William Hahn
2001-Mar-02 19:24 UTC
Security problem depending on your point of view with OpenSSH 2.5.1p1 related to Password authentication.
I compiled 2.5.1p1 on solaris and linux with PAM support and produced the same problem. If I set sshd_config to not allow password authentication( PasswordAuthentication no ) and restart sshd. I then ssh in with password authentication in ssh protocol version 2. $ ssh -v -2 jenn at billsnet.com OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug: Reading configuration data /home1/hahnw/.ssh/config debug: Applying options for * debug: Reading configuration data /opt/PSIssh/etc/ssh_config debug: Applying options for * debug: ssh_connect: getuid 412 geteuid 0 anon 0 debug: Connecting to billsnet.com [38.211.200.1] port 22. debug: Allocated local port 894. debug: Connection established. debug: identity file /home1/hahnw/.ssh/identity type 0 debug: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1 debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug: Local version string SSH-2.0-OpenSSH_2.5.1p1 debug: Seeded RNG with 41 bytes from programs debug: Seeded RNG with 3 bytes from system calls debug: send KEXINIT debug: done debug: wait KEXINIT debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug: got kexinit: ssh-dss,ssh-rsa debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug: got kexinit: none,zlib debug: got kexinit: none,zlib debug: got kexinit: debug: got kexinit: debug: first kex follow: 0 debug: reserved: 0 debug: done debug: kex: server->client 3des-cbc hmac-sha1 none debug: kex: client->server 3des-cbc hmac-sha1 none debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST. debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP. debug: Got SSH2_MSG_KEX_DH_GEX_GROUP. debug: bits set: 1078/2049 debug: Sending SSH2_MSG_KEX_DH_GEX_INIT. debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY. debug: Got SSH2_MSG_KEXDH_REPLY. debug: Host 'billsnet.com' is known and matches the RSA host key. debug: Found key in /home1/hahnw/.ssh/known_hosts2:8 debug: bits set: 1047/2049 debug: ssh_rsa_verify: signature correct debug: Wait SSH2_MSG_NEWKEYS. debug: GOT SSH2_MSG_NEWKEYS. debug: send SSH2_MSG_NEWKEYS. debug: done: send SSH2_MSG_NEWKEYS. debug: done: KEX2. debug: send SSH2_MSG_SERVICE_REQUEST debug: service_accept: ssh-userauth debug: got SSH2_MSG_SERVICE_ACCEPT debug: authentications that can continue: publickey,keyboard-interactive debug: next auth method to try is publickey debug: userauth_pubkey_agent: trying agent key /home1/hahnw/.ssh/id_dsa debug: authentications that can continue: publickey,keyboard-interactive debug: next auth method to try is publickey debug: next auth method to try is keyboard-interactive Password: debug: authentications that can continue: publickey,keyboard-interactive debug: next auth method to try is keyboard-interactive Password: debug: ssh-userauth2 successful: method keyboard-interactive debug: channel 0: new [client-session] debug: send channel open 0 debug: Entering interactive session. debug: client_init id 0 arg 0 debug: Requesting authentication agent forwarding. debug: channel request 0: shell debug: channel 0: open confirm rwindow 0 rmax 16384 Last login: Fri Mar 2 13:45:54 2001 from jt.billsnet.com If I try to ssh in with protocol 1 with I get Permission denied. which is what I would expect. (hahnw at jt.billsnet.com)$ ssh -v -1 jenn at billsnet.com OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug: Reading configuration data /home1/hahnw/.ssh/config debug: Applying options for * debug: Reading configuration data /opt/PSIssh/etc/ssh_config debug: Applying options for * debug: ssh_connect: getuid 412 geteuid 0 anon 0 debug: Connecting to billsnet.com [38.211.200.1] port 22. debug: Allocated local port 895. debug: Connection established. debug: identity file /home1/hahnw/.ssh/identity type 0 debug: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1 debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH debug: Local version string SSH-1.5-OpenSSH_2.5.1p1 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). debug: Host 'billsnet.com' is known and matches the RSA1 host key. debug: Found key in /home1/hahnw/.ssh/known_hosts:11 debug: Seeded RNG with 41 bytes from programs debug: Seeded RNG with 3 bytes from system calls debug: Encryption type: blowfish debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Trying RSA authentication via agent with 'hahnw at jt.billsnet.com' debug: Server refused our key. debug: RSA authentication using agent refused. debug: Trying RSA authentication with key 'hahnw at jt.billsnet.com' debug: Server refused our key. Permission denied. debug: Calling cleanup 0x3bfec(0x0) debug: Calling cleanup 0x4146c(0x0) debug: writing PRNG seed to file /home1/hahnw/.ssh/prng_seed
Hisashi T Fujinaka
2001-Mar-02 21:50 UTC
Security problem depending on your point of view with OpenSSH 2.5.1p1 related to Password authentication.
We're seeing the same problem on redhat systems with 2.5.1p2. Looks like the code for both protocols is checking the same flag, but ssh2 is ignoring it. Anyone have a patch? On Fri, 2 Mar 2001, William Hahn wrote:> I compiled 2.5.1p1 on solaris and linux with PAM support and produced the same problem. > > If I set sshd_config to not allow password authentication( PasswordAuthentication no ) and restart sshd. > > I then ssh in with password authentication in ssh protocol version 2....> If I try to ssh in with protocol 1 with I get Permission denied. which is what I would expect.-- Hisashi T Fujinaka - htodd at twofifty.com BSEE (6/86) + BSChem (3/95) + BAEnglish (8/95) + $2.50 = mocha latte
Damien Miller
2001-Mar-03 13:22 UTC
Security problem depending on your point of view with OpenSSH 2.5.1p1 related to Password authentication.
On Fri, 2 Mar 2001, William Hahn wrote:> I compiled 2.5.1p1 on solaris and linux with PAM support and > produced the same problem. > > If I set sshd_config to not allow password authentication( > PasswordAuthentication no ) and restart sshd.This is a documentation problem. Using ChallengeResponseAuthentication with PAM bypasses OpenSSH's password code - the "Password:" prompts that you are seeing are coming directly from PAM and the replies are going straight back to it. I have disabled ChallengeResponseAuthentication by default in sshd_config (it doesn't do much unless you are bulding against s/key and/or PAM) and have documented that it bypasses the password checking in the manpage. You can control whether password authentication is allowed using the /etc/pam.d/sshd file. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer