MD5->Blowfish method break openssh's authentication

Kevin Day thekevinday at gmail.com
Fri Jun 22 15:06:14 PDT 2007


Okay, based on your tutorials, I got myself a working machine that
uses working blowfish passwords, without Linux-PAM installed.

Tested with the following combinations gcc-3.4.6, gcc-4.1.2,
gcc-4.2.0, uclibc-0.9.28.3, uclibc-0.9.29, and 3 different versions of
openssh (4.4p2, 4.5p1, 4.6p1). (I hoped to rule out both the libc, the
compiler, and openssh)

I cannot get openssh to allow me to login to a system, no matter how hard I try.

I can still log in using keys (ssh-keygen -d ; cp -v
~/.ssh/{id_dsa.pub,authorized_keys}), bypassing the blowfish password
check.

I removed the symlinks from libcrypt.so to libxcrypt.so and the
include/crypt.h symlink to xcrypt.h.  I then reinstalled the openssh
and changed my shadow file password to an MD5.  Once this was done,
everything worked.

I believe I had problems even when the password was MD5, while under
the xcrypt libraries.

You say that the openssh should work?

I believe that openssh needs to be patched to get blowfish password
support working properly.

Any Ideas/Help?

-- 
Kevin Day



More information about the hlfs-dev mailing list