Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SSH 1.x and 2.x Daemon

From: casper () HOLLAND SUN COM (Casper Dik)
Date: Thu, 11 Feb 1999 17:33:24 +0100


No standard Unix 64-bit password can ever be encoded as anything but 11
characters plus 2 more for the "salt".  Any field that is less than 13
characters can never match a valid password and will always result in a
locked account.  To be ultra careful any field longer than 13 characters
should be searched for illegal characters, i.e. any non-alpha-numeric or
not '.' and '/'.  However in practice one can also assume that any field
longer than 13 characters results in a locked account.


It should be notedm though, that some shadow password implementations
encoded password attributes by adding ",attributes" to the encrypted
string.

Also, in SunOS 4.x "magic" shadow password, the password would look
like "##user".



I don't think it's really all that easy to make ssh work safely without
involving the system's login program or PAM, if it has it.

When exec'ing login, the daemon loses track of the fact whether authentication
was actually successful;  so it can't safely do port/X forwarding in such
cases.

Casper
Previous By Date Next
Previous By Thread Next

Current thread: