Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Clue on sshdump w/special characters in passwords

From: Jason Lixfeld <jason+wireshark () lixfeld ca>
Date: Fri, 31 Jul 2020 10:31:24 -0400
Although this particular example wasn’t on the command line, I tried it on the command line previously, both quoted and 
escaped, neither seemed to work.

I will open a bug report.  Thank you.


On Jul 31, 2020, at 10:28 AM, Jeff Morriss <jeff.morriss.ws () gmail com> wrote:

If this reflects what was actually sent on the command line:
--remote-password XXXXXXXXXX 

then it sounds like a quoting problem to me. That is, it should be:
--remote-password "XXXXXXXXX"

I'd suggest opening a bug report: https://bugs.wireshark.org <https://bugs.wireshark.org/>

On Fri, Jul 31, 2020 at 7:49 AM Jason Lixfeld <jason+wireshark () lixfeld ca <mailto:jason%2Bwireshark () lixfeld 
ca>> wrote:
Hi,

No, ‘X’ is what the debug logger obfuscates the password to.  A special character could be, for example, one that is 
returned when you hold shift and hit one of the top row of numbers on your keyboard (US layout).

Sent from a mobile device


On Jul 31, 2020, at 7:34 AM, Jaap Keuter <jaap.keuter () xs4all nl <mailto:jaap.keuter () xs4all nl>> wrote:

Hi,

I recon ‘X’ is not a special character, so what did you consider special in this context?

Thanks,
Jaap


On 30 Jul 2020, at 22:38, Jason Lixfeld <jason+wireshark () lixfeld ca <mailto:jason%2Bwireshark () lixfeld ca>> 
wrote:

Hi,

I’m wondering if anyone has some clue on a sshdump GUI oddity.  The attempt to start the sshdump always seems to 
result in an authentication failure when a special character is used in the password:

Error by extcap pipe:
** (process:27640): WARNING **: Error creating connection.

** (process:27640): WARNING **: Can't find a valid authentication. Disconnecting.

jlixfeld@BlackBox Desktop % more wireshark-debug.txt
cmdline: /Applications/Wireshark.app/Contents/MacOS/extcap/sshdump --capture --extcap-interface sshdump --fifo 
/var/folders/ht/pffb_rd133jd1x12w50hdzcr0000gn/T//wireshark_extcap_sshdump_20200730163607_gRRHD2 
--remote-capture-command bash /sbin/tcpdump -i mirror0 -w - --debug-file 
/Users/jlixfeld/Desktop/wireshark-debug.txt --remote-host 192.168.57.108 --remote-port 22 --remote-password 
XXXXXXXXXX --remote-username jlixfeld --debug
[ssh_connect] ssh_connect: libssh 0.9.0 (c) 2003-2019 Aris Adamantiadis, Andreas Schneider and libssh 
contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using 
threading threads_pthread
[ssh_socket_connect] ssh_socket_connect: Nonblocking connection socket: 5
[ssh_connect] ssh_connect: Socket connecting, now waiting for the callbacks to work
[socket_callback_connected] socket_callback_connected: Socket connection callback: 1 (0)
[ssh_client_connection_callback] ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_7.8
[ssh_analyze_banner] ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_7.8
[ssh_analyze_banner] ssh_analyze_banner: We are talking to an OpenSSH client version: 7.8 (70800)
[ssh_known_hosts_read_entries] ssh_known_hosts_read_entries: Failed to open the known_hosts file 
'/etc/ssh/ssh_known_hosts': No such file or directory
[ssh_kex_select_methods] ssh_kex_select_methods: Negotiated curve25519-sha256 () libssh org 
<mailto:curve25519-sha256 () libssh org>,ecdsa-sha2-nistp521,aes256-gcm () openssh com <mailto:aes256-gcm () 
openssh com>,aes256-gcm () openssh com <mailto:aes256-gcm () openssh com>,hmac-sha2-256-etm () openssh com 
<mailto:hmac-sha2-256-etm () openssh com>,hmac-sha2-256-etm () openssh com <mailto:hmac-sha2-256-etm () openssh 
com>,none,none,,
[ssh_init_rekey_state] ssh_init_rekey_state: Set rekey after 4294967296 blocks
[ssh_init_rekey_state] ssh_init_rekey_state: Set rekey after 4294967296 blocks
[ssh_packet_client_curve25519_reply] ssh_packet_client_curve25519_reply: SSH_MSG_NEWKEYS sent
[ssh_packet_newkeys] ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
[ssh_packet_newkeys] ssh_packet_newkeys: Signature verified and valid
[ssh_agent_get_ident_count] ssh_agent_get_ident_count: Answer type: 12, expected answer: 12
[ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: Error opening /Users/jlixfeld/.ssh/id_ed25519.pub: No 
such file or directory
[ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error opening /Users/jlixfeld/.ssh/id_ed25519: No such 
file or directory
[ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: Error opening /Users/jlixfeld/.ssh/id_ecdsa.pub: No such 
file or directory
[ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error opening /Users/jlixfeld/.ssh/id_ecdsa: No such 
file or directory
[ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can 
continue: publickey,keyboard-interactive
[ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can 
continue: publickey,keyboard-interactive
[ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: Error opening /Users/jlixfeld/.ssh/id_dsa.pub: No such 
file or directory
[ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error opening /Users/jlixfeld/.ssh/id_dsa: No such file 
or directory
[ssh_userauth_publickey_auto] ssh_userauth_publickey_auto: Tried every public key, none matched
[ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access denied for 'password'. Authentication that can 
continue: publickey,keyboard-interactive
[ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access denied for 'password'. Authentication that can 
continue: publickey,keyboard-interactive
jlixfeld@BlackBox Desktop %

Is there some magic required to use special characters in passwords?

macOS Catalina
Wireshark 3.0.12

Thanks in advance!


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org <mailto:wireshark-users () wireshark 
org>>
Archives:    https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users 
<https://www.wireshark.org/mailman/options/wireshark-users>
            mailto:wireshark-users-request () wireshark org <mailto:wireshark-users-request () wireshark 
org>?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org <mailto:wireshark-users () wireshark org>>
Archives:    https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users 
<https://www.wireshark.org/mailman/options/wireshark-users>
             mailto:wireshark-users-request () wireshark org <mailto:wireshark-users-request () wireshark 
org>?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: