[Bug 263045] sshd password configuration options are unclear

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 263045] sshd allows password logins when "PasswordAuthentication no" is set"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 18 May 2022 15:43:36 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263045

--- Comment #9 from Ed Maste <emaste@freebsd.org> ---
Some more details:

PasswordAuthentication is handled by auth2-passwd.c and auth-passwd.c, and
auth-pam.c, which uses sshpam_auth_passwd() if UsePAM is true, else it uses
crypt(3) and compares against the passwd entry. In effect, sshd requests a user
name and a password, and then passes them to pam or checks the password itself.
The PasswordAuthentication scheme is described in RFC 4252.

KbdInteractiveAuthentication is handled by auth2-kbdint.c, auth2-chall.c, and
auth-pam.c. In this case sshpam_thread() calls pam_authenticate(), and the
authentication is driven by pam, not by sshd. This scheme is described in RFC
4256, Generic Message Exchange Authentication for the Secure Shell Protocol."

-- 
You are receiving this mail because:
You are the assignee for the bug.