[CentOS] SSH login from user with empty password
David C. Miller
millerdc at fusion.gat.com
Thu Oct 10 22:12:18 UTC 2013
----- Original Message -----
> From: "Michael Schultz" <m.schultz at srz.de>
> To: centos at centos.org
> Sent: Thursday, October 10, 2013 6:44:36 AM
> Subject: [CentOS] SSH login from user with empty password
>
> Hello list,
>
> on a CentOS 6.4 machine I'm creating accounts with empty passwords.
> Each
> user's public key is located in <user's home>/.ssh/authorized_keys.
>
> When trying to ssh into that machine, following error message is
> displayed:
> Permission denied (publickey).
>
> In /etc/ssh/sshd_config I've set:
> PasswordAuthentication no
> UsePAM no
>
> If I set a password for the users, the public key auth works without
> any
> problems.
>
> Could anyone tell me what I'm missing here?
>
>
> Thanks
> Michael
SSH by default will use a key pair if found but then drops back to login password. It will also fall back to password if the keypair has a passphrase and you just hit retrun without type it in. SSH won't allow you to connect because the password in the shadow file is blank. Basically if you don't have a password it should not allow you to login regardless. From a security standpoint it makes sense to never allow blank passwords. Just give the account a long 25 character random password and then setup SSH key pairs.
David.
More information about the CentOS
mailing list