MD5->Blowfish method break openssh's authentication
sfaulborn at web.de
Mon Jun 25 02:53:43 PDT 2007
>On 6/23/07, Robert Connolly <robert at linuxfromscratch.org <http://linuxfromscratch.org/mailman/listinfo/hlfs-dev>> wrote:
>>/ I don't recall ever personally using libxcrypt with openssh, but I do remember
/>>/ someone emailing me about a function name conflict (openssh also has it's own
/>>/ xcrypt() function), and they got it to work with some minor modifications.
>Now that may be the heart of the problem, I will look into this xcrypt
You don't need a patch for OpenSSH to work with libxcrypt. OpenSSH calls internally
when logging in using passwords a function called xcrypt() which calls crypt() from
libcrypt. Since the include file of libcrypt is symlinked to libxcrypt and the
include file from libxcrypt defines crypt() as xcrypt(), OpenSSH ends up calling
xcrypt() in a recursive loop until the stack overflows ("#define crypt xcrypt").
Since no application I know of uses the xcrypt functions from crypt.h (they can from
xcrypt.h), you simply need to rename the defines in the include file of libcrypt:
1) remove the symlink /usr/include/crypt.h -> xcrypt.h (if it exists)
2a) copy xcrypt.h -> crypt.h
in crypt.h change...
2b) change the defines:
3) put comments in front of all defines of the following form:
#define crypt xcrypt
//#define crypt xcrypt
4) rename all functions which contain an "x" in its name:
extern char *xcrypt (__const char *__key, __const char *__salt) __THROW;
extern char *crypt (__const char *__key, __const char *__salt) __THROW;
5) now recompile OpenSSH and it should work
Note: all changes are done after libxcrypt has been compiled. I am using
Hope this helps!
More information about the hlfs-dev