MD5->Blowfish method break openssh's authentication

Kevin Day thekevinday at
Mon Jun 25 19:52:39 PDT 2007

On 6/25/07, Sebastian Faulborn <sfaulborn at> wrote:
> >On 6/23/07, Robert Connolly <robert at <>> wrote:
> >>/ I don't recall ever personally using libxcrypt with openssh, but I do remember
> />>/ someone emailing me about a function name conflict (openssh also has it's own
> />>/ xcrypt() function), and they got it to work with some minor modifications.
> />>/
> />
> >Now that may be the heart of the problem, I will look into this xcrypt
> >openssh function.
> >
> >--
> >Kevin Day
> You don't need a patch for OpenSSH to work with libxcrypt. OpenSSH calls internally
> when logging in using passwords a function called xcrypt() which calls crypt() from
> libcrypt. Since the include file of libcrypt is symlinked to libxcrypt and the
> include file from libxcrypt defines crypt() as xcrypt(), OpenSSH ends up calling
> xcrypt() in a recursive loop until the stack overflows ("#define crypt xcrypt").
> Since no application I know of uses the xcrypt functions from crypt.h (they can from
> xcrypt.h), you simply need to rename the defines in the include file of libcrypt:
> 1) remove the symlink /usr/include/crypt.h -> xcrypt.h (if it exists)
> 2a) copy xcrypt.h -> crypt.h
> in crypt.h change...
> 2b) change the defines:
>     #ifndef _XCRYPT_H
>     #define _XCRYPT_H
>     ->
>     #ifndef _CRYPT_H
>     #define _CRYPT_H
> 3) put comments in front of all defines of the following form:
>    #define crypt xcrypt
>    ->
>    //#define crypt xcrypt
> 4) rename all functions which contain an "x" in its name:
>    extern char *xcrypt (__const char *__key, __const char *__salt) __THROW;
>    ->
>    extern char *crypt (__const char *__key, __const char *__salt) __THROW;
> 5) now recompile OpenSSH and it should work
> Note: all changes are done after libxcrypt has been compiled. I am using
> libxcrypt V2.4.
> Hope this helps!
> Sebastian Faulborn
> Homepage:

Just beautiful. Worked flawlessly and effortlessly.
Thanks for the info, I can now use blowfish via openssh!

when you get a chance, robert, please update this on the hint

Kevin Day

More information about the hlfs-dev mailing list