MD5->Blowfish method break openssh's authentication

Sebastian Faulborn sfaulborn at web.de
Mon Jun 25 02:53:43 PDT 2007


>On 6/23/07, Robert Connolly <robert at linuxfromscratch.org <http://linuxfromscratch.org/mailman/listinfo/hlfs-dev>> wrote:
>>/ I don't recall ever personally using libxcrypt with openssh, but I do remember
/>>/ someone emailing me about a function name conflict (openssh also has it's own
/>>/ xcrypt() function), and they got it to work with some minor modifications.
/>>/
/>
>Now that may be the heart of the problem, I will look into this xcrypt
>openssh function.
>
>-- 
>Kevin Day

You don't need a patch for OpenSSH to work with libxcrypt. OpenSSH calls internally
when logging in using passwords a function called xcrypt() which calls crypt() from
libcrypt. Since the include file of libcrypt is symlinked to libxcrypt and the 
include file from libxcrypt defines crypt() as xcrypt(), OpenSSH ends up calling 
xcrypt() in a recursive loop until the stack overflows ("#define crypt xcrypt").

Since no application I know of uses the xcrypt functions from crypt.h (they can from
xcrypt.h), you simply need to rename the defines in the include file of libcrypt:

1) remove the symlink /usr/include/crypt.h -> xcrypt.h (if it exists)
2a) copy xcrypt.h -> crypt.h

in crypt.h change...
2b) change the defines:
    #ifndef _XCRYPT_H
    #define _XCRYPT_H
    ->
    #ifndef _CRYPT_H
    #define _CRYPT_H
3) put comments in front of all defines of the following form:
   #define crypt xcrypt
   -> 
   //#define crypt xcrypt
4) rename all functions which contain an "x" in its name:
   extern char *xcrypt (__const char *__key, __const char *__salt) __THROW;
   ->
   extern char *crypt (__const char *__key, __const char *__salt) __THROW;
5) now recompile OpenSSH and it should work

Note: all changes are done after libxcrypt has been compiled. I am using 
libxcrypt V2.4.

Hope this helps!

Sebastian Faulborn
Homepage: http://www.secure-slinux.org






More information about the hlfs-dev mailing list