At 7/21/2003 12:12 -0500, you wrote:
I think (underline think) that if you just set the account to have no password, you cannot get a shell. I'm not sure, so you may want to take that with a grain of salt before trying it.
That is not only wrong, but also very dangerous. You are, in effect, allowing anyone to connect since they do not have to know anything.
Please do not recommend this to others.
How so? I just now set up an account on one of my boxes with no password. Now when I try to ssh to the box as that user, and enter no password, I get authentication failed. Also, if I'm logged into the box as a non-root user, and try to su to that account, I enter no password, and get the same thing. Not that I'm doubting that it can be dangerous, I just want to know how it can be exploited, as there a few accounts which have /bin/bash as their shell, and no password by default (installing mysql from RPM comes to mind).
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
