similar to: [Bug 2456] New: gssapi-keyex blocked by PermitRootLogin=without-password

I would like to request additional consideration for inclusion of the gss-keyex patch (https://bugzilla.mindrot.org/show_bug.cgi?id=1242) into mainline OpenSSH. I know this comes up every few months, and I know that the current answer is "no" (as stated in November 2007), so I'll get straight to the new information and possibly-new arguments. 1. I conducted a careful, line-by-line

https://bugzilla.mindrot.org/show_bug.cgi?id=2198 Bug ID: 2198 Summary: GSSAPIKeyExchange gssapi-keyex bug in kex.c choose_kex() Product: Portable OpenSSH Version: 6.4p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: Kerberos support

https://bugzilla.mindrot.org/show_bug.cgi?id=1702 Summary: PreferredAuthentications setting doesn't work when spaces are used as documented Product: Portable OpenSSH Version: 5.3p1 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: ssh

Hi, I am seeing a rather strange issue with openssh-5.3p1 (both client and server) under scientific linux 6. The systems in question are set up to authenticate against a Kerberos server. ssh'ing between machines works fine 99% of the time with the gssapi-with-mic method. But on occasion an ssh session will fail to spawn a sheel for the user after authentication. An example -vvv output in this

I can suggest a few things. krb5.conf ( if you use nfsv4 with kerberized mounts _ [libdefaults] ignore_k5login = true in But, it does not look like it in you logs your useing kerberized mounts. Im missing in SSHD_config : UseDNS yes And the defaults : # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes Are sufficient for a normal ssh kerberized login. Optional,

Hi, thanks for your hints. DNS, /etc/resolf.conf, /ets/hosts seem to be correct. I'm able to do a kerberized ssh with a user from subdom2.subdom1.example.de (testuser at SUBDOM2.SUBDOM1.EXAMPLE.DE) But I'm not able to do the same with a user from example.de (user1 at EXAMPLE.DE). -- Regards, Andreas Am 01.11.2017 um 10:51 schrieb L.P.H. van Belle via samba: > I can suggest a few

Thanks for the prompt reply! > I did see that you are using Administrator, and thats the problem. > Administrator is mapped to root ( most of the time ), > if you assigned Administrator UID = 0 then you have a problem, because only root = uid 0. > > Never ever give Administrator a UID/GID I am using tdb backend. It mapped administrator account to 12000:10000. > So try again

Hi, at first I'm not sure if this is the correct list to ask this question. But since I'm using winbind I hope you can help me. I try to realize a kerberized ssh from one client to another. Both clients are member of subdom2.subdom1.example.de and joined to it. The users are from example.de, where subdom1.example.de is a subdomain (bidirectional trust) of example.de and

I've read man ssh and man ssh-keygen and some howtos and still am not getting what I expect. I can do ssh john at 192.168.15.3 and login with a password OK. I want to be able to do that with keys in preparation for running rsync with keys, so I created a key on router1, the machine I want to ssh from. routem at router1:~/.ssh$ lla total 20 drwx------ 2 routem routem 4096 2009-03-08 09:55 .

Without trying your suggestions, I know that a domain user cannot login via ssh. Neither of these work: > [bob at dn-pc ~]$ ssh tuser16 at 192.168.16.220 > tuser16 at 192.168.16.220's password: > Permission denied, please try again. > tuser16 at 192.168.16.220's password: > Permission denied, please try again. > tuser16 at 192.168.16.220's password: > tuser16 at

On Sat, 2015-02-21 at 23:36 +0000, Philip Hands wrote: > I'm glad to say that the default for the Debian package Unfortunately, Debian overdid it quite a lot and also set a number of not so smart (respectively security-critical) defaults: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765632 So it's like 1:1 ;-) Cheers, Chris. -------------- next part -------------- A non-text

Hai, I did see that you are using Administrator, and thats the problem. Administrator is mapped to root ( most of the time ), if you assigned Administrator UID = 0 then you have a problem, because only root = uid 0. Never ever give Administrator a UID/GID, create a new one assign that one a UID/GID. So try again with a normal user, that does have a UID/GID. If that does not work, please

I'm running version 4.7p1 of OpenSSH on a Linux system (it was originally a RedHat system, but I've changed almost everything.) When I originally built OpenSSH I used the config option --without-pam, and installed the software in /usr/local. I explicitly forbade root login with sshd (by setting the PermitRootLogin to "no" in the sshd_config file), but found that I could login as

Greetings, I know that part of the following has been discussed here before but please bear with me. We are running on Solaris versions 2.6 - 9 with a NISplus name service. The permissions on the NISplus password map have been modified to limit read access to the encrypted password field of the passwd table to only the entry owner and the table administrators. See:

[Please keep CC, I'm not in this list] The default settings for PermitRootLogin appears to be 'yes'. Increased number of attacks target the ssh port 22 and root logins directly[1] throught the Internet. Would it be possible to tighten the initial installation by defaulting PermitRootLogin to 'no' (or even in *.c) in forthcoming releases and have administrators relax it if

Steps to reproduce: 1) PermitRootLogin no in sshd_config 2) login with "root" user from other host Present behaviour: 1) it asks for password 3 times and only then close the connection. 2) cpu consumption during bruteforce "attacks". Expected behaviour: Immediate disconnect/login fail Workaround is to change ssh port, or ban IP after some login fails, or limit IP that can

http://bugzilla.mindrot.org/show_bug.cgi?id=486 Summary: "PermitRootLogin no" can implicitly reveal root password Product: Portable OpenSSH Version: 3.5p1 Platform: All OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at

I have "PermitRootLogin no" in my sshd_config, but under Tru64 and SIA, the root login attempts still get passed to the SIA system (so I get lots of warnings about failed root logins). On systems with a "max failed attempts" setting, the root account can be locked out this way. I started looking at the code, and I'm not sure I understand what I see. In auth-passwd.c,

Hi all, I think that there is a security problem with the PermitRootLogin option. I asked an root ssh connection: $ ssh root at machine root at machine's password: I typed no password, this prompt stayed in place. In a second time, I changed the PermitRootLogin to no, and then restart ssh server. Third, I typed the password on the previous prompt, and the access was allowed. I then

Hello, I'm currently experiencing the issue laid out in this thread from last year: http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106908815129641&w=2 The discussion that ensued resulted in a number of ideas on how best to 'fix' this issue. The two that seemed most reasonable were: 1. implement a pubkey-only option to PermitRootLogin that would only allow root to login