Date: Wed, 21 Jul 2004 23:22:32 +1000 From: Tig <tigger@onemoremonkey.com> To: freebsd-security@freebsd.org Subject: Re: ssh and root on 4.10 = password discovery (maybe) Message-ID: <20040721232232.5d8b5bab@piglet.goo> In-Reply-To: <20040721140750.M64009@gwdu60.gwdg.de> References: <20040721193527.2647e696@piglet.goo> <20040721140750.M64009@gwdu60.gwdg.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Jul 2004 14:12:45 +0200 (CEST) Konrad Heuer <kheuer2@gwdg.de> wrote: > > I roughly remember to have read about that problem for older versions > of OpenSSH. > > But on my 4.10 boxes, there's no problem. Looks always like this, > correct and incorrect password given: > > % ssh root@box > root@boxes's password: > Permission denied, please try again. > root@boxes's password: > Permission denied, please try again. > > Version: > > % ssh -V > OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL > 0x0090704f > > Best regards > > Konrad Heuer (kheuer2@gwdg.de) ____ ___ _______ > GWDG / __/______ ___ / _ )/ __/ _ \ > Am Fassberg / _// __/ -_) -_) _ |\ \/ // / > 37077 Goettingen /_/ /_/ \__/\__/____/___/____/ > Germany > Well, this is strange. The 5.2.1 box and the 4.10 box both have the same sshd_conf options, however the OpenSSH versions are different (but expected) 5.2.1 OpenSSH_3.6.1p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090703f 4.10 OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090704f Do you have any non-default settings to disable remote root access on your 4.10 box? This 4.10 box was recently upgraded from 4.9 (using cvsup), maybe I missed something is all I can think of. -Tig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040721232232.5d8b5bab>