Vikash Badal - PCS
2003-Jul-10 04:35 UTC
OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes
Greetings, I recently discovered a problem with OpenSSH 3.6.1p2 and UnixWare 7.1.1 (as well as OpenServer 5.0.X and SCO 3.2v4.2) When I set up sshd_config as follows: PasswordAuthentication no PermitEmptyPasswords yes and try to connect to a password less account ( I know its a F*up, but that's the application ID10Ts .... ) I can get in using the SSH2 version without a valid key, the SSH1 is okay. below is a fix I used, but I am not sure if this is okay. uw7: /usr/udd1/dev # diff -c original/openssh-3.6.1p2/auth2.c openssh-3.6.1p2> *** original/openssh-3.6.1p2/auth2.c Mon Feb 24 02:59:27 2003 --- openssh-3.6.1p2/auth2.c Tue Jul 8 08:08:05 2003 *************** *** 187,192 **** --- 187,204 ---- if (m != NULL) { debug2("input_userauth_request: try method %s", method); authenticated = m->userauth(authctxt); + if (strcmp(method, "none") == 0 && authenticated == 1 ) { + /* + * I'm not sure if this is okay, + * PasswordAuthentication no && PermitEmptyPasswords yes + * Now work only with a valid host key + * This problem is only with SSH2 though on Unixware 7.1.1, + * OpenServer 5.0.X and SCO 3.2v4.2. + * Linux (RedHat 7.X) is fine + */ + + authenticated = 0; + } } userauth_finish(authctxt, authenticated, method); uw7: /usr/udd1/dev # I have also tried 3.5p1 and the same situation exists. OpenSSH was compiled as follows: gcc --> 2.95.2 perl --> 5.004_04 ./configure --sysconf=/etc/ssh OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /etc/ssh Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/manX PID file: /etc/ssh Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin Manpage format: man PAM support: no KerberosIV support: no KerberosV support: no Smartcard support: no AFS support: no S/KEY support: no TCP Wrappers support: no MD5 password support: no IP address in $DISPLAY hack: no Use IPv4 by default hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: ssh-rand-helper ssh-rand-helper collects from: Command hashing (timeout 200) Host: i586-unknown-sysv5UnixWare7.1.1 Compiler: gcc Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized Preprocessor flags: -I/usr/local/ssl/include -I/usr/local/include Linker flags: -L/usr/local/ssl/lib -L/usr/local/lib Libraries: -lz -lsocket -lnsl -lgen -lcrypto Please advise. Vikash
Tim Rice
2003-Jul-10 05:29 UTC
OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes
I can not duplicate this problem on my 7.1.1 box. I'm using the native compiler here. Then machine has maintenance pack 3 loaded. Does yours? On Thu, 10 Jul 2003, Vikash Badal - PCS wrote:> > Greetings, > > I recently discovered a problem with OpenSSH 3.6.1p2 and UnixWare 7.1.1 > (as well as OpenServer 5.0.X and SCO 3.2v4.2) > > When I set up sshd_config as follows: > PasswordAuthentication no > PermitEmptyPasswords yes > > and try to connect to a password less account ( I know its a F*up, but > that's the application ID10Ts .... ) I can get in using the SSH2 version > without a valid key, the SSH1 is okay. > > below is a fix I used, but I am not sure if this is okay.[snip] -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net
Seemingly Similar Threads
- OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthenticatio n no + PermitEmptyPasswords yes (followup)
- possible bug + patch : OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + P asswordAuthentication no + PermitEmptyPasswords yes
- OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes (followup)
- OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthenticatio n no + PermitEmptyPasswords yes
- Samba 3.0.0 compilation errors under Unixware 7.1.1