ssh and root on 4.10 = password discovery (maybe)
Tig
tigger at onemoremonkey.com
Wed Jul 21 02:34:52 PDT 2004
Hello. I'm not 100% sure if this is a configuration error on my side or
a 'bad idea' on sshd/FreeBSD sides.
A remote root ssh connection to a FreeBSD 4.10 server (with no remote
root access) will allow you to 'work out' the root password. However, if
you try the same against 5.2.1 FreeBSD, you have little chance. The
following are pretty clear examples.
If this is a config mistake on my side, please let me know as I have
clearly done something wrong.
Correct root password - 4.10
tigger at piglet:~% ssh root at 4.10-FreeBSD
Password:
Connection to 4.10-FreeBSD closed by remote host.
Connection to 4.10-FreeBSD closed.
tigger at piglet:~%
Incorrect root password - 4.10
tigger at piglet:~% ssh root at 4.10-FreeBSD
Password:
Password:
Password:
root at lilypie.com's password:
Permission denied, please try again.
root at lilypie.com's password:
Permission denied, please try again.
root at lilypie.com's password:
Permission denied (publickey,password,keyboard-interactive).
tigger at piglet:~%
Correct root password - 5.2.1
tigger at piglet:~% ssh root at 5.2.1-FreeBSD
Password:
Password:
Password:
root at eeeor.goo's password:
Permission denied, please try again.
root at eeeor.goo's password:
Permission denied, please try again.
root at eeeor.goo's password:
Permission denied (publickey,password,keyboard-interactive).
More information about the freebsd-security
mailing list