ssh and root on 4.10 = password discovery (maybe)

From: Tig (tigger_at_onemoremonkey.com)
Date: 07/21/04

  • Next message: Konrad Heuer: "Re: ssh and root on 4.10 = password discovery (maybe)"
    Date: Wed, 21 Jul 2004 19:35:27 +1000
    To: freebsd-security@freebsd.org
    
    

    Hello. I'm not 100% sure if this is a configuration error on my side or
    a 'bad idea' on sshd/FreeBSD sides.

    A remote root ssh connection to a FreeBSD 4.10 server (with no remote
    root access) will allow you to 'work out' the root password. However, if
    you try the same against 5.2.1 FreeBSD, you have little chance. The
    following are pretty clear examples.

    If this is a config mistake on my side, please let me know as I have
    clearly done something wrong.

    Correct root password - 4.10
    tigger@piglet:~% ssh root@4.10-FreeBSD
    Password:
    Connection to 4.10-FreeBSD closed by remote host.
    Connection to 4.10-FreeBSD closed.
    tigger@piglet:~%

    Incorrect root password - 4.10
    tigger@piglet:~% ssh root@4.10-FreeBSD
    Password:
    Password:
    Password:
    root@lilypie.com's password:
    Permission denied, please try again.
    root@lilypie.com's password:
    Permission denied, please try again.
    root@lilypie.com's password:
    Permission denied (publickey,password,keyboard-interactive).
    tigger@piglet:~%

    Correct root password - 5.2.1
    tigger@piglet:~% ssh root@5.2.1-FreeBSD
    Password:
    Password:
    Password:
    root@eeeor.goo's password:
    Permission denied, please try again.
    root@eeeor.goo's password:
    Permission denied, please try again.
    root@eeeor.goo's password:
    Permission denied (publickey,password,keyboard-interactive).

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Konrad Heuer: "Re: ssh and root on 4.10 = password discovery (maybe)"

    Relevant Pages

    • Re: Problem connecting to SSH, OpenVMS7.3-2, HP TCP/IP v5.4 patched
      ... warning: Authentication failed. ... connection lost (Connection closed by remote host.). ... So, as you can see, I am trying to make an ssh connection with the ...
      (comp.os.vms)
    • Re: [opensuse] Who does graphics rendering with ssh?
      ... I don't know if this helps the thread, but the way I would think of ssh is that ssh just gives you a terminal on the remote machine. ... When you add X11Forwarding you then have added the ability to run graphical applications on the remote and have them display locally. ... You are just adding a communication layer to what the basic ssh connection provides. ...
      (SuSE)
    • RE: Re: Remote connections
      ... Compliments of Cygwin you can setup a SSH server on ... connection through the SSH connection. ... Aside from creating a VPN tunnel and then performing a Remote Desktop ... Server Terminal Services and XP and 2003 server Remote Desktop machines. ...
      (Focus-Microsoft)
    • Re: PermitRootLogin=yes versus su
      ... > a regular user and using su to become root. ... > Back in the days before strong encryption, when remote access was done ... > However, we now have SSH. ...
      (comp.security.ssh)
    • Re: Do I need a VPN?
      ... Run an SSH server on your local PC - OpenSSH in your case, ... Schedule an outbound connect to your SSH server on the remote PC. ... port to a particular remote port. ... a connection from its 3G dongle, which is the only internet connection ...
      (uk.telecom.broadband)