Subject: Re: ssh and a missing shell (is there a fallback shell?)
To: Hisashi T Fujinaka <email@example.com>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 06/09/2005 15:37:43
In message <Pine.NEB.email@example.com>, Hisashi T Fujinak
>Hmm. Would /bin/false give you better feedback as to why the login is
>failing? I suppose no feedback is more secure, but I was debugging CVS
>and yeesh, what a mess.
Except in very special circumstances, giving no feedback rarely adds
any noticeable amount of security. Making services hard to debug hurts
availability -- and availability is itself a component of security.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb