[CentOS] PAM configuration?
Thomas Harold
thomas-lists at nybeta.com
Tue Jan 5 14:49:21 UTC 2010
On 1/5/2010 7:31 AM, Kai Schaetzl wrote:
> For what do you need the hash? You don't supply the hash for logging in.
>
In the case of SSH login, you are correct that the hash is not used to
login. But the attacker may find a way to read the hash out of the
/etc/shadow file, or the same password is used in other places and also
stored with a md5 hash.
A lot of things would have to go wrong for a remote attacker to get
access to /etc/shadow - but it's been known to happen.
(Personally, I always move the SSH port to something other then 22 and
we only allow authentication via public keys over the external port.)
More information about the CentOS
mailing list