HPE Community
Operating System - HP-UX
1753936 Members
10326 Online
108811 Solutions
New Discussion юеВ

how to disable pam_ssh

 
SOLVED
Go to solution
Rajesh G. Ghone
Regular Advisor

тАО06-15-2009 05:19 AM

тАО06-15-2009 05:19 AM

how to disable pam_ssh

Dear All,

Please let me know to how to disable pam_ssh.

Thanks,
Rajesh Ghone.
Rajesh Ghone
0 Kudos
Reply
6 REPLIES 6
Mel Burslan
Honored Contributor

тАО06-15-2009 05:40 AM

тАО06-15-2009 05:40 AM

Solution

Re: how to disable pam_ssh

edit /opt/ssh/etc/sshd_config

find line starting with "Use PAM" (capitalization of the letters might be different)

change it to

Use_PAM No

stop and restartd sshd using

/sbin/init.d/secsh stop
/sbin/init.d/secsh start

Hope this helps
________________________________
UNIX because I majored in cryptology...
Reply
Rajesh G. Ghone
Regular Advisor

тАО06-15-2009 06:19 AM

тАО06-15-2009 06:19 AM

Re: how to disable pam_ssh

Thanks Mel it worked for me..
Rajesh Ghone
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО06-15-2009 06:19 AM

тАО06-15-2009 06:19 AM

Re: how to disable pam_ssh

Shalom,

You now have instructions on how to do this. But you may end up with no ssh connectivity or a security hole.

Can you explain why you wish to do this?

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Rajesh G. Ghone
Regular Advisor

тАО06-15-2009 06:22 AM

тАО06-15-2009 06:22 AM

Re: how to disable pam_ssh

Hi Sep,

There was a Security Audit and in that audit the auditor found that pam_ssh is enabled and as per there document the pam_ssh should be disable since there is CVE threat in it..

so I have decided to disable the pam_ssh do u see any risk in disabling pam_ssh??
Rajesh Ghone
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО06-15-2009 07:02 AM

тАО06-15-2009 07:02 AM

Re: how to disable pam_ssh

Shalom again.

Yes I see a risk.

totally disabling pam_ssh might lead to problems.

The entire point of a pam_ssh configuration is to insure that authentication of ssh follows some logical pattern.

Commenting it out might be a bigger problem.

Security auditors are a strange bunch. They need to find stuff in order to justify their existence.

In this case, I'd need to see why they think this is a problem. I would not do this without a good reason.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО06-15-2009 07:03 AM

тАО06-15-2009 07:03 AM

Re: how to disable pam_ssh

Sorry. I am using a laptop and was not done.

They may have a problem with your pam_ssh configuration. I find it difficult to believe that they would want you to just comment it out.

They may want a stronger configuration, which they should recommend.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.