[Summary] configuring sshd's password request line

From: Chris Hoogendyk <hoogendyk_at_bio.umass.edu>
Date: Tue Oct 05 2010 - 15:11:04 EDT
  Of the several suggestions, the correct answer (from Christopher Barnard and John Stoffel) is that 
the sshd versions on the servers are different. It seems the password request line is embedded in 
sshd. Openssh, linux distributions, and older Sun SSH versions of openssh give the username and 
fully qualified machine name when asking for the password. More recent distributions from Sun have 
removed that and simply ask for the password.

In my case, Solaris 9 servers with

      # ssh -V
      SSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0.

disclosed username and machine information when asking for the password.

Solaris 9 and 10 servers with

      # ssh -V
      Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f     or
      Sun_SSH_1.1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

did not.


I presume it's a security issue, since it "discloses information." However, it would seem that 
whoever is trying to ssh to the machine with that user name already has that information. For 
example, if I ssh to ralph at one of my servers, the result is

      ralph@node.network's password:

even though the user ralph does not exist. So, it's neither confirming nor denying, but rather 
simply reflecting back what the other end submitted.


Anyway, it seems final confirmation of the answer to my question comes from the source code, where I 
found in sshconnect2.c the following:

         snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
             authctxt->server_user, host);

That's for openssh-5.6p1.




-- 
---------------

Chris Hoogendyk

-
    O__  ---- Systems Administrator
   c/ /'_ --- Biology&  Geology Departments
  (*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst

<hoogendyk@bio.umass.edu>

---------------

Erdvs 4






-------- Original Message --------

Subject: 	configuring sshd's password request line
Date: 	Wed, 29 Sep 2010 14:31:19 -0400
From: 	Chris Hoogendyk <hoogendyk@bio.umass.edu>
To: 	Sun Managers List <sunmanagers@sunmanagers.org>



This is silly. I have quite a few Solaris 9 and 10 systems on SPARC from E250 to T5220. When I ssh
to most of them, I get the /etc/issue that I made and then a simple "Password: " request. On a few
of them, I get the /etc/issue and then the password request line of the form
"username@node.network's password: ".

I picked out two Solaris 9 on E250 systems that exhibit this difference, and went through everything
in /etc/ssh/sshd_config and /etc/defaults/* trying to find what was different and where I could
control that. It's probably something I did in setting them up. But, I've forgotten, if so, and I
couldn't find anything different about the two systems in those configuration files. They happen to
be somewhat different in patch levels:

SunOS mormyrid 5.9 Generic_118558-35 sun4u sparc SUNW,Ultra-250
SunOS snapper 5.9 Generic_118558-11 sun4u sparc SUNW,Ultra-250

But I'm stuck and my google fu has failed me as well.

Where is the magic that will change that? And perhaps the appropriate man page or documentation with
details?


TIA

--
---------------

Chris Hoogendyk

-
    O__  ---- Systems Administrator
   c/ /'_ --- Biology&  Geology Departments
  (*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst

<hoogendyk@bio.umass.edu>

---------------

Erdvs 4

_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Oct 5 15:12:14 2010

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:17 EST