| severity 366541 wishlist | thanks | | On Tue, May 09, 2006 at 06:30:00PM +0300, Jari Aalto wrote: | > Package: openssh-server | > Version: 1:4.2p1-8 | > Severity: normal | > Tags: security | > | > The /etc/passwd contains entry: | > | > sshd:x:101:65534::/var/run/sshd:/bin/false | > | > SUGGESTION | > | > The new login package includes /bin/nologin wich would be more secure, | > because it leaves trace to syslog after login attemps. | I think it has the same functional effect: | May 9 12:46:31 andromeda nologin: Attempted login by pryzbyj on /dev/pts/2 | May 9 12:47:34 andromeda login[6063]: FAILED LOGIN (1) on `tty1' FOR `sshd', Authentication failure | May 9 12:49:31 andromeda login[25987]: FAILED LOGIN (1) on `tty1' FOR `sshd', Authentication failure
Not at all. The nologin records the account that ws used to "crack in". | Also, nologin.5 reads: | | It is intended as a replacement shell field for accounts that | have been disabled | | which isn't the case for 'sshd', which should never be enabled in the | first place; it is just a special use for running the ssh parent | daemon process. This is an error in nologin's manual page and needs inprovement. I know, because I was the one that ported the nologin from bsd to Linux and submitted it to "login" package maintainers. The /bin/nologin is straight alternative to /bin/false Jari -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
