I'm having a problem getting OpenSSH to correctly authenticate passwords. I'm doing authentication against a shadow file (/etc/shadow) because I don't have PAM installed. I'm using Slackware 7.0, OpenSSH 1.2.3, OpenSSL 0.95a, and glibc with the crypt addon. Here is the funny thing about it though. I edited the file that has the code for authenication (auth-password.c I think, I'm not sure since I'm in Windows at the moment). I added code to display both the password from the client and then the crypted password from the client. The unencrypted password is correct, so the server is getting the right password. But after it performs a crypt() on it, it gets the WRONG hash! The hash isn't the same as what is in the shadow file, and so the authentication fails. Now I'm not sure what to do from there. This has happened on 3 different machines, all running slack 7. Any ides where to go from here? If you need more info (like the debug output from the server), I'd be happy to provide it. Thanks, Artit J. ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
I've already solved this. OpenSSL implements crypt on it's own, This crypt uses the standard 2 char salt, libcrypt in Slak uses an 11 char crypt. to make it work edit the OpenSSH Makefile and find the line where it specifies what libraries to link agains. -lcrypto specificly. put -lcrypt in front of this. You will also find some other problems regarding OpenSSH and slak 7 I'll send you a list. On Fri, 21 Apr 2000, Artit Jirapatnakul wrote:> I'm having a problem getting OpenSSH to correctly authenticate passwords. > I'm doing authentication against a shadow file (/etc/shadow) because I don't > have PAM installed. > > I'm using Slackware 7.0, OpenSSH 1.2.3, OpenSSL 0.95a, and glibc with the > crypt addon. > > Here is the funny thing about it though. I edited the file that has the code > for authenication (auth-password.c I think, I'm not sure since I'm in > Windows at the moment). I added code to display both the password from the > client and then the crypted password from the client. > > The unencrypted password is correct, so the server is getting the right > password. But after it performs a crypt() on it, it gets the WRONG hash! The > hash isn't the same as what is in the shadow file, and so the authentication > fails. > > Now I'm not sure what to do from there. This has happened on 3 different > machines, all running slack 7. Any ides where to go from here? > > If you need more info (like the debug output from the server), I'd be happy > to provide it. > > Thanks, > > Artit J. > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > >
On Fri, 21 Apr 2000, Artit Jirapatnakul wrote:> I'm having a problem getting OpenSSH to correctly authenticate > passwords. I'm doing authentication against a shadow file > (/etc/shadow) because I don't have PAM installed. > > I'm using Slackware 7.0, OpenSSH 1.2.3, OpenSSL 0.95a, and glibc > with the crypt addon.Did you compile with --with-md5-passwords? -d -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)