On Tue, May 20, 2008 at 08:45:20PM +0100, Alexandros Papadopoulos wrote: > a) How/why were my active connections to the server killed right after > upgrading and Don't know, I've never seen this behaviour on a debian system. > b) Why I am not allowed access now that I try to utilise the simplest > of all, keyboard interactive authentication. I'd suspect breakage > between the new openssh daemon and the authentication mechanisms (PAM, > GSSAPI, you-name-it), but on two different distributions > simultaneously? Have you ever tested password authentication before the upgrade? From experience there are many small bits here and there that may cause issues with password authentication for various versions of sshd. Debugging may take some time. > I'd appreciate any helpful comment both for my case and for the > benefit of anyone else who gets "bit" by what has historically been a > quite safe and painless procedure: updating a Debian system. Alternative approach: don't rely on password authentication. 1) Create a new temporary keypair on a non-vulnerable system and protect the key with a good passphrase. 2) Install the temporary public key on the vulnerable system *before* the upgrade. Because it is no weak key, it won't be blacklisted. Note: You rely on the pasphrase protection of the key, because you currently have no secured connection to the vulnerable system. 3) Test access with the temporary key 4) Upgrade ssh 5) Create/install a new final keypair with your usual processes In your case this procedure should be still possible, if you have local staff to add the temporary key in your authized_keys. HTH, Michel
Attachment:
signature.asc
Description: Digital signature