Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Dev
Password authentication problems
jartit at hotmail
Apr 21, 2000, 7:16 AM
Post #1 of 3 (749 views)
Permalink
I'm having a problem getting OpenSSH to correctly authenticate passwords.
I'm doing authentication against a shadow file (/etc/shadow) because I don't
have PAM installed.

I'm using Slackware 7.0, OpenSSH 1.2.3, OpenSSL 0.95a, and glibc with the
crypt addon.

Here is the funny thing about it though. I edited the file that has the code
for authenication (auth-password.c I think, I'm not sure since I'm in
Windows at the moment). I added code to display both the password from the
client and then the crypted password from the client.

The unencrypted password is correct, so the server is getting the right
password. But after it performs a crypt() on it, it gets the WRONG hash! The
hash isn't the same as what is in the shadow file, and so the authentication
fails.

Now I'm not sure what to do from there. This has happened on 3 different
machines, all running slack 7. Any ides where to go from here?

If you need more info (like the debug output from the server), I'd be happy
to provide it.

Thanks,

Artit J.
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Re: Password authentication problems [ In reply to ]
rjune at ims1
Apr 21, 2000, 7:37 AM
Post #2 of 3 (733 views)
Permalink
I've already solved this. OpenSSL implements crypt on it's own, This crypt
uses the standard 2 char salt, libcrypt in Slak uses an 11 char crypt. to
make it work edit the OpenSSH Makefile and find the line where it
specifies what libraries to link agains. -lcrypto specificly. put -lcrypt
in front of this. You will also find some other problems regarding
OpenSSH and slak 7 I'll send you a list.

On Fri, 21 Apr 2000, Artit Jirapatnakul wrote:

> I'm having a problem getting OpenSSH to correctly authenticate passwords.
> I'm doing authentication against a shadow file (/etc/shadow) because I don't
> have PAM installed.
>
> I'm using Slackware 7.0, OpenSSH 1.2.3, OpenSSL 0.95a, and glibc with the
> crypt addon.
>
> Here is the funny thing about it though. I edited the file that has the code
> for authenication (auth-password.c I think, I'm not sure since I'm in
> Windows at the moment). I added code to display both the password from the
> client and then the crypted password from the client.
>
> The unencrypted password is correct, so the server is getting the right
> password. But after it performs a crypt() on it, it gets the WRONG hash! The
> hash isn't the same as what is in the shadow file, and so the authentication
> fails.
>
> Now I'm not sure what to do from there. This has happened on 3 different
> machines, all running slack 7. Any ides where to go from here?
>
> If you need more info (like the debug output from the server), I'd be happy
> to provide it.
>
> Thanks,
>
> Artit J.
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
>
Re: Password authentication problems [ In reply to ]
djm at mindrot
Apr 29, 2000, 12:23 AM
Post #3 of 3 (735 views)
Permalink
On Fri, 21 Apr 2000, Artit Jirapatnakul wrote:

> I'm having a problem getting OpenSSH to correctly authenticate
> passwords. I'm doing authentication against a shadow file
> (/etc/shadow) because I don't have PAM installed.
>
> I'm using Slackware 7.0, OpenSSH 1.2.3, OpenSSL 0.95a, and glibc
> with the crypt addon.

Did you compile with --with-md5-passwords?

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal