Re: ssh and root on 4.10 = password discovery (maybe)

From: Tig (tigger_at_onemoremonkey.com)
Date: 07/21/04

  • Next message: Konrad Heuer: "Re: ssh and root on 4.10 = password discovery (maybe)"
    Date: Wed, 21 Jul 2004 23:22:32 +1000
    To: freebsd-security@freebsd.org
    
    

    On Wed, 21 Jul 2004 14:12:45 +0200 (CEST)
    Konrad Heuer <kheuer2@gwdg.de> wrote:

    >
    > I roughly remember to have read about that problem for older versions
    > of OpenSSH.
    >
    > But on my 4.10 boxes, there's no problem. Looks always like this,
    > correct and incorrect password given:
    >
    > % ssh root@box
    > root@boxes's password:
    > Permission denied, please try again.
    > root@boxes's password:
    > Permission denied, please try again.
    >
    > Version:
    >
    > % ssh -V
    > OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL
    > 0x0090704f
    >
    > Best regards
    >
    > Konrad Heuer (kheuer2@gwdg.de) ____ ___ _______
    > GWDG / __/______ ___ / _ )/ __/ _ \
    > Am Fassberg / _// __/ -_) -_) _ |\ \/ // /
    > 37077 Goettingen /_/ /_/ \__/\__/____/___/____/
    > Germany
    >

    Well, this is strange. The 5.2.1 box and the 4.10 box both have the same
    sshd_conf options, however the OpenSSH versions are different (but
    expected)

    5.2.1
    OpenSSH_3.6.1p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL
    0x0090703f

    4.10
    OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL
    0x0090704f

    Do you have any non-default settings to disable remote root access on
    your 4.10 box? This 4.10 box was recently upgraded from 4.9 (using
    cvsup), maybe I missed something is all I can think of.

    -Tig

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Konrad Heuer: "Re: ssh and root on 4.10 = password discovery (maybe)"