[CentOS] PAM configuration?

Tue Jan 5 14:49:21 UTC 2010
Thomas Harold <thomas-lists at nybeta.com>

On 1/5/2010 7:31 AM, Kai Schaetzl wrote:
> For what do you need the hash? You don't supply the hash for logging in.
>

In the case of SSH login, you are correct that the hash is not used to 
login.  But the attacker may find a way to read the hash out of the 
/etc/shadow file, or the same password is used in other places and also 
stored with a md5 hash.

A lot of things would have to go wrong for a remote attacker to get 
access to /etc/shadow - but it's been known to happen.

(Personally, I always move the SSH port to something other then 22 and 
we only allow authentication via public keys over the external port.)