You were right guys, it was a PAM misconfiguration. I'm still having some issues, but I guess I'll have it solved for today.
Thanks for your help! Cartman wrote: > > Hi everyone, > > I just installed an Ubuntu Server machine running SSHD and I realized I > can ssh it with any of the system's users using any password. This means > that I'm able to log to the machine typying whatever I want as the > password, as long as the user exists (except root as denied in the config > file). I attach my config file just in case somebody is able to see > something I'm missing. > > # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ > > # This is the sshd server system-wide configuration file. See > # sshd_config(5) for more information. > > # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin > > # The strategy used for options in the default sshd_config shipped with > # OpenSSH is to specify options with their default value where > # possible, but leave them commented. Uncommented options change a > # default value. > > #Port 22 > #Protocol 2,1 > Protocol 2 > #AddressFamily any > #ListenAddress 0.0.0.0 > #ListenAddress :: > > # HostKey for protocol version 1 > #HostKey /etc/ssh/ssh_host_key > # HostKeys for protocol version 2 > #HostKey /etc/ssh/ssh_host_rsa_key > #HostKey /etc/ssh/ssh_host_dsa_key > > # Lifetime and size of ephemeral version 1 server key > #KeyRegenerationInterval 1h > #ServerKeyBits 768 > > # Logging > # obsoletes QuietMode and FascistLogging > #SyslogFacility AUTH > SyslogFacility AUTHPRIV > #LogLevel INFO > > # Authentication: > > #LoginGraceTime 2m > #PermitRootLogin yes > #StrictModes yes > #MaxAuthTries 6 > > #RSAAuthentication yes > #PubkeyAuthentication yes > #AuthorizedKeysFile .ssh/authorized_keys > > # For this to work you will also need host keys in > /etc/ssh/ssh_known_hosts > #RhostsRSAAuthentication no > # similar for protocol version 2 > #HostbasedAuthentication no > # Change to yes if you don't trust ~/.ssh/known_hosts for > # RhostsRSAAuthentication and HostbasedAuthentication > #IgnoreUserKnownHosts no > # Don't read the user's ~/.rhosts and ~/.shosts files > #IgnoreRhosts yes > > # To disable tunneled clear text passwords, change to no here! > #PasswordAuthentication yes > #PermitEmptyPasswords no > PasswordAuthentication yes > > # Change to no to disable s/key passwords > #ChallengeResponseAuthentication yes > ChallengeResponseAuthentication no > > # Kerberos options > #KerberosAuthentication no > #KerberosOrLocalPasswd yes > #KerberosTicketCleanup yes > #KerberosGetAFSToken no > > # GSSAPI options > #GSSAPIAuthentication no > GSSAPIAuthentication yes > #GSSAPICleanupCredentials yes > GSSAPICleanupCredentials yes > > # Set this to 'yes' to enable PAM authentication, account processing, > # and session processing. If this is enabled, PAM authentication will > # be allowed through the ChallengeResponseAuthentication mechanism. > # Depending on your PAM configuration, this may bypass the setting of > # PasswordAuthentication, PermitEmptyPasswords, and > # "PermitRootLogin without-password". If you just want the PAM account and > # session checks to run without PAM authentication, then enable this but > set > # ChallengeResponseAuthentication=no > #UsePAM no > UsePAM yes > > # Accept locale-related environment variables > AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY > LC_MESSAGES > AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT > AcceptEnv LC_IDENTIFICATION LC_ALL > #AllowTcpForwarding yes > #GatewayPorts no > #X11Forwarding no > X11Forwarding yes > #X11DisplayOffset 10 > #X11UseLocalhost yes > #PrintMotd yes > #PrintLastLog yes > #TCPKeepAlive yes > #UseLogin no > #UsePrivilegeSeparation yes > #PermitUserEnvironment no > #Compression delayed > #ClientAliveInterval 0 > #ClientAliveCountMax 3 > #ShowPatchLevel no > #UseDNS yes > #PidFile /var/run/sshd.pid > #MaxStartups 10 > #PermitTunnel no > > # no default banner path > #Banner /some/path > > # override default of no subsystems > Subsystem sftp /usr/libexec/openssh/sftp-server > IgnoreRhosts yes > IgnoreUserKnownHosts no > PrintMotd yes > StrictModes yes > RSAAuthentication yes > PermitRootLogin no > PermitEmptyPasswords no > > Any ideas? Thanks in advance. > -- View this message in context: http://www.nabble.com/Able-to-login-with-any-password-tf4141170.html#a11805541 Sent from the SSH (Secure Shell) mailing list archive at Nabble.com.
