Hi,
I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but failed
to login
using root and users' passwords. Password authentication failed all the time
and it
prompted "Permission Denied" on the command line.
A message, "Failed password for [user] from .." was logged in
au
On Mon, Nov 12, 2001 at 10:46:13AM +0100, Beno?t MARTINET wrote:
> Hi,
>
> I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but failed
> to login
> using root and users' passwords. Password authentication failed all the time
> and it
> prompted "Permission Denied" on the command
Hi there!
During this weekend, there has been paper posted to bugtraq named "Analysis of
SSH crc32 compensation attack detector exploit". It talks about a recorded
successful exploit using overflow in CRC32 compensation attack detection code, a
hole, which was discovered in February this year
On Mon, Nov 12, 2001 at 11:30:49AM +0100, Michal Kara wrote:
> Hi there!
>
> During this weekend, there has been paper posted to bugtraq named "Analysis of
> SSH crc32 compensation attack detector exploit". It talks about a recorded
> successful exploit using overflow in CRC32 compensation at
Am Mon, 12. Nov 2001, 11:30:49 +0100 schrieb Michal Kara:
> Hi there!
>
> During this weekend, there has been paper posted to bugtraq named "Analysis of
> SSH crc32 compensation attack detector exploit". It talks about a recorded
> successful exploit using overflow in CRC32 compensation attac
(Sorry, I've already post this message, but without subject...)
Hi,
I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but failed
to login using root and users' passwords. Password authentication failed all
the time and it prompted "Permission Denied" on the command line.
A m
* Michal Kara <[EMAIL PROTECTED]> [02 11:35]:
> Hi there!
Hi
> During this weekend, there has been paper posted to bugtraq named
> "Analysis of SSH crc32 compensation attack detector exploit". It
> talks about a recorded successful exploit using overflow in CRC32
> compensation att
Have you configured it with:
--with-md5-passwords
?
Thus spake Benoît MARTINET, on Mon, Nov 12, 2001 at 12:00:12PM +0100:
> (Sorry, I've already post this message, but without subject...)
>
> Hi,
>
> I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but failed
> to login using
This sounds like something I had to help a friend out with this
recently. Took me ~15sec to tell him his problem. Configure openssh3
like so:
./configure --with-pam
If it whines about the pam headers, pop into dselect and grab 'em, then
try it again, compile, install, restart ssh, give a go-roun
> I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but
> failed
> to login using root and users' passwords. Password authentication failed
> all the time and it prompted "Permission Denied" on the command line.
>
> A message, "Failed password for [user] from .." was l
On Mon, Nov 12, 2001 at 02:21:11PM +0100, Carsten Nottebohm wrote:
> Looks fine to me.
> I think OpenSSH uses /etc/pam.d/sshd (Note the "d" in the end). Try renaming your
>pam config file.
To be exact, SSH uses whatever the binary is named. So if you name it
opensshd it'll use /etc/pam.d/openssh
> > I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but
> > failed to login using root and users' passwords. Password
> > authentication failed all the time and it prompted "Permission Denied"
[...]
> Have you configured it with:
>
> --with-md5-passwords ?
Thanks, that solve
Thus spake Benoît MARTINET, on Mon, Nov 12, 2001 at 02:52:15PM +0100:
> > > I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but
> > > failed to login using root and users' passwords. Password
> > > authentication failed all the time and it prompted "Permission Denied"
>
> [...]
A quick question concerning such things...
I have a remote server that I do not trust myself to upgrade from
Potato(e) to Woody, and such vulnerabilities do worry me a little. Is
there any general expectation that such "back porting" will continue
once Woody is released?
Curt-
-Original Mes
Previously Howland, Curtis wrote:
> I have a remote server that I do not trust myself to upgrade from
> Potato(e) to Woody, and such vulnerabilities do worry me a little. Is
> there any general expectation that such "back porting" will continue
> once Woody is released?
I expect only for a limite
On Tue, Nov 13, 2001 at 09:02:56AM +0900, Howland, Curtis wrote:
> A quick question concerning such things...
