openssh-2.1.1p2 problem and fix

Darren Evans darren at horseplay.demon.co.uk
Sun Jul 2 06:09:19 EST 2000 

Hi all,

trawled through the archives and did'nt find what I was looking for so here goes.

This may be common knowledge or may not for the developers here ... maybe
it will save someone some time anyhow.

I'm running Redhat 6.2, **2.4.0-test1 kernel**, openssh-2.1.1p2.tar.gz, openssl-0.9.5a.tar.gz,
with these options.

sh configure --with-tcp-wrappers --with-md5-passwords --with-ipv4-default --with-pam

/etc/pam.d/sshd
#%PAM-1.0
auth       required     /lib/security/pam_pwdb.so shadow nodelay
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
session    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_limits.so

ident /usr/local/sbin/sshd | grep -i pam

Does not find pam.


The error I receive is a,

Permission denied, please try again even though my password **IS** correct.

sshd shows this
Connection from 192.168.254.200 port 720
debug: Client protocol version 1.5; client software version OpenSSH_2.1.1
debug: Local version string SSH-1.99-OpenSSH_2.1.1
debug: Sent 768 bit public key and 1024 bit host key.
debug: Encryption type: 3des
debug: Received session key; encryption turned on.
debug: Installing crc compensation attack detector.
debug: Attempting authentication for darren.
Failed password for darren from 192.168.254.200 port 720
Connection closed by 192.168.254.200
debug: Calling cleanup 0x805c7b4(0x0)

When I do this, and strace sshd -d I get this from strace
ssh -v -l darren horseplay

)        = 1 (in [4])
read(4, "\0\0\0\17u\17\264\244\27\205\237\26q\341\322\251\31\217"..., 8192) =
20
open("/etc/shadow", O_RDONLY)           = 3
fcntl(3, F_GETFD)                       = 0
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
fstat64(0x3, 0xbfffef28)                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40015000
read(3, "root:$1$1xxxxxxxxxxxxxxxxxxxxxxx"..., 4096) = 757
close(3)                                = 0
munmap(0x40015000, 4096)                = 0
getpeername(4, {sin_family=AF_INET, sin_port=htons(743),
sin_addr=inet_addr("192.168.254.200")}}, [16]) = 0
write(2, "Failed password for darren from "..., 57) = 57
write(4, "\0\0\0\5\r\260\314t\211\336\320\"", 12) = 12
select(5, [4], NULL, NULL, NULL)        = 1 (in [4])
read(4, "", 8192)                       = 0
write(2, "Connection closed by 192.168.254"..., 37) = 37
write(2, "debug: Calling cleanup 0x805c7b4"..., 38) = 38
shutdown(4, 2 /* send and receive */)   = 0
close(4)                                = 0
_exit(255)                              = ?

I may be wrong, but it does say read(4, "root: ...." so is it not reading my
username in the shadow file.


I've also had odd problems with openssh-2.1.1p1.tar.gz on FreeBSD 3.5-STABLE,
maybe i'll go into that one another day as my memory is hazy at the moment.

My configuration files are the standard ones when installed.

When I set the link back on /usr/src/linux to /usr/src/linux-2.2.12 and
recompiled openssh **sshd actually worked**.

Also note that when sshd was run under Linux-2.4.0-test1 but recompiled
under 2.2.12 it **ran as expected**.

So I can only conclude that openssh does not support linux-2.4 yet.
Damien, any plans to update it soon? Presumably there are too many
changes :-)

Hope this helps someone else from a headache, now onto why it did'nt
work under FreeBSD .... (probably my fault ..)


thanks
Darren

---

More information about the openssh-unix-dev mailing list