[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Upgrade from woody to sarge - ssh strangeness

Quoting aaron@sysdev.oucs.ox.ac.uk:

> Is compression delayed likely to be the problem ?
> (see the note from the changelog below)
> aaron
>  - Add a new compression method ("Compression delayed") that delays zlib
>    compression until after authentication, eliminating the risk of zlib
>    vulnerabilities being exploited by unauthenticated users. Note that
>    users of OpenSSH versions earlier than 3.5 will need to disable
>    compression on the client or set "Compression yes" (losing this
>    security benefit) on the server.

Tried both yes and no on 'Compression ...', but it didn't change anything...

Quoting The Fungi <fungi@yuggoth.org>:

> If memory serves, you need to edit /etc/ssh/sshd_config, uncomment
> the "PasswordAuthentication yes" line, and reload ssh.

With that, I only get:

Jan 16 08:28:01 pumba sshd[24998]: Failed password for turbo from <windows_machine_behind_linux_NAT_firewall> port 1956 ssh2
Jan 16 08:28:13 pumba sshd[25003]: error: Could not get shadow information for turbo
Jan 16 08:28:13 pumba sshd[25003]: Failed password for turbo from <windows_machine_behind_linux_NAT_firewall> port 1957 ssh2

>> The SecureCRT version is a little old, but...
> [...]
> Yeah, I believe newer versions of SecureCRT support not only
> "password" but also the newer "keyboard-interactive" authentication.

Seems like this is the culpit... I'll upgrade my SecureCRT. I downloaded
the demo, and that have the added feature of Kerberos authentication
(something I've been looking for!).

Thanx for the help everyone.
Saddam Hussein genetic 747 domestic disruption fissionable smuggle CIA
Panama cryptographic Qaddafi Ft. Bragg DES iodine AK-47 767
[See http://www.aclu.org/echelonwatch/index.html for more about this]
[Or http://www.europarl.eu.int/tempcom/echelon/pdf/rapport_echelon_en.pdf]
If neither of these works, try http://www.aclu.org and search for echelon.
Note. This is a real, not fiction.

Reply to: