From owner-freebsd-security@FreeBSD.ORG Wed Jul 21 12:12:48 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D1A516A4CE for ; Wed, 21 Jul 2004 12:12:48 +0000 (GMT) Received: from gwdu60.gwdg.de (gwdu60.gwdg.de [134.76.8.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3363543D39 for ; Wed, 21 Jul 2004 12:12:47 +0000 (GMT) (envelope-from kheuer2@gwdg.de) Received: from gwdu60.gwdg.de (localhost [127.0.0.1]) by gwdu60.gwdg.de (8.12.11/8.12.8) with ESMTP id i6LCCjAd067648; Wed, 21 Jul 2004 14:12:45 +0200 (CEST) (envelope-from kheuer2@gwdg.de) Received: from localhost (kheuer2@localhost)i6LCCjwO067645; Wed, 21 Jul 2004 14:12:45 +0200 (CEST) X-Authentication-Warning: gwdu60.gwdg.de: kheuer2 owned process doing -bs Date: Wed, 21 Jul 2004 14:12:45 +0200 (CEST) From: Konrad Heuer To: Tig In-Reply-To: <20040721193527.2647e696@piglet.goo> Message-ID: <20040721140750.M64009@gwdu60.gwdg.de> References: <20040721193527.2647e696@piglet.goo> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: ssh and root on 4.10 = password discovery (maybe) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jul 2004 12:12:48 -0000 On Wed, 21 Jul 2004, Tig wrote: > Hello. I'm not 100% sure if this is a configuration error on my side or > a 'bad idea' on sshd/FreeBSD sides. > > A remote root ssh connection to a FreeBSD 4.10 server (with no remote > root access) will allow you to 'work out' the root password. However, if > you try the same against 5.2.1 FreeBSD, you have little chance. The > following are pretty clear examples. > > If this is a config mistake on my side, please let me know as I have > clearly done something wrong. > > Correct root password - 4.10 > tigger@piglet:~% ssh root@4.10-FreeBSD > Password: > Connection to 4.10-FreeBSD closed by remote host. > Connection to 4.10-FreeBSD closed. > tigger@piglet:~% > > Incorrect root password - 4.10 > tigger@piglet:~% ssh root@4.10-FreeBSD > Password: > Password: > Password: > root@lilypie.com's password: > Permission denied, please try again. > root@lilypie.com's password: > Permission denied, please try again. > root@lilypie.com's password: > Permission denied (publickey,password,keyboard-interactive). > tigger@piglet:~% > > Correct root password - 5.2.1 > tigger@piglet:~% ssh root@5.2.1-FreeBSD > Password: > Password: > Password: > root@eeeor.goo's password: > Permission denied, please try again. > root@eeeor.goo's password: > Permission denied, please try again. > root@eeeor.goo's password: > Permission denied (publickey,password,keyboard-interactive). I roughly remember to have read about that problem for older versions of OpenSSH. But on my 4.10 boxes, there's no problem. Looks always like this, correct and incorrect password given: % ssh root@box root@boxes's password: Permission denied, please try again. root@boxes's password: Permission denied, please try again. Version: % ssh -V OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090704f Best regards Konrad Heuer (kheuer2@gwdg.de) ____ ___ _______ GWDG / __/______ ___ / _ )/ __/ _ \ Am Fassberg / _// __/ -_) -_) _ |\ \/ // / 37077 Goettingen /_/ /_/ \__/\__/____/___/____/ Germany