Re: Clue on sshdump w/special characters in passwords

[Jeff Morriss <jeff.morriss.ws () gmail com>]

If this reflects what was actually sent on the command line:
--remote-password XXXXXXXXXX

then it sounds like a quoting problem to me. That is, it should be:
--remote-password "XXXXXXXXX"

I'd suggest opening a bug report: https://bugs.wireshark.org

On Fri, Jul 31, 2020 at 7:49 AM Jason Lixfeld <jason+wireshark () lixfeld ca>
wrote:

> Hi,
>
> No, ‘X’ is what the debug logger obfuscates the password to.  A special
> character could be, for example, one that is returned when you hold shift
> and hit one of the top row of numbers on your keyboard (US layout).
>
> Sent from a mobile device
>
> > On Jul 31, 2020, at 7:34 AM, Jaap Keuter <jaap.keuter () xs4all nl> wrote:
> >
> > Hi,
> >
> > I recon ‘X’ is not a special character, so what did you consider special
> in this context?
> > Thanks,
> > Jaap
> >
> > > On 30 Jul 2020, at 22:38, Jason Lixfeld <jason+wireshark () lixfeld ca>
> wrote:
> > > Hi,
> > >
> > > I’m wondering if anyone has some clue on a sshdump GUI oddity.  The
> attempt to start the sshdump always seems to result in an authentication
> failure when a special character is used in the password:
> > > Error by extcap pipe:
> > > ** (process:27640): WARNING **: Error creating connection.
> > >
> > > ** (process:27640): WARNING **: Can't find a valid authentication.
> Disconnecting.
> > > jlixfeld@BlackBox Desktop % more wireshark-debug.txt
> > > cmdline: /Applications/Wireshark.app/Contents/MacOS/extcap/sshdump
> --capture --extcap-interface sshdump --fifo
> /var/folders/ht/pffb_rd133jd1x12w50hdzcr0000gn/T//wireshark_extcap_sshdump_20200730163607_gRRHD2
> --remote-capture-command bash /sbin/tcpdump -i mirror0 -w - --debug-file
> /Users/jlixfeld/Desktop/wireshark-debug.txt --remote-host 192.168.57.108
> --remote-port 22 --remote-password XXXXXXXXXX --remote-username jlixfeld
> --debug
> > > [ssh_connect] ssh_connect: libssh 0.9.0 (c) 2003-2019 Aris
> Adamantiadis, Andreas Schneider and libssh contributors. Distributed under
> the LGPL, please refer to COPYING file for information about your rights,
> using threading threads_pthread
> > > [ssh_socket_connect] ssh_socket_connect: Nonblocking connection socket:
> 5
> > > [ssh_connect] ssh_connect: Socket connecting, now waiting for the
> callbacks to work
> > > [socket_callback_connected] socket_callback_connected: Socket
> connection callback: 1 (0)
> > > [ssh_client_connection_callback] ssh_client_connection_callback: SSH
> server banner: SSH-2.0-OpenSSH_7.8
> > > [ssh_analyze_banner] ssh_analyze_banner: Analyzing banner:
> SSH-2.0-OpenSSH_7.8
> > > [ssh_analyze_banner] ssh_analyze_banner: We are talking to an OpenSSH
> client version: 7.8 (70800)
> > > [ssh_known_hosts_read_entries] ssh_known_hosts_read_entries: Failed to
> open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or
> directory
> > > [ssh_kex_select_methods] ssh_kex_select_methods: Negotiated
> curve25519-sha256 () libssh org,ecdsa-sha2-nistp521,aes256-gcm () openssh com,
> aes256-gcm () openssh com,hmac-sha2-256-etm () openssh com,
> hmac-sha2-256-etm () openssh com,none,none,,
> > > [ssh_init_rekey_state] ssh_init_rekey_state: Set rekey after 4294967296
> blocks
> > > [ssh_init_rekey_state] ssh_init_rekey_state: Set rekey after 4294967296
> blocks
> > > [ssh_packet_client_curve25519_reply]
> ssh_packet_client_curve25519_reply: SSH_MSG_NEWKEYS sent
> > > [ssh_packet_newkeys] ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
> > > [ssh_packet_newkeys] ssh_packet_newkeys: Signature verified and valid
> > > [ssh_agent_get_ident_count] ssh_agent_get_ident_count: Answer type: 12,
> expected answer: 12
> > > [ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: Error opening
> /Users/jlixfeld/.ssh/id_ed25519.pub: No such file or directory
> > > [ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error
> opening /Users/jlixfeld/.ssh/id_ed25519: No such file or directory
> > > [ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: Error opening
> /Users/jlixfeld/.ssh/id_ecdsa.pub: No such file or directory
> > > [ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error
> opening /Users/jlixfeld/.ssh/id_ecdsa: No such file or directory
> > > [ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access
> denied for 'publickey'. Authentication that can continue:
> publickey,keyboard-interactive
> > > [ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access
> denied for 'publickey'. Authentication that can continue:
> publickey,keyboard-interactive
> > > [ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: Error opening
> /Users/jlixfeld/.ssh/id_dsa.pub: No such file or directory
> > > [ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error
> opening /Users/jlixfeld/.ssh/id_dsa: No such file or directory
> > > [ssh_userauth_publickey_auto] ssh_userauth_publickey_auto: Tried every
> public key, none matched
> > > [ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access
> denied for 'password'. Authentication that can continue:
> publickey,keyboard-interactive
> > > [ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access
> denied for 'password'. Authentication that can continue:
> publickey,keyboard-interactive
> > > jlixfeld@BlackBox Desktop %
> > >
> > > Is there some magic required to use special characters in passwords?
> > >
> > > macOS Catalina
> > > Wireshark 3.0.12
> > >
> > > Thanks in advance!
> ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org
> >
> > Archives:    https://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
> >             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe