Where to look next?
Darren Tucker
dtucker at zip.com.au
Thu Sep 22 09:51:11 AEST 2016
On Thu, Sep 22, 2016 at 2:28 AM, Delisle, John
<john.delisle at ceridian.com> wrote:
[...]
> debug1: Remote protocol version 2.0, remote software version Welcome To Ceridian
OpenSSH should probably log it better, but this banner is weird.
According to RFC 4253 section 4.2 the format is:
SSH-protoversion-softwareversion SP comments CR LF
so this server is claiming that its software version is "Welcome" with
a comment of "To Ceridian".
[...]
> debug3: receive packet: type 1
> Received disconnect from 1.2.3.4 port 32:11: Too many bad authentication attempts!
The server sends a disconnect.
> debug1: Authentication succeeded (password).
> Authenticated to IBM.SFG.SFTP.server ([1.2.3.4]:32).
The client thinks the session is authenticated, though. I think
that's actually a bug in the OpenSSH client: ssh_userauth2() calls
ssh_dispatch_run() with DISPATCH_BLOCK blocking on authctxt.success.
It assumes that if it exits then it's authenticated.
ssh_packet_read_poll_seqnr(), however, will return
SSH_ERR_DISCONNECTED in that case, which will cause ssh_dispatch_run()
to return.
I don't think this is relevant to your problem, though.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list