Bug#341781: ssh: Unable to use hostbased authentication due to hostname mistmatches

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#341781: ssh: Unable to use hostbased authentication due to hostname mistmatches
From: Marc Singer <elf@buici.com>
Date: Fri, 02 Dec 2005 15:58:43 -0800
Message-id: <[🔎] 20051202235843.22107.qmail@florence.buici.com>
Reply-to: Marc Singer <elf@buici.com>, 341781@bugs.debian.org

Package: ssh
Version: 1:3.8.1p1-8.sarge.4
Severity: important


After an upgrade of SSH, hostbased authentication stopped working.
I've spent some time recompiling the package with more debug
information and I believe I have found the rootcause, though I don't
know what part of the package changed.

The symptom is that the hostbased authentication always fails to
accept the host keys and instead either asks for a password, or for
the user's RSA key passphrase.   The reason the remote machine
rejected the request is in check_rhosts_file(); the hostnames are
different.  One has a trailing period and the other does not.  By
adding a period to the .shosts hostname, the check succeeds.

Unfortunately, that isn't sufficient.  Adding the period later breaks
the monitor_valid_hostbasedblob() call where again, one hostname ends
with a period and the other does not.

It is possible that this is the same problem as #115286.

The next place to look is in the code that passes the requestor's
hostname to check_rthosts_file().  


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.7
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages ssh depends on:
ii  adduser                3.63              Add and remove users and groups
ii  debconf                1.4.30.13         Debian configuration management sy
ii  dpkg                   1.10.28           Package maintenance system for Deb
ii  libc6                  2.3.2.ds1-22      GNU C Library: Shared libraries an
ii  libpam-modules         0.76-22           Pluggable Authentication Modules f
ii  libpam-runtime         0.76-22           Runtime support for the PAM librar
ii  libpam0g               0.76-22           Pluggable Authentication Modules l
ii  libssl0.9.7            0.9.7e-3sarge1    SSL shared libraries
ii  libwrap0               7.6.dbs-8         Wietse Venema's TCP wrappers libra
ii  zlib1g                 1:1.2.2-4.sarge.2 compression library - runtime

-- debconf information:
* ssh/privsep_tell:
  ssh/insecure_rshd:
  ssh/privsep_ask: true
  ssh/ssh2_keys_merged:
  ssh/user_environment_tell:
* ssh/forward_warning:
  ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: true
  ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
* ssh/SUID_client: true
  ssh/disable_cr_auth: false

Reply to:

Prev by Date: Bug#341767: simple script causes sshd to run out of memory and die
Next by Date: Bug#341883: openssh-server: doesn't log bad login attempts to /var/log/btmp
Previous by thread: Bug#341767: simple script causes sshd to run out of memory and die
Next by thread: Bug#341883: openssh-server: doesn't log bad login attempts to /var/log/btmp
Index(es):
- Date
- Thread