On a standard installation of FC1 and FC2 (and FC3?) is permit to login with a user with a empty password ... is this correct? [root@igloo root]# man sshd_config > PermitEmptyPasswords > When password authentication is allowed, it specifies whether the > server allows login to accounts with empty password strings. The > default is ânoâ. [root@igloo root]# grep PermitEmptyPasswords /etc/ssh/sshd_config #PermitEmptyPasswords no [root@igloo root]# useradd nopasswd [root@igloo root]# passwd -d nopasswd Removing password for user nopasswd. passwd: Success [root@igloo root]# ssh nopasswd@localhost nopasswd@localhost's password: <type ENTER> Permission denied, please try again. nopasswd@localhost's password: <type "x" then ENTER> [nopasswd@igloo nopasswd]$ id uid=505(nopasswd) gid=507(nopasswd) gruppi=507(nopasswd) [nopasswd@igloo nopasswd]$ How to disable this "feature"? Many thanks -- Dario Lesca <d.lesca@xxxxxxxxxx>
