>Number:         32313
>Category:       bin
>Synopsis:       sshd 'PasswordAuthentication no' silently fails
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Dec 16 04:55:00 +0000 2005
>Originator:     Curt Sampson
>Release:        NetBSD 3.0_RC6
>Organization:
>Environment:
System: NetBSD cjs.tabemo.com 3.0_RC6 NetBSD 3.0_RC6 ($Id$) #0: Thu Dec 15 17:42:35 JST 2005 cjs@cjs.tabemo.com:/u/netbsd/src-3/sys/arch/i386/compile/TABEMO-3.WORKSTATION i386
Architecture: i386
Machine: i386
>Description:

    On a NetBSD-3.0 system, unlike NetBSD-2, by default, setting
    'PasswordAuthentication no' in the /etc/ssh/sshd_config file
    silently allows password authentication anyway.

>How-To-Repeat:

    Install NetBSD-3.0. Set 'PasswordAuthentication no' in the
    /etc/ssh/sshd_config. Try to log in using a password, and note that
    you can do so.

>Fix:

    Two possible fixes. I don't really have a preference, but 2) and 3)
    is much more work, so if we want to go that way, and can't implement
    it immediately, we should at least do 1) in the meantime. (That
    gives PAM users a fairly obvious failure rather than non-PAM users a
    subtle failure.)

    1) Change the default /etc/ssh/sshd_config to have 'UsePAM no'
    instead of 'UsePAM yes'.

    2) Change sshd not to start, but instead warn the user if
    incompatable options are set.

    3) Change PAM to use the /etc/ssh/sshd_config file, in addition to
    any of its own config files.