>
> I have a remote server that I do not trust myself to upgrade from
> Potato(e) to Woody, and such vulnerabilities do worry me a little. Is
> there any general expectation that such "ba
Thanks.
I've been keeping it up to date weekly or so, but just to be sure I
changed the sources.list to be "... potato/..." instead of "...
stable/..." for when "stable" changes.
Even a blank-disk install of Woody wasn't straight forward. The kernel
in the distribution tar file was 2.2.xx, chang
On Tue, Nov 13, 2001 at 09:25:29AM +0900, Howland, Curtis wrote:
> Thanks.
>
> I've been keeping it up to date weekly or so, but just to be sure I
> changed the sources.list to be "... potato/..." instead of "...
> stable/..." for when "stable" changes.
>
> Even a blank-disk install of Woody was
The tar file that contains the "base" Woody install, which is used as
the jumping off point for installation.
The tar file has binary kernel, /boot, /proc and other directories, I'm
not sure exactly what the limit to its contents is. I found this out by
building a CD via the "assemble the CD imag
On Tue, 13 Nov 2001, Howland, Curtis wrote:
> The tar file that contains the "base" Woody install, which is used as
> the jumping off point for installation.
There isn't one, at least not for bootflopies. We use debootstrap to fetch
the most up-to-date packages of that distribution and install th
On Tue, Nov 13, 2001 at 09:41:54AM +0900, Howland, Curtis wrote:
> The tar file that contains the "base" Woody install, which is used as
> the jumping off point for installation.
there is no such thing.
> The tar file has binary kernel, /boot, /proc and other directories, I'm
> not sure exactly
I will gladly grant that the tar file may not exist for the boot
floppies, and that I do not have on hand the CD to check it. It also may
have been a Potato(e) phenominon, no longer in use. However, it did
exist.
Which makes me wonder, why ship Woody with 2.2.20 at all? Oh well, not
my decision.
On Tue, Nov 13, 2001 at 10:10:10AM +0900, Howland, Curtis wrote:
> I will gladly grant that the tar file may not exist for the boot
> floppies, and that I do not have on hand the CD to check it. It also may
> have been a Potato(e) phenominon, no longer in use. However, it did
> exist.
yes release
On Mon, Nov 12, 2001 at 05:54:04PM -0800, Ethan Benson wrote:
> On Tue, Nov 13, 2001 at 10:10:10AM +0900, Howland, Curtis wrote:
> > I will gladly grant that the tar file may not exist for the boot
> > floppies, and that I do not have on hand the CD to check it. It also
> may
> > have been a Potat
On 2001-11-10 00:17 Vineet Kumar wrote:
> * Sebastiaan ([EMAIL PROTECTED]) [011109 14:44]:
> > High,
> >
> > On Fri, 9 Nov 2001, Ed Street wrote:
> >
> > > Hey,
> > >
> > > Is there *anything* we can do about all this Spam that's getting on this
> > > list?
> > >
>
> Yes. We can silently ignore t
While the traffic load on debian-user, for instance, makes subscribing
just to ask one question somewhat hazardous to ones mailspool, I agree
with making debian-security "posting by subscriber only". It really
isn't "moderating", and doesn't take anyones time.
To whom should we address the sugges
hello there,
I would like to do a rule that mirror the packets that incoming from a
portscanner.
The rule must return the packets to the source. If anyone scan my machine
ports, the result will be the list of source address open ports.
Anyone could help me with this rule?
phadell
ps.: sorr
On 2001-11-12 16:54 Ethan Benson wrote:
On Tue, Nov 13, 2001 at 10:10:10AM +0900, Howland, Curtis wrote:
CH> Which makes me wonder, why ship Woody with 2.2.20 at all? Oh well, not
CH> my decision.
EB> because 2.4 is not stable yet.
*applause* I was hoping for that. Great decision. In fact the
On Tue, Nov 13, 2001 at 02:06:56AM -0200, phadell wrote:
> hello there,
>
> I would like to do a rule that mirror the packets that incoming from a
> portscanner.
> The rule must return the packets to the source. If anyone scan my machine
> ports, the result will be the list of source address
Hi,
I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but failed
to login
using root and users' passwords. Password authentication failed all the time
and it
prompted "Permission Denied" on the command line.
