Bugtraq mailing list archives
Re: SSH 1.x and 2.x Daemon
From: jkb () BEST COM (Jan B. Koum)
Date: Sun, 24 Jan 1999 14:39:30 -0800
This is not the case with ssh 1.1.26 running on FreeBSD 2.2.8 If I expire an account: Expire [month day year]: January 1, 1999 Then when I try to ssh in I just get: Permission denied. -- Yan On Sat, Jan 23, 1999 at 05:06:44PM -0500, KuRuPTioN <kuruption () CHA0S COM> wrote:
There seems to be incomplete code in the SSH daemon in both versions 1.2.27 and 2.0.11 (only tested). The bug simply allows users who with expired accounts (in /etc/shadow) to continue to login even though other such services such as ftp and telnet deny access. Here is the log using 1.2.27 (but the same happens with 2.0.11). [root@epicenter /etc]# chage -l lamer Minimum: 3 Maximum: 30 Warning: 5 Inactive: -1 Last Change: Jan 01, 1999 Password Expires: Jan 31, 1999 Password Inactive: Never Account Expires: Jan 22, 1999 [root@epicenter /etc]# date Sat Jan 23 13:57:51 PST 1999 [root@epicenter /etc]# telnet localhost Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. login: lamer Password: Your account has expired. Please contact the system administrator. Connection closed by foreign host. [root@epicenter /etc]# ssh1 -l lamer localhost lamer@127.0.0.1's password: No mail. (lamer@epicenter) lamer> ....... Now I wanted to try whether the account expiration worked using SSH, and it does. If a user's password has expired, then SSH will prompt following the login for the user to enter a new password and disconnect them if they fail to (like a telnet would). I have reported this problem to the SSH bug e-mail address about 2 weeks ago with no response. Current System Configuration: Linux 2.0.36 Shadow Utilities 980724 SSH 1.2.27 and 2.0.11 (both daemons) Any solutions (patch?) to this problem would be appreciated. Currently I just run a shell script to change the user's shell to deny them, but this shouldn't be necessary since this is one of the listed features of the Shadow Utilities. Thanks. Raymond T Sundland
Current thread:
- WebRamp M3 remote network access bug, (continued)
- WebRamp M3 remote network access bug John Stanley (Jan 21)
- Re: WebRamp M3 remote network access bug James Egelhof (Jan 21)
- Perl.exe and IIS security advisory mnemonix (Jan 22)
- Re: Perl.exe and IIS security advisory Tabor J. Wells (Jan 24)
- Repost: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Using Example Domain Names in Exploits bandregg () REDHAT COM (Jan 25)
- IIS Advisory Update Marc (Jan 24)
- WebRamp M3 remote network access bug John Stanley (Jan 21)
- backdoored tcp wrapper source code Wietse Venema (Jan 21)
- Re: backdoored tcp wrapper source code John Stange (Jan 23)
- SSH 1.x and 2.x Daemon KuRuPTioN (Jan 23)
- Re: SSH 1.x and 2.x Daemon Jan B. Koum (Jan 24)
- Re: SSH 1.x and 2.x Daemon Linux Mailing Lists (Jan 25)
- Re: SSH 1.x and 2.x Daemon KuRuPTioN (Jan 25)
- Re: backdoored tcp wrapper source code John Stange (Jan 23)
- Re: SSH 1.x and 2.x Daemon Alan Olsen (Jan 24)
- baynetworks router DoS Virsoft (Jan 25)
- Re: baynetworks router DoS Neale Banks (Jan 26)
- 2.2.0 SECURITY (fwd) Aaron Lehmann (Jan 26)
- IBM CICS Universal Client 3.x Rude Yak (Jan 27)
- Re: SSH 1.x and 2.x Daemon Yutaka OIWA (Jan 25)
- Call for Papers: UNIX AND WINDOWS NT Fred Donck (Jan 25)
- New IE4 privacy issue aleph1 () UNDERGROUND ORG (Jan 25)