MD5 password confirmation fails after update to OpenSSH 3.3 on SuSE 7.3
Hello, this morning I updated all linux servers running SuSE 7.3 to OpenSSH 3.3. Now I am not able to login via ssh anymore - password confirmation fails. First I tought, that sshd is not allowed to read /etc/shadow, but this was not the case. "harden_suse" made my /etc/shadow passwords be encrypted with MD5. After adding a new user with yast the new user's password was only DES encrypted. With this user I am able to login, with users who has got MD5 encrypted passwords I'm not able to login via ssh. Am I right, that the new sshd has got problems with MD5 password? What can I do now? Regards, Thomas
On Wed, 26 Jun 2002, Thomas Föcking wrote:
Hello,
Am I right, that the new sshd has got problems with MD5 password? What can I do now?
Hi, I am not quite sure with this, and as I at the moment have no access to a linux machine can't confirm, but probably harden_suse hasn't set the pam config for sshd or you installed the new version after the harden_suse run so the installation overwrote the pam file. It's just a try, but look into /etc/pam.d/sshd if md5 is enabled. Michael Schmidt Icewolf
"Thomas" == Thomas Föcking
writes:
Thomas> Hello, this morning I updated all linux servers running SuSE
Thomas> 7.3 to OpenSSH 3.3. Now I am not able to login via ssh
Thomas> anymore - password confirmation fails.
I was having the same problem w/ 3.4p1 based on suse's 3.3p1 srpm. I
first tried adding --with-md5-passwords to the configure call in the
openssh spec file. When that failed I grabbed the 8.0 srpms for pam
and rebuild those. Now it works.
For the pam update, running:
rpm --rebuild pam-modules-2002.3.9-31.src.rpm
works fine, but pam-0.75-199.src.rpm needs a bit of a tweak. I
kludged it differently, but this process ought to succeed:
# save the below-inlined patch to a file FOOBAR
rpm -i pam-0.75-199.src.rpm
cd /usr/src/packages/SOURCES
patch --verbose
participants (3)
-
James H. Cloos Jr.
-
Michael Schmidt
-
Thomas Föcking