A message, "Failed password for [user] from .." was logged in
aut
On Mon, Nov 12, 2001 at 10:46:13AM +0100, Beno?t MARTINET wrote:
> Hi,
>
> I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but failed
> to login
> using root and users' passwords. Password authentication failed all the time
> and it
> prompted "Permission Denied" on the command l
Hi there!
During this weekend, there has been paper posted to bugtraq named "Analysis of
SSH crc32 compensation attack detector exploit". It talks about a recorded
successful exploit using overflow in CRC32 compensation attack detection code, a
hole, which was discovered in February this year.
On Mon, Nov 12, 2001 at 11:30:49AM +0100, Michal Kara wrote:
> Hi there!
>
> During this weekend, there has been paper posted to bugtraq named "Analysis
> of
> SSH crc32 compensation attack detector exploit". It talks about a recorded
> successful exploit using overflow in CRC32 compensation
Am Mon, 12. Nov 2001, 11:30:49 +0100 schrieb Michal Kara:
> Hi there!
>
> During this weekend, there has been paper posted to bugtraq named "Analysis
> of
> SSH crc32 compensation attack detector exploit". It talks about a recorded
> successful exploit using overflow in CRC32 compensation att
(Sorry, I've already post this message, but without subject...)
Hi,
I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but failed
to login using root and users' passwords. Password authentication failed all
the time and it prompted "Permission Denied" on the command line.
A me
* Michal Kara <[EMAIL PROTECTED]> [02 11:35]:
> Hi there!
Hi
> During this weekend, there has been paper posted to bugtraq named
> "Analysis of SSH crc32 compensation attack detector exploit". It
> talks about a recorded successful exploit using overflow in CRC32
> compensation atta
Have you configured it with:
--with-md5-passwords
?
Thus spake Benoît MARTINET, on Mon, Nov 12, 2001 at 12:00:12PM +0100:
> (Sorry, I've already post this message, but without subject...)
>
> Hi,
>
> I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but failed
> to login using
This sounds like something I had to help a friend out with this
recently. Took me ~15sec to tell him his problem. Configure openssh3
like so:
./configure --with-pam
If it whines about the pam headers, pop into dselect and grab 'em, then
try it again, compile, install, restart ssh, give a go-round
> I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but
> failed
> to login using root and users' passwords. Password authentication failed
> all the time and it prompted "Permission Denied" on the command line.
>
> A message, "Failed password for [user] from .." was lo
On Mon, Nov 12, 2001 at 02:21:11PM +0100, Carsten Nottebohm wrote:
> Looks fine to me.
> I think OpenSSH uses /etc/pam.d/sshd (Note the "d" in the end). Try renaming
> your pam config file.
To be exact, SSH uses whatever the binary is named. So if you name it
opensshd it'll use /etc/pam.d/openssh
> > I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but
> > failed to login using root and users' passwords. Password
> > authentication failed all the time and it prompted "Permission Denied"
[...]
> Have you configured it with:
>
> --with-md5-passwords ?
Thanks, that solve
Thus spake Benoît MARTINET, on Mon, Nov 12, 2001 at 02:52:15PM +0100:
> > > I've just compiled & installed openssh-3.0p1 on my Debian 2.2 but
> > > failed to login using root and users' passwords. Password
> > > authentication failed all the time and it prompted "Permission Denied"
>
> [...]
A quick question concerning such things...
I have a remote server that I do not trust myself to upgrade from
Potato(e) to Woody, and such vulnerabilities do worry me a little. Is
there any general expectation that such "back porting" will continue
once Woody is released?
Curt-
-Original Mess
Previously Howland, Curtis wrote:
> I have a remote server that I do not trust myself to upgrade from
> Potato(e) to Woody, and such vulnerabilities do worry me a little. Is
> there any general expectation that such "back porting" will continue
> once Woody is released?
I expect only for a limited
On Tue, Nov 13, 2001 at 09:02:56AM +0900, Howland, Curtis wrote:
> A quick question concerning such things...
