Bug in Ossh3.5p1

andreas at arescon.com andreas at arescon.com
Tue Jan 7 15:44:42 EST 2003 

We use OpenSSH 3.5p1 on an embedded system.

OpenSSH is configured to not permit password logins, /etc/ssh/sshd_config:
...
PasswordAuthentication no
...

At the same time, since there is no console and no way to "log in" other
than by ssh, /etc/passwd has an "open" root account:

root::0:0:root:/root:/bin/sh
nobody:x:65534:65534:nobody:/tmp:/usr/bin/bash

Apparently OpenSSH3.5p1 ignores "PasswordAuthentication no" whenever
sombody comes from a root account on some_host:

-----------------------------------------------------------------
root at somehost:~# ssh -2 -v <some ip-number>
OpenSSH_2.9.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 1
debug1: Connecting to <some ip-number> [<some ip-number>] port 22.
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 113/256
debug1: bits set: 1613/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '<some ip-number>' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:43
debug1: bits set: 1597/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: ssh-userauth2 successful: method none
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: channel request 0: shell
debug1: channel 0: open confirm rwindow 0 rmax 32768
Last login: Tue Jan  7 03:20:25 2003 from <someother_host>
bash#
---------------------------------------------------------------

Bang, I'm in with: "ssh-userauth2 successful: method none".
No keys necessary.

The same does NOT work with ssh -1 ...

---------------------------------------------------------------
 root at somehost:~# ssh -1 -v root@<some ip-number>
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: getuid 0 geteuid 0 anon 1
debug1: Connecting to <some ip-number> [<some ip-number>] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.5.2p2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'some ip-number' is known and matches the RSA1 host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying RSA authentication with key 'root at somehost'
debug1: Server refused our key.
Permission denied.
debug1: Calling cleanup 0x8061610(0x0)

--------------------------------------------------------------

If /etc/passwd has the root account x-ed out:

root:x:0:0:root:/root:/bin/sh

ssh -2 also rejects the connection.

Am I right to consider this a bug and a potential security problem,
since protocol version 1 seems to behave as expected, while version 2
appears to look at the password file despite "PasswordAuthentication no"
in the config file ?

Or am I just missing something important ?

I'm not a regular subscriber, I'd appreciate comments to

rosenberger at pgc.nrcan.gc.ca or andreas at arescon.com
-- 
___________________________________________________________________

a. rosenberger                          arescon ltd.
andreas at arescon.com                     9706 First St.			
www.arescon.com                         Sidney, B.C. Canada V8L 3C7
___________________________________________________________________

More information about the openssh-unix-dev mailing list