Re: secuirty bug with /etc/login.access

From: Sven Pfeifer (sven_at_yagonna.de)
Date: 02/19/04

  • Next message: Peter Pentchev: "Re: [Fwd: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoSvulnerability]"
    Date: Thu, 19 Feb 2004 13:33:49 +0100
    To: freebsd-security@freebsd.org
    
    

    Hi Tig,

    Tig <tigger@onemoremonkey.com> wrote:

    [...]

    > So, I tested it over ssh from a remote box
    >
    > tigger@piglet:~% ssh ray@sonic.cbnmediaX.com.au
    > Password:
    > Password:
    > Password:
    > ray@sonic.cbnmediaX.com.au's password:
    > Last login: Sat Feb 14 12:29:45 2004 from dsl-38.226.240.

    [...]
     
    > (I'm 100% sure I typed the password correct each time)
    > As you can see, I'm denied access each time until the 'ray@sonic...'
    > option is presented, then I'm allowed in.

    this looks like, you have configured

           PasswordAuthentication yes
    and
            Protocol 2,1

    in your servers /etc/ssh/sshd_config. So your client is trying to
    authenticate to the _local_ id-File. If this is failing (3 times) then
    it tries the PasswordAuthentication at the _remote_ maschine. So i
    think you typed in the wrong password for your _local_ id-File and
    the fourth time at the "ray@sonic.cbnmediaX.com.au's password:"
    prompt you typed in the correct password for user ray at host
    sonic.cbnmediX.com.au.

    [...]

    > -Tig

    HTH

            Sven

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Peter Pentchev: "Re: [Fwd: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoSvulnerability]"