ssh and root on 4.10 = password discovery (maybe)

From: Tig (tigger_at_onemoremonkey.com)
Date: 07/21/04

  • Next message: Konrad Heuer: "Re: ssh and root on 4.10 = password discovery (maybe)"
    Date: Wed, 21 Jul 2004 19:35:27 +1000
    To: freebsd-security@freebsd.org
    
    

    Hello. I'm not 100% sure if this is a configuration error on my side or
    a 'bad idea' on sshd/FreeBSD sides.

    A remote root ssh connection to a FreeBSD 4.10 server (with no remote
    root access) will allow you to 'work out' the root password. However, if
    you try the same against 5.2.1 FreeBSD, you have little chance. The
    following are pretty clear examples.

    If this is a config mistake on my side, please let me know as I have
    clearly done something wrong.

    Correct root password - 4.10
    tigger@piglet:~% ssh root@4.10-FreeBSD
    Password:
    Connection to 4.10-FreeBSD closed by remote host.
    Connection to 4.10-FreeBSD closed.
    tigger@piglet:~%

    Incorrect root password - 4.10
    tigger@piglet:~% ssh root@4.10-FreeBSD
    Password:
    Password:
    Password:
    root@lilypie.com's password:
    Permission denied, please try again.
    root@lilypie.com's password:
    Permission denied, please try again.
    root@lilypie.com's password:
    Permission denied (publickey,password,keyboard-interactive).
    tigger@piglet:~%

    Correct root password - 5.2.1
    tigger@piglet:~% ssh root@5.2.1-FreeBSD
    Password:
    Password:
    Password:
    root@eeeor.goo's password:
    Permission denied, please try again.
    root@eeeor.goo's password:
    Permission denied, please try again.
    root@eeeor.goo's password:
    Permission denied (publickey,password,keyboard-interactive).

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Konrad Heuer: "Re: ssh and root on 4.10 = password discovery (maybe)"