[CentOS] PAM configuration?
thomas-lists at nybeta.com
Tue Jan 5 14:49:21 UTC 2010
On 1/5/2010 7:31 AM, Kai Schaetzl wrote:
> For what do you need the hash? You don't supply the hash for logging in.
In the case of SSH login, you are correct that the hash is not used to
login. But the attacker may find a way to read the hash out of the
/etc/shadow file, or the same password is used in other places and also
stored with a md5 hash.
A lot of things would have to go wrong for a remote attacker to get
access to /etc/shadow - but it's been known to happen.
(Personally, I always move the SSH port to something other then 22 and
we only allow authentication via public keys over the external port.)
More information about the CentOS