[Bug 281] New: unable to authorize with local shadow password

Thu Jun 20 21:54:20 EST 2002

http://bugzilla.mindrot.org/show_bug.cgi?id=281

           Summary: unable to authorize with local shadow password
           Product: Portable OpenSSH
           Version: -current
          Platform: MIPS
        OS/Version: IRIX
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: komanek at natur.cuni.cz

I get compilled OpenSSH 3.2.3p1 on Irix 6.2 with both the following configure
options sets. I use shadow passwords, which work fine when loggin via telnet or
pop. Using OpenSSH, I can only use the krb4 authentication, local passwords are
not accepted. 

CC="cc -n32" CFLAGS="-I/usr/local/include -I/usr/include" LDFLAGS="-L/usr/loca
l/lib -L/usr/lib32" ./configure --prefix=/usr/local
--with-tcp-wrappers=/usr/local/lib32/libwrap.a --with-ssl-dir=/usr/local/ssl
--with-mantype=man --with-kerberos4=/usr/athena --with-afs=/usr/afs
--with-zlib=/usr/local/lib32/libz.a --with-rand-helper

CC="cc -n32" CFLAGS="-I/usr/local/include -I/usr/include" LDFLAGS="-L/usr/loca
l/lib -L/usr/lib32" ./configure --prefix=/usr/local
--with-tcp-wrappers=/usr/local/lib32/libwrap.a --with-ssl-dir=/usr/local/ssl
--with-mantype=man --with-kerberos4=/usr/athena --with-afs=/usr/afs
--with-zlib=/usr/local/lib32/libz.a --with-rand-helper --with-md5-passwords

# kdestroy; ssh -v -v -v -1 -l komanek bbs
Tickets destroyed.
OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Applying options for *
debug3: cipher ok: 3des-cbc [3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc]
debug3: cipher ok: blowfish-cbc
[3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc]
debug3: cipher ok: cast128-cbc
[3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc]
debug3: cipher ok: arcfour [3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc]
debug3: cipher ok: aes128-cbc [3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc]
debug3: ciphers ok: [3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc]
debug1: Seeding random number generator
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 0
debug1: Connecting to bbs [195.113.56.251] port 22.
debug1: Allocated local port 1020.
debug1: temporarily_use_uid: 0/1 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /root/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.2.3p1
debug1: match: OpenSSH_3.2.3p1 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_3.0.2p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 22
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 22
debug1: Host 'bbs' is known and matches the RSA1 host key.
debug1: Found key in /root/.ssh/known_hosts:22
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying Kerberos v4 authentication.
debug3: Trying to reverse map address 195.113.56.251.
debug1: Kerberos v4 authentication failed.
debug1: Trying RSA authentication with key '/root/.ssh/identity'
debug1: Server refused our key.
debug1: Doing password authentication.
komanek at bbs's password:
Permission denied, please try again.
komanek at bbs's password:
Permission denied, please try again.
komanek at bbs's password:
Permission denied.
debug1: Calling cleanup 0x120052030(0x0)

bbs# /usr/local/sbin/sshd -p 8022 -d -d -d
debug3: Seeding PRNG from /usr/local/libexec/ssh-rand-helper
debug1: sshd version OpenSSH_3.2.3p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 8022 on 0.0.0.0.
Server listening on 0.0.0.0 port 8022.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 195.113.56.1 port 1022
debug1: Client protocol version 1.5; client software version OpenSSH_3.0.2p1
debug1: match: OpenSSH_3.0.2p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Local version string SSH-1.99-OpenSSH_3.2.3p1
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug3: allowed_user: today 11858 sp_expire -1 sp_lstchg 11857 sp_max -1
debug1: Attempting authentication for komanek.
debug1: temporarily_use_uid: 112/20 (e=0)
debug1: trying public RSA key file /home/komanek/.ssh/authorized_keys
debug1: restore_uid
Failed rsa for komanek from 195.113.56.1 port 1022
debug1: Kerberos v4 password authentication for komanek failed: Password incorre
ct
debug1: krb4_cleanup_proc called
Failed password for komanek from 195.113.56.1 port 1022
debug1: Kerberos v4 password authentication for komanek failed: Password incorre
ct
debug1: krb4_cleanup_proc called
Failed password for komanek from 195.113.56.1 port 1022
debug1: Kerberos v4 password authentication for komanek failed: Password incorre
ct
debug1: krb4_cleanup_proc called
Failed password for komanek from 195.113.56.1 port 1022
Connection closed by 195.113.56.1
debug1: Calling cleanup 0x1002e2c0(0x101761a0)
debug1: krb4_cleanup_proc called
debug1: Calling cleanup 0x10058020(0x0)

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.