On Friday June 22 2007 06:06:14 pm Kevin Day wrote: > Okay, based on your tutorials, I got myself a working machine that > uses working blowfish passwords, without Linux-PAM installed. > > Tested with the following combinations gcc-3.4.6, gcc-4.1.2, > gcc-4.2.0, uclibc-0.9.28.3, uclibc-0.9.29, and 3 different versions of > openssh (4.4p2, 4.5p1, 4.6p1). (I hoped to rule out both the libc, the > compiler, and openssh)
I have blowfish in glibc, and I can ssh localhost and log in. So, this looks like an xcrypt problem, not an openssh problem. Debian and Suse both have a libxcrypt package, but I can't tell for sure whether their openssh supports it... Debian's patch is focused on selinux, there's no "xcrypt" in their openssh patch. Suse's openssh-4.2p1-18.12 has "libxcrypt" in the "usedforbuild" line, but no patch seems to be needed. It looks like Suse uses libxcrypt-2.2 vanilla, without any patches against it. Without doing s/lcrypt/lxcrypt/ I don't think Suse is linking openssh to libxcrypt. I don't recall ever personally using libxcrypt with openssh, but I do remember someone emailing me about a function name conflict (openssh also has it's own xcrypt() function), and they got it to work with some minor modifications. As far as I know openssh/openssl doesn't have it's own bcrypt for decrypting blowfish passwords, so it would need to be linked to libxcrypt. I'll keep thinking about it, but right now I'm at a loss for ideas. robert
pgpUPsm61Qlqr.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
