Re: Upgrade from woody to sarge - ssh strangeness

To: debian-devel@lists.debian.org
Subject: Re: Upgrade from woody to sarge - ssh strangeness
From: Turbo Fredriksson <turbo@debian.org>
Date: Tue, 16 Jan 2007 08:31:12 +0100
Message-id: <[🔎] 87ac0jsa0v.fsf@pumba.bayour.com>
In-reply-to: <[🔎] E1H6SZk-0000A0-00@curfew.oucs.ox.ac.uk> (aaron@sysdev.oucs.ox.ac.uk's message of "Mon, 15 Jan 2007 14:12:40 +0000")
References: <[🔎] E1H6SZk-0000A0-00@curfew.oucs.ox.ac.uk>

Quoting aaron@sysdev.oucs.ox.ac.uk:

> Is compression delayed likely to be the problem ?
> (see the note from the changelog below)
>
> aaron
>
>  - Add a new compression method ("Compression delayed") that delays zlib
>    compression until after authentication, eliminating the risk of zlib
>    vulnerabilities being exploited by unauthenticated users. Note that
>    users of OpenSSH versions earlier than 3.5 will need to disable
>    compression on the client or set "Compression yes" (losing this
>    security benefit) on the server.

Tried both yes and no on 'Compression ...', but it didn't change anything...

Quoting The Fungi <fungi@yuggoth.org>:

> If memory serves, you need to edit /etc/ssh/sshd_config, uncomment
> the "PasswordAuthentication yes" line, and reload ssh.

With that, I only get:

Jan 16 08:28:01 pumba sshd[24998]: Failed password for turbo from <windows_machine_behind_linux_NAT_firewall> port 1956 ssh2
Jan 16 08:28:13 pumba sshd[25003]: error: Could not get shadow information for turbo
Jan 16 08:28:13 pumba sshd[25003]: Failed password for turbo from <windows_machine_behind_linux_NAT_firewall> port 1957 ssh2

>> The SecureCRT version is a little old, but...
> [...]
>
> Yeah, I believe newer versions of SecureCRT support not only
> "password" but also the newer "keyboard-interactive" authentication.

Seems like this is the culpit... I'll upgrade my SecureCRT. I downloaded
the demo, and that have the added feature of Kerberos authentication
(something I've been looking for!).

Thanx for the help everyone.
-- 
Saddam Hussein genetic 747 domestic disruption fissionable smuggle CIA
Panama cryptographic Qaddafi Ft. Bragg DES iodine AK-47 767
[See http://www.aclu.org/echelonwatch/index.html for more about this]
[Or http://www.europarl.eu.int/tempcom/echelon/pdf/rapport_echelon_en.pdf]
If neither of these works, try http://www.aclu.org and search for echelon.
Note. This is a real, not fiction.
http://www.theregister.co.uk/2001/09/06/eu_releases_echelon_spying_report/
http://www.aclu.org/safefree/nsaspying/23989res20060131.html#echelon

Reply to:

Follow-Ups:
- Re: Upgrade from woody to sarge - ssh strangeness
  - From: Lionel Elie Mamane <lionel@mamane.lu>

References:
- Re: Upgrade from woody to sarge - ssh strangeness
  - From: aaron@sysdev.oucs.ox.ac.uk

Prev by Date: Re: Debian Mirror with lzma compressed packages
Next by Date: Re: Upgrade from woody to sarge - ssh strangeness
Previous by thread: Re: Upgrade from woody to sarge - ssh strangeness
Next by thread: Re: Upgrade from woody to sarge - ssh strangeness
Index(es):
- Date
- Thread