Re: ssh and root on 4.10 = password discovery (maybe)

From: Konrad Heuer (kheuer2_at_gwdg.de)
Date: 07/21/04

  • Next message: Nicolas Rachinsky: "Fw: init scripts and su"
    Date: Wed, 21 Jul 2004 15:33:34 +0200 (CEST)
    To: Tig <tigger@onemoremonkey.com>
    
    

    On Wed, 21 Jul 2004, Tig wrote:

    > On Wed, 21 Jul 2004 14:12:45 +0200 (CEST)
    > Konrad Heuer <kheuer2@gwdg.de> wrote:
    >
    > >
    > > I roughly remember to have read about that problem for older versions
    > > of OpenSSH.
    > >
    > > But on my 4.10 boxes, there's no problem. Looks always like this,
    > > correct and incorrect password given:
    > >
    > > % ssh root@box
    > > root@boxes's password:
    > > Permission denied, please try again.
    > > root@boxes's password:
    > > Permission denied, please try again.
    > >
    > > Version:
    > >
    > > % ssh -V
    > > OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL
    > > 0x0090704f
    >
    > Well, this is strange. The 5.2.1 box and the 4.10 box both have the same
    > sshd_conf options, however the OpenSSH versions are different (but
    > expected)
    >
    > 5.2.1
    > OpenSSH_3.6.1p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL
    > 0x0090703f
    >
    > 4.10
    > OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL
    > 0x0090704f
    >
    > Do you have any non-default settings to disable remote root access on
    > your 4.10 box? This 4.10 box was recently upgraded from 4.9 (using
    > cvsup), maybe I missed something is all I can think of.

    Here are the lines of my sshd_config which are uncommented:

    PermitRootLogin forced-commands-only
    IgnoreRhosts no
    RhostsRSAAuthentication yes
    HostbasedAuthentication yes
    ChallengeResponseAuthentication no
    X11Forwarding yes
    UsePrivilegeSeparation yes
    Compression yes
    Subsystem sftp /usr/libexec/sftp-server

    Best regards

    Konrad Heuer (kheuer2@gwdg.de) ____ ___ _______
    GWDG / __/______ ___ / _ )/ __/ _ \
    Am Fassberg / _// __/ -_) -_) _ |\ \/ // /
    37077 Goettingen /_/ /_/ \__/\__/____/___/____/
    Germany

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Nicolas Rachinsky: "Fw: init scripts and su"