On Sun, 05 May 2002, Tim van Erven wrote: > On Sun, May 05, 2002 at 02:49:56PM +0200, Vincent Hanquez <[EMAIL PROTECTED]> > wrote: > > On Sun, May 05, 2002 at 09:33:36AM +0300, Rauno Linnam?e wrote: > >> When PermitRootLogin is set to no in /etc/ssh/sshd_config (as it > >> should be), tryimg to log in as root using PuTTY 0.45: 1. after typing > >> the correct password, the "Access denied" message line is returned > >> immediately > > > > it's in my humble opinion normal, because the acces denied is done by > > sshd and not by PAM > > It may be normal and even expected behaviour, but it's still an > information leak and therefore a potential security issue.
Fixing this one is quite difficult. If you go through another code path in ssh for blocked and non-blocked logins, which does not call PAM, you will have other problems (because it is non-obvious that the PAM modules will never get called). The best bet would have to move the delay out of PAM (always using nodelay in the ssh PAM file) into ssh, I suppose. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]