| View previous topic :: View next topic |
| Author |
Message |
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
 Posted: Fri Dec 05, 2008 7:12 pm Post subject: Only first 8 characters of password are checked with ssh! |
 |
|
Hi all,
A problem on a box of mine here... When I ssh in only the first 8 characters of my password are checked. As long as those are correct, I get in (no matter what the 9th-nth character are that I enter...)
ssh seems to be the only authentication having this problem at the moment. When I for example use 'su', my entire password has to be correct...
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
 |
DrWilken
Apprentice
Joined: 12 Dec 2003
Posts: 219
Location: Oelsted ("BeerPlace"), Denmark
|
| Posted: Mon Dec 08, 2008 3:04 pm Post subject: |
|
|
Are You using PAM authentication with SSH...?
Please post Your /etc/pam.d/sshd file and also Your /etc/ssh/sshd_config file... 
Also try running this:
| Code: |
# grep PASS_MAX_LEN /etc/login.defs
|
_________________
-=[DrWilken]=-
ASUS AT5IONT-I (64bit Dual Core Atom D525 processor with Nvidia ION(2) GPU) running Gentoo Linux... Latest and Greatest...
tux-power.dk |
|
| Back to top |
|
|
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
| Posted: Mon Dec 08, 2008 6:41 pm Post subject: |
|
|
/etc/pam.d/sshd:
| Code: | auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login |
/etc/ssh/sshd_config:
| Code: | Protocol 2
PermitRootLogin no
PasswordAuthentication no
UsePAM yes
Subsystem sftp /usr/lib64/misc/sftp-server
DenyGroups deniedssh |
grep PASS_MAX_LEN /etc/login.defs:
| Code: | | #PASS_MAX_LEN 8 (NOT SUPPORTED WITH PAM) |
Does this shed more light on my problem?
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
|
DrWilken
Apprentice
Joined: 12 Dec 2003
Posts: 219
Location: Oelsted ("BeerPlace"), Denmark
|
| Posted: Mon Dec 08, 2008 6:47 pm Post subject: |
|
|
| meulie wrote: | /etc/pam.d/sshd:
| Code: | auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login |
/etc/ssh/sshd_config:
| Code: | Protocol 2
PermitRootLogin no
PasswordAuthentication no
UsePAM yes
Subsystem sftp /usr/lib64/misc/sftp-server
DenyGroups deniedssh |
grep PASS_MAX_LEN /etc/login.defs:
| Code: | | #PASS_MAX_LEN 8 (NOT SUPPORTED WITH PAM) |
Does this shed more light on my problem? |
Sadly... No... 
_________________
-=[DrWilken]=-
ASUS AT5IONT-I (64bit Dual Core Atom D525 processor with Nvidia ION(2) GPU) running Gentoo Linux... Latest and Greatest...
tux-power.dk |
|
| Back to top |
|
|
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
| Posted: Fri Dec 19, 2008 11:53 am Post subject: |
|
|
Anyone?
I would like my system as secure as possible, and this limited password check is not helping... 
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
|
vaguy02
Guru
Joined: 25 Feb 2005
Posts: 424
Location: Hopefully in one place
|
| Posted: Fri Dec 19, 2008 1:57 pm Post subject: |
|
|
Are you using DES challenge-response for SSH? I vaguely remember something about DES C-R only accepting up to 8 characters but I could be wrong...... I will google a little bit and write back.
_________________
Linux Registered User #458185
Intel Quad-Core w/ 4gigs Ram w/ 8800 GTX - Windows 7 RC
2x (Intel Dual-Core w/ 2gigs Ram - Gentoo)
Mac G5 Dual-Core w/ 2gigs Ram - OS 10.5 |
|
| Back to top |
|
|
vaguy02
Guru
Joined: 25 Feb 2005
Posts: 424
Location: Hopefully in one place
|
| Posted: Fri Dec 19, 2008 2:01 pm Post subject: |
|
|
Yep, DES only supports 8 characters.
| Quote: | | No more than 8 characters - extras are ignored |
http://www.hackinglinuxexposed.com/articles/20030323.html
_________________
Linux Registered User #458185
Intel Quad-Core w/ 4gigs Ram w/ 8800 GTX - Windows 7 RC
2x (Intel Dual-Core w/ 2gigs Ram - Gentoo)
Mac G5 Dual-Core w/ 2gigs Ram - OS 10.5 |
|
| Back to top |
|
|
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
| Posted: Fri Dec 19, 2008 2:48 pm Post subject: |
|
|
How do I make it more secure?
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
|
outermeasure
Apprentice
Joined: 26 Nov 2008
Posts: 194
Location: ping6 ff02::1
|
| Posted: Sat Dec 20, 2008 3:41 am Post subject: |
|
|
| meulie wrote: | | How do I make it more secure? |
Use Public Key Authentication instead... |
|
| Back to top |
|
|
desultory
Bodhisattva
Joined: 04 Nov 2005
Posts: 9410
|
| Posted: Sat Dec 20, 2008 5:54 am Post subject: |
|
|
| Even better in addition. |
|
| Back to top |
|
|
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
| Posted: Sat Dec 20, 2008 9:43 am Post subject: |
|
|
What is the default/recommended config that ships with Gentoo nowadays?
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
|
|
Networking & Security
