Bugtraq mailing list archives

Re: SSH 1.x and 2.x Daemon

From: kuruption () CHA0S COM (KuRuPTioN)
Date: Mon, 25 Jan 1999 15:22:03 -0500


Hello again.

I have been brainstorming with a few people and I have found a solution to
the problem I was experiencing.  This solution works in both SSH 1.2.26 (not
1.2.27, as I was delusional that day) and SSH 2.0.11.

In SSH 1.2.26 adding the -DHAVE_STRUCT_SPWD_EXPIRE to the Makefile in the
top of the SSH tree with fix the problem.

In SSH 2.0.11 adding the same -DHAVE_STRUCT_SPWD_EXPIRE to
ssh-2.0.11/lib/sshsession/Makefile.  In both case, I added it to the 'defs
=' section and it worked fine, but maybe there is a cleaner way to do this.

In regards to -with-login, I have tried it and gotten errors not allowing me
to login at all.  I do not remember the exact problem, but I know it did not
work.  (I am too lazy right now to replicate the error).

Thanks to everyone who responded and lent me a hand.

Raymond T Sundland


-----Original Message-----
From:   Linux Mailing Lists [mailto:linux () aiind upv es]
Sent:   Monday, January 25, 1999 2:40 PM
To:     BUGTRAQ () NETSPACE ORG
Cc:     kuruption () CHA0S COM
Subject:        Re: SSH 1.x and 2.x Daemon


Hello,

There seems to be incomplete code in the SSH daemon in both versions

1.2.27

and 2.0.11 (only tested).  The bug simply allows users who with expired
accounts (in /etc/shadow) to continue to login even though other such
services such as ftp and telnet deny access.  Here is the log using

1.2.27

(but the same happens with 2.0.11).


        This is not the case with ssh 1.1.26 running on FreeBSD 2.2.8
        If I expire an account:
        Expire [month day year]: January 1, 1999
        Then when I try to ssh in I just get:
        Permission denied.



There's a configure parameter to use the "usual" /bin/login program
instead of the login procedure implemented with ssh:

  --with-login[=PATH]     Use login -f to finish login connections.

On one hand, a possible fix (temporal, of course) is to compile sshd with
support for /bin/login. The features of the shadow-suite will be back.

On the other hand, SSH 1.2.26 seems to implement the expiration date of
accounts (grep expire sshd.c), but I don't know if it does it ok.

Greetings,

                                                        Sergio

Current thread:

Perl.exe and IIS security advisory, (continued)
- - Perl.exe and IIS security advisory mnemonix (Jan 22)
    - Re: Perl.exe and IIS security advisory Tabor J. Wells (Jan 24)
    - Repost: Wietse's FTP site has moved Wietse Venema (Jan 25)
    - Using Example Domain Names in Exploits bandregg () REDHAT COM (Jan 25)
    - IIS Advisory Update Marc (Jan 24)
- backdoored tcp wrapper source code Wietse Venema (Jan 21)
  - Re: backdoored tcp wrapper source code John Stange (Jan 23)
    - SSH 1.x and 2.x Daemon KuRuPTioN (Jan 23)
    - Re: SSH 1.x and 2.x Daemon Jan B. Koum (Jan 24)
    - Re: SSH 1.x and 2.x Daemon Linux Mailing Lists (Jan 25)
    - Re: SSH 1.x and 2.x Daemon KuRuPTioN (Jan 25)
    - Re: SSH 1.x and 2.x Daemon Alan Olsen (Jan 24)
    - baynetworks router DoS Virsoft (Jan 25)
    - Re: baynetworks router DoS Neale Banks (Jan 26)
    - 2.2.0 SECURITY (fwd) Aaron Lehmann (Jan 26)
    - IBM CICS Universal Client 3.x Rude Yak (Jan 27)
    - Re: SSH 1.x and 2.x Daemon Yutaka OIWA (Jan 25)
    - Call for Papers: UNIX AND WINDOWS NT Fred Donck (Jan 25)
    - New IE4 privacy issue aleph1 () UNDERGROUND ORG (Jan 25)
    - Re: SSH 1.x and 2.x Daemon Jim Bourne (Jan 25)
    - Re: backdoored tcp wrapper source code Wietse Venema (Jan 23)

(Thread continues...)