openssh-3.4p1 rejects all passwords

From: John Chambers (jmchambers@rcn.com)
Date: 07/26/02


From: John Chambers <jmchambers@rcn.com>
Date: Fri, 26 Jul 2002 12:04:39 -0400

Looks like installing this was a major mistake, and looking around c.s.s shows
a number of similar questions, but no answers ...

I grabbed the latest zlib and sll, too, and everything compiled and installed
without any complaints at all. The new ssh works calling out from this RedHat
6.2 machine and a nearby RedHat 7.1 machine. But ssh or scp into either of
them (including locally) gets rejected with "Permission denied, please try again."
for all users and all passwords.

When I fire up /usr/local/sbin/sshd here's what appears in /var/log/messages:

Jul 26 11:51:29 kendy sshd[8612]: socket: Invalid argument
Jul 26 11:51:29 kendy sshd[8612]: Server listening on 0.0.0.0 port 22.
Jul 26 11:51:29 kendy sshd[8612]: Generating 768 bit RSA key.
Jul 26 11:51:29 kendy sshd[8612]: RSA key generation complete.

The "socket: Invalid argument" is a bit unnerving, but it does in fact open
a listener on port 22 who wasn't there a few seconds earlier, so it seems to
have worked. Next, I go to another machine and attempt to ssh in. I have
a tail -f running on /var/log/messages, and as soon as I type the ssh
command (and get a ... password: prompt), it says:

Jul 26 11:54:40 kendy sshd[8655]: Connection from 18.62.1.54 port 4792
Jul 26 11:54:40 kendy sshd[8655]: Enabling compatibility mode for protocol 2.0
Jul 26 11:54:40 kendy sshd[8655]: Failed none for jc from 18.62.1.54 port 4792 ssh2

There's already something that looks wrong, the "Failed none for jc" message.
I don't seem to find any clues about what this "none" might be, so I can't
tell what is failing here. Anyway, I type a password, and /var/log/messages
then says:

Jul 26 11:56:57 kendy sshd[8655]: Failed password for jc from 18.62.1.54 port 4792 ssh2

Simultaneously the ssh command gets "Permission denied, please try again."

I've also tried it with "ssh -v", and I could post that, but I thought that maybe
I wouldn't flood y'all with that at first, with the hope that someone will look
at the above and say "Well, dummy; you obviously forgot ...."

Have I missed something obvious here?

Oh, yeah; it worked fine with the earlier openssh-3.3p1 and openssh-3.2.3p1
that had been used here. I kept the old config files for comparison, but that
didn't lead to any enlightenment, since the new config file doesn't look very
much like the old. And, of course, I have relatively few clues as to what most
of the stuff in sshd_config actually means. Leaving everything commented out and
taking the default for everything results in exactly the same rejections.

I have, of course, done a whole lotta tweaking with sshd_config. I can verify
that someone reads it when I fire up sshd, and by inserting obvious syntax errors
I can verify that sshd reads it, so I'm editing the right config file. But nothing
I do (aside from obvious syntax errors) seems to produce any change in sshd's
behavior. Of course, its behavior is to totally reject everything, so there's
no way to get comparative information out of the tests.



Relevant Pages

  • Re: openssh-3.4p1 rejects all passwords
    ... > Looks like installing this was a major mistake, ... The new ssh works calling out from this ... > I can verify that sshd reads it, so I'm editing the right config file. ...
    (comp.security.ssh)
  • Re: Mksysb failed
    ... With the innstallation of the ML04 the ssh is now in the direcotry... ... Senior Technology Consultant ... I just installed ssh for AIX 5.1 and I've rebooted the server. ... By the way I'm installing ML04 in this server, that's why I was backing it ...
    (AIX-L)
  • Re: OSR 5.0.5 and ssh. Can it be done ? jpr please help..
    ... > implement ssh. ... I don't garuntee that the very latest version from either JP or SCO works, ... and installing a couple of skunkware packkages to get libz and prgngd. ... JP's package has directions. ...
    (comp.unix.sco.misc)
  • Re: Enabling SFTP under Debian 4.0r0
    ... discover that neither SSH nor SFTP are enabled after installing. ... but I'm still having trouble with SFTP. ... And apache is available on the initial software install screen that appears after installing the base system. ...
    (Debian-User)
  • Re: [Full-Disclosure] SSH Exploit Request
    ... sshd was linked on an AIX system with the 4.3.3.75 version of libc, ... <estimates number of SSH versions times number of machines, ... least 4 digits> So we've got some 99.98% reliability in installing sshd ...
    (Full-Disclosure)