secuirty bug with /etc/login.access
Sven Pfeifer
sven at yagonna.de
Thu Feb 19 04:31:39 PST 2004
Hi Tig,
Tig <tigger at onemoremonkey.com> wrote:
[...]
> So, I tested it over ssh from a remote box
>
> tigger at piglet:~% ssh ray at sonic.cbnmediaX.com.au
> Password:
> Password:
> Password:
> ray at sonic.cbnmediaX.com.au's password:
> Last login: Sat Feb 14 12:29:45 2004 from dsl-38.226.240.
[...]
> (I'm 100% sure I typed the password correct each time)
> As you can see, I'm denied access each time until the 'ray at sonic...'
> option is presented, then I'm allowed in.
this looks like, you have configured
PasswordAuthentication yes
and
Protocol 2,1
in your servers /etc/ssh/sshd_config. So your client is trying to
authenticate to the _local_ id-File. If this is failing (3 times) then
it tries the PasswordAuthentication at the _remote_ maschine. So i
think you typed in the wrong password for your _local_ id-File and
the fourth time at the "ray at sonic.cbnmediaX.com.au's password:"
prompt you typed in the correct password for user ray at host
sonic.cbnmediX.com.au.
[...]
> -Tig
HTH
Sven
More information about the freebsd-security
mailing list