Re: SSH permits root-Logins with wrong password

To: debian-user@lists.debian.org
Subject: Re: SSH permits root-Logins with wrong password
From: Frank Niedermann <fbn@thelogic.org>
Date: Wed, 16 Jun 2004 21:41:33 +0200
Message-id: <[🔎] 20040616194133.GA10194@thelogic.org>

On Wed, 16 Jun 2004 10:35:33 Patrick Lane <patrick.m.lane@csun.edu> wrote:

>> > I have a Debian testing server on my network with OpenSSH running.
>> > If I try to log in as root but with wrong password I get access...

> tried to duplicate this on a sid box and a sarge box (that hasn't been
> upgraded for awhile). I couldn't duplicate your results. 

I think my results are so strange because the wrong password contains
parts of the right password. As I said, if I try to log in with 'x' as
password I get the same results as you described.

> The sid box has 
> ii  ssh            3.8.1p1-4      Secure rlogin/rsh/rcp replacement

I've done an upgrade to the testing packages today after my posting to
the list but ssh still is in version 3.8p1-3 ...

I'll update the ssh package to unstable tomorrow at work and hope the
problem will be gone but how can we be sure that there is no general
issue about this version of sshd?

Does it make sense to you to see my sshd-config? Or could this be a
misconfigured pam or something like this?

Regards,
  Frank
-- 
  Mail: fbn@thelogic.org
  XMPP: fbn@charente.de

Reply to:

Follow-Ups:
- Re: SSH permits root-Logins with wrong password
  - From: Andrew Perrin <clists@perrin.socsci.unc.edu>

Prev by Date: Default config file for 3.0?
Next by Date: Re: SSH permits root-Logins with wrong password
Previous by thread: Re: SSH permits root-Logins with wrong password
Next by thread: Re: SSH permits root-Logins with wrong password
Index(es):
- Date
- Thread