I'm recovering a server from getting hacked and there is one thing I can't fix: When I ssh (or scp) to the server, no matter what password I give, it lets me log in. I don't know much about the ssh protocol but I'm pretty sure it's not supposed to do that. I've checked in the sshd_config file and the only changes are the ones that I've made (as far as I can remember). Another thought that I had was that there might be something screwed up in the /etc/passwd file that I'm missing. Has anyone seen this?