MD5 password confirmation fails after update to OpenSSH 3.3 on SuSE 7.3
Hello, this morning I updated all linux servers running SuSE 7.3 to OpenSSH 3.3. Now I am not able to login via ssh anymore - password confirmation fails. First I tought, that sshd is not allowed to read /etc/shadow, but this was not the case. "harden_suse" made my /etc/shadow passwords be encrypted with MD5. After adding a new user with yast the new user's password was only DES encrypted. With this user I am able to login, with users who has got MD5 encrypted passwords I'm not able to login via ssh. Am I right, that the new sshd has got problems with MD5 password? What can I do now? Regards, Thomas
On Wed, 26 Jun 2002, Thomas Föcking wrote:
Hello,
Am I right, that the new sshd has got problems with MD5 password? What can I do now?
Hi, I am not quite sure with this, and as I at the moment have no access to a linux machine can't confirm, but probably harden_suse hasn't set the pam config for sshd or you installed the new version after the harden_suse run so the installation overwrote the pam file. It's just a try, but look into /etc/pam.d/sshd if md5 is enabled. Michael Schmidt Icewolf
"Thomas" == Thomas Föcking <t.foecking@kreis-borken.de> writes:
Thomas> Hello, this morning I updated all linux servers running SuSE Thomas> 7.3 to OpenSSH 3.3. Now I am not able to login via ssh Thomas> anymore - password confirmation fails. I was having the same problem w/ 3.4p1 based on suse's 3.3p1 srpm. I first tried adding --with-md5-passwords to the configure call in the openssh spec file. When that failed I grabbed the 8.0 srpms for pam and rebuild those. Now it works. For the pam update, running: rpm --rebuild pam-modules-2002.3.9-31.src.rpm works fine, but pam-0.75-199.src.rpm needs a bit of a tweak. I kludged it differently, but this process ought to succeed: # save the below-inlined patch to a file FOOBAR rpm -i pam-0.75-199.src.rpm cd /usr/src/packages/SOURCES patch --verbose <FOOBAR cd ../SPECS rpm -bb pam.spec (replace FOOBAR of course with the full path to whatever filename you like). The below diff allows the srpm to build in the case where the BUILD directory is on a different mountpoint than the temp install dir. (The details of this have already been sent to SuSE.) -JimC
participants (3)
-
James H. Cloos Jr.
-
Michael Schmidt
-
Thomas Föcking