From sec@ice.42.org  Tue Sep 15 02:46:11 1998
Received: from ice.42.org (ice.42.org [194.246.250.222])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA29148;
          Tue, 15 Sep 1998 02:46:07 -0700 (PDT)
          (envelope-from sec@ice.42.org)
Received: (from sec@localhost)
	by ice.42.org (8.8.8/8.8.8) id LAA07570;
	Tue, 15 Sep 1998 11:45:47 +0200 (CEST)
	(envelope-from sec)
Message-Id: <199809150945.LAA07570@ice.42.org>
Date: Tue, 15 Sep 1998 11:45:47 +0200 (CEST)
From: sec@42.org
Reply-To: sec@ice.42.org
To: FreeBSD-gnats-submit@freebsd.org
Cc: torstenb@freebsd.org
Subject: Ssh allows root login with no password
X-Send-Pr-Version: 3.2

>Number:         7931
>Category:       ports
>Synopsis:       Ssh allows root login with no password
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    torstenb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 15 02:50:00 PDT 1998
>Closed-Date:    Fri Sep 10 14:01:59 PDT 1999
>Last-Modified:  Fri Sep 10 14:06:03 PDT 1999
>Originator:     Stefan Zehl
>Release:        FreeBSD 2.2.7-STABLE i386
>Organization:
>Environment:

FreeBSD ice 2.2.7-STABLE FreeBSD 2.2.7-STABLE #0: Sun Sep 13 20:48:44 CEST 1998     sec@ice:/usr/src/sys/compile/ICE  i386

ssh port version:

# New ports collection makefile for:	ssh
# Version required:     1.2.25
# Date created:		30 Jul 1995
# Whom:			torstenb@FreeBSD.ORG

>Description:

If you don't have a root password set (and yes, I've seen quite some
machines with that setup, since FreeBSD allows no remote root logins)
ssh lets you in without any password.

>How-To-Repeat:

ssh host -l root

>Fix:

I thing either 

PermitEmptyPasswords no

or 

PermitRootLogin no

should be set in the default sshd-config
	
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports->torstenb 
Responsible-Changed-By: fenner 
Responsible-Changed-When: Sun Oct 25 11:44:42 PST 1998 
Responsible-Changed-Why:  
torstenb is maintainer 

From: Kris Kennaway <kkennawa@physics.adelaide.edu.au>
To: freebsd-gnats-submit@freebsd.org, sec@ice.42.org
Cc:  
Subject: Re: ports/7931: Ssh allows root login with no password
Date: Fri, 2 Apr 1999 01:03:58 +0930 (CST)

 Hi,
 
 Just noticed this in the PR database.
 
 I think your situation is an unusual one - most people who are concerned
 enough about system security that they use ssh to access the machine would not
 have an empty root password. The two options which control this
 (PermitEmptyPasswords and PermitRootLogin) are both useful separately in their
 default form - I think for your special situation you could just edit the
 config file yourself after installation (something you should do anyway for
 such a sensitive program)
 
 Thanks for the submission, but I think this PR should be closed.
 
 Kris
 
 -----
 The Feynman problem-solving algorithm: 1. Write down the problem
                                        2. Think real hard
                                        3. Write down the solution
 
 

From: Stefan Bethke <stefan@promo.de>
To: freebsd-gnats-submit@freebsd.org, sec@ice.42.org
Cc:  
Subject: Re: ports/7931: Ssh allows root login with no password
Date: Tue, 20 Apr 1999 12:52:15 +0200

 I beg to differ.
 
 I think the default should be as closed as possible, so that both
 PermitEmptyPasswords and PermitRootLogin are "no" after installation.
 
 I ran into this trap myself, because at that time I didn't know much
 about ssh, and didn't believe a security package would actually install
 by default in a way that opened up the machine, but rather work like
 telnetd/login in this case.
 

From: Stefan `Sec` Zehl <sec@42.org>
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: ports/7931: Ssh allows root login with no password
Date: Fri, 10 Sep 1999 21:04:46 +0200

 I think this PR can be closed now for good.
 
 a recently installed ssh1 port has both 
 | PermitRootLogin no
 | PermitEmptyPasswords no
 
 in /usr/local/etc/sshd_config and thus fixes the problem.
 
 CU,
     Sec
 -- 
 Die krzesten Computerwitze:
 2) Ich hab nix gemacht.
 
State-Changed-From-To: open->closed 
State-Changed-By: torstenb 
State-Changed-When: Fri Sep 10 14:01:59 PDT 1999 
State-Changed-Why:  
Empty passwords are turned of by default now. 
As Sec mentioned in the Audit Trail root-login has been turned of in 
rev. 1.4 of patch-ae. There's no point in doing that anyways. Ssh can be 
considered to be secure. (Beside buffer overflows etc. - but since sshd 
runs as root anywaye you've got bigger problems and "normal" root logins 
via ssh). 
While I also think that anyone who has accounts with empty passwords 
has bigger problems than letting people login to those accounts it's still 
off by default 
>Unformatted:
