Re: SSH Auth Failure?
From: Bret Hughes (bhughes_at_elevating.com)
Date: 08/08/03
- Previous message: Edward Dekkers: "Re: Kernel panic after adding memory"
- In reply to: Michael Schwendt: "Re: SSH Auth Failure?"
- Next in thread: Bret Hughes: "Re: SSH Auth Failure?"
- Reply: Bret Hughes: "Re: SSH Auth Failure?"
- Reply: Johan Andersson: "Re: SSH Auth Failure?"
- Reply: Johan Andersson: "Re: SSH Auth Failure?"
- Reply: Michael Schwendt: "Re: SSH Auth Failure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: redhat-list@redhat.com Date: 07 Aug 2003 21:09:45 -0500
On Tue, 2003-08-05 at 06:54, Michael Schwendt wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, 04 Aug 2003 22:22:16 -0600, Ashley M. Kirchner wrote:
>
> > While doing updates on my servers, I came across this one and I'm
> > baffled. I always ssh into my primary server and then ssh to the
> > others. I have them all setup to use keys, and normally it just logs in
> > and records this in syslog. However, after rpm updated
> > openssh/openssh-clients/openssh-server to 3.1p1-8 tonight, I'm noticing
> > something odd. When I log in, I see this in the log file:
> >
> > PAM-warn[1306]: service: sshd [on terminal: NODEVssh]
> > PAM-warn[1306]: user: (uid=0) -> root [remote: ?nobody@intra.pcraft.com]
> > sshd(pam_unix)[1306]: authentication failure; logname= uid=0 euid=0
> > tty=NODEVssh ruser= rhost=intra.pcraft.com user=root
> > sshd(pam_unix)[1306]: session opened for user root by (uid=0)
> >
> > Notice how pam now says it failed authentication, yet it logged me
> > in. Um, what's going on?
>
> See clarifying comment at end of
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=101157
>
I assume that you are referring to:
<snip from bug comments>
If the only solution to the information leak is to have this delay, then
so be
it. But it seems like this should definitely be a configuration option
for
those of us who aren't worried about this particular attack (the delay
is very
annoying). But the bogus authentication failure message is wrong in
either
case. As others have said, the cure is definitely worse than the
disease.
</snip from bug comments>
The irritating thing is that this is CLOSED with a resolution of NOTABUG
I just did this upgrade today on a couple of my internal machines and
find this very irritating. As several commenters have done, you can
back it out but what happens when there is a real bug that gets fixed
later.
Three are indeed two issues as the comments indicate.
1. It takes much longer to login I use dsa type 2 keys and it usually
takes less than a second to get in now it takes closer to three seconds
2. erroneous log messages
I understand a delay in th failing but for an authenticated login? And
I am sorry, bogus log messages are not ok. I am about to try the
openssh.org rpm since I don't see any discussion about this on the
openssh developer or bug list. I am thinking this is a bad backport.
Bret
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Edward Dekkers: "Re: Kernel panic after adding memory"
- In reply to: Michael Schwendt: "Re: SSH Auth Failure?"
- Next in thread: Bret Hughes: "Re: SSH Auth Failure?"
- Reply: Bret Hughes: "Re: SSH Auth Failure?"
- Reply: Johan Andersson: "Re: SSH Auth Failure?"
- Reply: Johan Andersson: "Re: SSH Auth Failure?"
- Reply: Michael Schwendt: "Re: SSH Auth Failure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
