Greetings. I have been trying to test my configuration of openssh 1.2.3. Really what I want to do is to login to a Red Hat server that is running the 'commercial' version of ssh. I cannot do this. When I run a command $ ssh -l [EMAIL PROTECTED] ssh just hangs indefinitely until I <ctrl-c>. So, I wanted to make sure I can ssh to my own box first. I cannot do that either. Based on the FAQ question #11 (http://www.openssh.com/faq.html) and reading several threads in alt.os.linux.slackware, I used the following configure command for building openssh makefile: $ LIBS=-lcrypt ./configure --without-pam --with-md5-passwords --sysconfdir=/etc/ssh --prefix=/usr I then issued: $ make; make install; make host-key (as root). I started the sshd in debug mode and tried to 'ssh jccann -l localhost'. Here is the output: jumanji:/etc# sshd -d debug: sshd version OpenSSH-1.2.3 debug: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug: Server will not fork when running in debugging mode. Connection from 24.6.231.152 port 751 debug: Client protocol version 1.5; client software version OpenSSH-1.2.3 debug: Sent 768 bit public key and 1024 bit host key. debug: Encryption type: 3des debug: Received session key; encryption turned on. debug: Installing crc compensation attack detector. Faking authloop for illegal user jccann from 24.6.231.152 port 751 Connection closed by 24.6.231.152 debug: Calling cleanup 0x8056854(0x0) I have regenerated my key (using ssh-keygen) as user 'jccann'. I have verified that when prompted by ssh I typed the same password that I used during 'ssh-keygen'. I even recompiled zlib, openSSL, and openSSH. The second time, I ran 'make test for both zlib and openSSL. Okay, now I am in the debugger, running sshd. I am looking at sshd.c, lines 1230-1234 (sshd.c,v 1.92 2000/03/16 20:56:15 markus) 1230 /* Verify that the user is a valid user. */ 1231 pw = getpwnam(user); 1232 if (!pw || !allowed_user(pw)) 1233 do_fake_authloop(user); 1234 xfree(user); Slackware uses md5 encryption, so my encrypted password is not in /etc/passwd, but in /etc/shadow. While running the sshd in the debugger, the getpwnam() function is reading the 2nd field from /etc/passwd *not* /etc/shadow. I know this because the value of pw->pw_passwd is 'x'. In fact, all password 'values' in /etc/passwd are 'x' under this system. I then copied /etc/shadow to /etc/password and tried it again. This time, my pw->passwd was my encrypted passwd. I have not tried to track down code further. I am not sure if this is actually a bug or a configuration problem. Most likely, it is a configuration problem. I am happy to continue to trace down the stack to determine why md5 is not working because I am *positive* that it's compiled into sshd. Suggestions and tips are totally appreciated. Thanks, Jeff -- Fight UCITA in Colorado! http://mridanga.com