>
> I have a remote server that I do not trust myself to upgrade from
> Potato(e) to Woody, and such vulnerabilities do worry me a little. Is
> there any general expectation that such "bac
Thanks.
I've been keeping it up to date weekly or so, but just to be sure I
changed the sources.list to be "... potato/..." instead of "...
stable/..." for when "stable" changes.
Even a blank-disk install of Woody wasn't straight forward. The kernel
in the distribution tar file was 2.2.xx, changi
On Tue, Nov 13, 2001 at 09:25:29AM +0900, Howland, Curtis wrote:
> Thanks.
>
> I've been keeping it up to date weekly or so, but just to be sure I
> changed the sources.list to be "... potato/..." instead of "...
> stable/..." for when "stable" changes.
>
> Even a blank-disk install of Woody wasn
The tar file that contains the "base" Woody install, which is used as
the jumping off point for installation.
The tar file has binary kernel, /boot, /proc and other directories, I'm
not sure exactly what the limit to its contents is. I found this out by
building a CD via the "assemble the CD image
On Tue, 13 Nov 2001, Howland, Curtis wrote:
> The tar file that contains the "base" Woody install, which is used as
> the jumping off point for installation.
There isn't one, at least not for bootflopies. We use debootstrap to fetch
the most up-to-date packages of that distribution and install the
On Tue, Nov 13, 2001 at 09:41:54AM +0900, Howland, Curtis wrote:
> The tar file that contains the "base" Woody install, which is used as
> the jumping off point for installation.
there is no such thing.
> The tar file has binary kernel, /boot, /proc and other directories, I'm
> not sure exactly w
I will gladly grant that the tar file may not exist for the boot
floppies, and that I do not have on hand the CD to check it. It also may
have been a Potato(e) phenominon, no longer in use. However, it did
exist.
Which makes me wonder, why ship Woody with 2.2.20 at all? Oh well, not
my decision.
On Tue, Nov 13, 2001 at 10:10:10AM +0900, Howland, Curtis wrote:
> I will gladly grant that the tar file may not exist for the boot
> floppies, and that I do not have on hand the CD to check it. It also may
> have been a Potato(e) phenominon, no longer in use. However, it did
> exist.
yes releases
On Mon, Nov 12, 2001 at 05:54:04PM -0800, Ethan Benson wrote:
> On Tue, Nov 13, 2001 at 10:10:10AM +0900, Howland, Curtis wrote:
> > I will gladly grant that the tar file may not exist for the boot
> > floppies, and that I do not have on hand the CD to check it. It also
> may
> > have been a Potato
On 2001-11-10 00:17 Vineet Kumar wrote:
> * Sebastiaan ([EMAIL PROTECTED]) [011109 14:44]:
> > High,
> >
> > On Fri, 9 Nov 2001, Ed Street wrote:
> >
> > > Hey,
> > >
> > > Is there *anything* we can do about all this Spam that's getting on this
> > > list?
> > >
>
> Yes. We can silently ignore th
While the traffic load on debian-user, for instance, makes subscribing
just to ask one question somewhat hazardous to ones mailspool, I agree
with making debian-security "posting by subscriber only". It really
isn't "moderating", and doesn't take anyones time.
To whom should we address the suggest
hello there,
I would like to do a rule that mirror the packets that incoming from a
portscanner.
The rule must return the packets to the source. If anyone scan my machine
ports, the result will be the list of source address open ports.
Anyone could help me with this rule?
phadell
ps.: sorry
On 2001-11-12 16:54 Ethan Benson wrote:
On Tue, Nov 13, 2001 at 10:10:10AM +0900, Howland, Curtis wrote:
CH> Which makes me wonder, why ship Woody with 2.2.20 at all? Oh well, not
CH> my decision.
EB> because 2.4 is not stable yet.
*applause* I was hoping for that. Great decision. In fact the o
On Tue, Nov 13, 2001 at 02:06:56AM -0200, phadell wrote:
> hello there,
>
> I would like to do a rule that mirror the packets that incoming from a
> portscanner.
> The rule must return the packets to the source. If anyone scan my machine
> ports, the result will be the list of source address o
58 matches
Mail list logo
