkpwd root nullok ; then
echo 'root:!' | chpasswd -e
fi
This should
** Summary changed:
- luchiari
+ root account has ! as default password
--
root account has ! as default password
https://bugs.launchpad.net/bugs/296841
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
** Changed in: vm-builder (Ubuntu Jaunty)
Status: In Progress = Fix Released
--
root account has ! as default password
https://bugs.launchpad.net/bugs/296841
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing
** Visibility changed to: Public
--
root account has ! as default password
https://bugs.launchpad.net/bugs/296841
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
This bug was fixed in the package shadow - 1:4.1.1-5ubuntu3
---
shadow (1:4.1.1-5ubuntu3) jaunty; urgency=low
* disable the root password for virtual machines created with vm-builder
on Ubuntu 8.10. (LP: #296841)
-- Jamie Strandboge [EMAIL PROTECTED] Thu, 13 Nov 2008
21 matches
Mail list logo
