Re: ssh and root on 4.10 = password discovery (maybe)

From: Konrad Heuer (kheuer2_at_gwdg.de)
Date: 07/21/04

  • Next message: Tig: "Re: ssh and root on 4.10 = password discovery (maybe)"
    Date: Wed, 21 Jul 2004 14:12:45 +0200 (CEST)
    To: Tig <tigger@onemoremonkey.com>
    
    

    On Wed, 21 Jul 2004, Tig wrote:

    > Hello. I'm not 100% sure if this is a configuration error on my side or
    > a 'bad idea' on sshd/FreeBSD sides.
    >
    > A remote root ssh connection to a FreeBSD 4.10 server (with no remote
    > root access) will allow you to 'work out' the root password. However, if
    > you try the same against 5.2.1 FreeBSD, you have little chance. The
    > following are pretty clear examples.
    >
    > If this is a config mistake on my side, please let me know as I have
    > clearly done something wrong.
    >
    > Correct root password - 4.10
    > tigger@piglet:~% ssh root@4.10-FreeBSD
    > Password:
    > Connection to 4.10-FreeBSD closed by remote host.
    > Connection to 4.10-FreeBSD closed.
    > tigger@piglet:~%
    >
    > Incorrect root password - 4.10
    > tigger@piglet:~% ssh root@4.10-FreeBSD
    > Password:
    > Password:
    > Password:
    > root@lilypie.com's password:
    > Permission denied, please try again.
    > root@lilypie.com's password:
    > Permission denied, please try again.
    > root@lilypie.com's password:
    > Permission denied (publickey,password,keyboard-interactive).
    > tigger@piglet:~%
    >
    > Correct root password - 5.2.1
    > tigger@piglet:~% ssh root@5.2.1-FreeBSD
    > Password:
    > Password:
    > Password:
    > root@eeeor.goo's password:
    > Permission denied, please try again.
    > root@eeeor.goo's password:
    > Permission denied, please try again.
    > root@eeeor.goo's password:
    > Permission denied (publickey,password,keyboard-interactive).

    I roughly remember to have read about that problem for older versions of
    OpenSSH.

    But on my 4.10 boxes, there's no problem. Looks always like this, correct
    and incorrect password given:

    % ssh root@box
    root@boxes's password:
    Permission denied, please try again.
    root@boxes's password:
    Permission denied, please try again.

    Version:

    % ssh -V
    OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

    Best regards

    Konrad Heuer (kheuer2@gwdg.de) ____ ___ _______
    GWDG / __/______ ___ / _ )/ __/ _ \
    Am Fassberg / _// __/ -_) -_) _ |\ \/ // /
    37077 Goettingen /_/ /_/ \__/\__/____/___/____/
    Germany

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Tig: "Re: ssh and root on 4.10 = password discovery (maybe)"

    Relevant Pages

    • RE: redhat-list Digest, Vol 23, Issue 9
      ... encrypt password for Kickstart ... I would be careful of using the wheel group to allow ssh logins, as admins typically use this group in sudoers file to grant root access for non-root users; granting the wheel group ssh logins as well as root access is essentially allowing root access over ssh anyway; although an outside attacker would at least have to guess the non-root user's id and password. ...
      (RedHat)
    • Re: port forwarding timeouts
      ... I'm fairly conversant with fundamental concepts of Unix ... as well as SSH JB> If it's truely ... >> frequently require remote root access, ...
      (comp.security.ssh)
    • RE: is this an intruder?
      ... granting the wheel group ssh logins as well as root access is ...
      (RedHat)
    • Re: Is OpenSSH 3.5p1 secure?
      ... Do not allow root access over ssh. ... Do allow access over ssh for one and only one user. ... NOTHING is perfectly secure. ...
      (comp.security.ssh)
    • Re: Rsync, ssh and using root.
      ... On 10 Dez, Randy Smith wrote: ... > This avoids the problems with SSH and root access but may lead to other ...
      (FreeBSD-Security)