Bug 148766 - sshd seems to be caching user passwords
sshd seems to be caching user passwords
Status: CLOSED DUPLICATE of bug 136855
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: openssh (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-15 09:04 EST by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-15 09:40:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2005-02-15 09:04:14 EST
This was reported to security@redhat.com by Jason Savoie.  I have verified this
behavior on RHEL3.


Purpose: To disable an account from ssh/telnet/rsh login
Issue: executed the passwd -d <username> command and can still login as
that person with the old password


Hello, I was testing to see how I can make an account unavailable from
normal logins and also from using and ssh publickey authentication (if
they had it and we didn't know it unless we log into account and
manually remove it)


So, here is what I did.

# Created a test account on a machine running the following RH release

-bash-2.05b$ uname -a
Linux orange.westernasset.com 2.4.21-15.ELsmp #1 SMP Thu Apr 22 00:09:01
EDT 2004 x86_64 x86_64 x86_64 GNU/Linux
-bash-2.05b$ id
uid=4086(jsavoie) gid=151(ops) groups=151(ops)
-bash-2.05b$ cat /etc/redhat-release
Red Hat Enterprise Linux AS release 3 (Taroon Update 2)


# Created the account

sudo /usr/sbin/useradd -u 6666 test

# Gave it a password
sudo passwd test

# Went to another machine and logged in.

[jsavoie@rancho jsavoie]$ uname -a
Linux rancho.westernasset.com 2.4.21-15.ELsmp #1 SMP Thu Apr 22 00:09:01
EDT 2004 x86_64 x86_64 x86_64 GNU/Linux
[jsavoie@rancho jsavoie]$ ssh test@orange
test@orange's password:
[test@orange test]$

# Went to the test server and removed the password using the passwd -d
<username> command

bash-2.05b$ sudo passwd -d test
Removing password for user test.
passwd: Success

-bash-2.05b$ sudo grep test /etc/shadow
test::12825:0:99999:7:::

# Now, login from the other machine

[jsavoie@rancho jsavoie]$ ssh test@orange
test@orange's password:
Permission denied, please try again.
test@orange's password:
[test@orange test]$

(NOTE: the first time above was no passwd, then the old password and it
worked!!!)
Comment 1 Josh Bressers 2005-02-15 09:33:41 EST
I did not have nscd running on the machine I tested this on.
Comment 2 Tomas Mraz 2005-02-15 09:40:49 EST
No, this is a completely different bug (pam ignores flag which openssh sends to
it when PermitEmptyPasswords is set to no).
You can actually enter any non-empty password to login when user has null password.


*** This bug has been marked as a duplicate of 136855 ***

*** This bug has been marked as a duplicate of 136855 ***

Note You need to log in before you can comment on or make changes to this bug.