Re: SSH permits root-Logins with wrong password

To: debian-user@lists.debian.org
Subject: Re: SSH permits root-Logins with wrong password
From: Hamilton Coutinho <hamiltonc@via-rs.net>
Date: Thu, 17 Jun 2004 12:45:38 -0300
Message-id: <[🔎] 20040617154538.GF6266@tteng.com.br>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20040616154332.GA3907@thelogic.org>
References: <[🔎] 20040616154332.GA3907@thelogic.org>

On Wed, Jun 16, 2004 at 05:43:32PM +0200, Frank Niedermann wrote:
<snip>
> 
> If I try to use 'x' as wrong password, ssh won't let me in:
> root@dettlx18's password:
> Permission denied (publickey,password,keyboard-interactive).
> 
> Just as I would expect it. If I use a longer or similar password as the
> real root password, ssh will let me log in, example:
> real root password = linux4me -> success :)
> fake root password = fun4linux -> success! :(
> 
> The ssh package version:
> ii ssh 3.8p1-3 Secure rlogin/rsh/rcp replacement (OpenSSH) 
> 
> Any idea about that behavor?

Do you have public keys installed on that server? If you have a key with
one password which is different from root's password on that machine, it
can explain this behavior.

HTH.

-- 
Hamilton Coutinho          | panic("Aarggh: attempting to free lock with
hamiltonc@via-rs.net       | active wait queue - shoot Andy");
Porto Alegre - RS - Brasil | 	2.0.38 /usr/src/linux/fs/locks.c

Reply to:

References:
- SSH permits root-Logins with wrong password
  - From: Frank Niedermann <fbn@thelogic.org>

Prev by Date: Re: Pros/Cons Kde vs Gnome?
Next by Date: doc-central: empty category/section
Previous by thread: Re: SSH permits root-Logins with wrong password
Next by thread: Re: SSH permits root-Logins with wrong password
Index(es):
- Date
- Thread