[CentOS] PAM configuration?

Thomas Harold thomas-lists at nybeta.com
Tue Jan 5 14:49:21 UTC 2010

On 1/5/2010 7:31 AM, Kai Schaetzl wrote:
> For what do you need the hash? You don't supply the hash for logging in.

In the case of SSH login, you are correct that the hash is not used to 
login.  But the attacker may find a way to read the hash out of the 
/etc/shadow file, or the same password is used in other places and also 
stored with a md5 hash.

A lot of things would have to go wrong for a remote attacker to get 
access to /etc/shadow - but it's been known to happen.

(Personally, I always move the SSH port to something other then 22 and 
we only allow authentication via public keys over the external port.)

More information about the CentOS mailing list