ssh and root on 4.10 = password discovery (maybe)

Konrad Heuer kheuer2 at gwdg.de
Wed Jul 21 06:33:37 PDT 2004


On Wed, 21 Jul 2004, Tig wrote:

> On Wed, 21 Jul 2004 14:12:45 +0200 (CEST)
> Konrad Heuer <kheuer2 at gwdg.de> wrote:
>
> >
> > I roughly remember to have read about that problem for older versions
> > of OpenSSH.
> >
> > But on my 4.10 boxes, there's no problem. Looks always like this,
> > correct and incorrect password given:
> >
> > % ssh root at box
> > root at boxes's password:
> > Permission denied, please try again.
> > root at boxes's password:
> > Permission denied, please try again.
> >
> > Version:
> >
> > % ssh -V
> > OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL
> > 0x0090704f
>
> Well, this is strange. The 5.2.1 box and the 4.10 box both have the same
> sshd_conf options, however the OpenSSH versions are different (but
> expected)
>
> 5.2.1
> OpenSSH_3.6.1p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL
> 0x0090703f
>
> 4.10
> OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL
> 0x0090704f
>
> Do you have any non-default settings to disable remote root access on
> your 4.10 box? This 4.10 box was recently upgraded from 4.9 (using
> cvsup), maybe I missed something is all I can think of.

Here are the lines of my sshd_config which are uncommented:

PermitRootLogin forced-commands-only
IgnoreRhosts no
RhostsRSAAuthentication yes
HostbasedAuthentication yes
ChallengeResponseAuthentication no
X11Forwarding yes
UsePrivilegeSeparation yes
Compression yes
Subsystem	sftp	/usr/libexec/sftp-server

Best regards

Konrad Heuer (kheuer2 at gwdg.de)  ____            ___  _______
GWDG                           / __/______ ___ / _ )/ __/ _ \
Am Fassberg                   / _// __/ -_) -_) _  |\ \/ // /
37077 Goettingen             /_/ /_/  \__/\__/____/___/____/
Germany



More information about the freebsd-security mailing list