Re: SSH permits root-Logins with wrong password

To: debian-user@lists.debian.org
Subject: Re: SSH permits root-Logins with wrong password
From: Frank Niedermann <fbn@thelogic.org>
Date: Wed, 16 Jun 2004 22:15:42 +0200
Message-id: <[🔎] 20040616201542.GB10194@thelogic.org>
In-reply-to: <[🔎] Pine.LNX.4.53.0406161601500.16087@perrin.socsci.unc.edu>
References: <[🔎] 20040616194133.GA10194@thelogic.org> <[🔎] Pine.LNX.4.53.0406161601500.16087@perrin.socsci.unc.edu>

On 2004-06-16 at 16:02:59, Andrew Perrin wrote:
> > >> > I have a Debian testing server on my network with OpenSSH running.
> > >> > If I try to log in as root but with wrong password I get access...

> Quick questions:
> (1) how long is the password?; and
> (2) is the variation you're trying at the end?

(1) password is 8 chars long

(2) no it's not, example:
  correct password: one4two
  wrong password: three4one

> some hash techniques limit password length and truncate the string after
> that point, so if you're changing or appending a character after that
> point you would get the behavior you describe.

this case does not apply with the two passwords used.

Regards,
  Frank

-- 
  Mail: fbn@thelogic.org
  XMPP: fbn@charente.de

Reply to:

Follow-Ups:
- Re: SSH permits root-Logins with wrong password
  - From: Carl Fink <carl@fink.to>

References:
- Re: SSH permits root-Logins with wrong password
  - From: Frank Niedermann <fbn@thelogic.org>
- Re: SSH permits root-Logins with wrong password
  - From: Andrew Perrin <clists@perrin.socsci.unc.edu>

Prev by Date: Re: Question about X Window Crashing
Next by Date: Re: getting started with LISP
Previous by thread: Re: SSH permits root-Logins with wrong password
Next by thread: Re: SSH permits root-Logins with wrong password
Index(es):
- Date
- Thread