Public bug reported:
Adding the following options to the /etc/ssh/sshd_config file:
PasswordAuthentication no
UsePAM no
For the purpose of disallowing logins by users via password (instead of
public key).
Login via public key does work as expected for users that HAVE a
password defined (but will NEVER be requested per the configuration --
as designed).
For users created without a password, these options cause the ssh
connection to fail with the error message:
Permission denied (publickey).
Setting a non-trivial password (of course) for the user causes the
subsequent ssh connection to succeed.
This seems counter to the intent of the sshd options -- to require a
user to have a valid password to never ask the password and only accept
public key authentication.
Description: Ubuntu 12.04.4 LTS
Release: 12.04
openssh-server version 1:5.9p1-5ubuntu1.3
A *very* bad situation can occur if the root account has no valid
password, and instead relies on public key authentication. Setting
these parameters in sshd_config will effectively lock the root user from
logging in directly to the system! Combine with locking out all the
users, and you have a system with no user access!
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1305228
Title:
PasswordAuthentication "no" fails if user account has no password set
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1305228/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
