MD5->Blowfish method break openssh's authentication

Kevin Day thekevinday at gmail.com
Mon Jun 25 19:52:39 PDT 2007


On 6/25/07, Sebastian Faulborn <sfaulborn at web.de> wrote:
> >On 6/23/07, Robert Connolly <robert at linuxfromscratch.org <http://linuxfromscratch.org/mailman/listinfo/hlfs-dev>> wrote:
> >>/ I don't recall ever personally using libxcrypt with openssh, but I do remember
> />>/ someone emailing me about a function name conflict (openssh also has it's own
> />>/ xcrypt() function), and they got it to work with some minor modifications.
> />>/
> />
> >Now that may be the heart of the problem, I will look into this xcrypt
> >openssh function.
> >
> >--
> >Kevin Day
>
> You don't need a patch for OpenSSH to work with libxcrypt. OpenSSH calls internally
> when logging in using passwords a function called xcrypt() which calls crypt() from
> libcrypt. Since the include file of libcrypt is symlinked to libxcrypt and the
> include file from libxcrypt defines crypt() as xcrypt(), OpenSSH ends up calling
> xcrypt() in a recursive loop until the stack overflows ("#define crypt xcrypt").
>
> Since no application I know of uses the xcrypt functions from crypt.h (they can from
> xcrypt.h), you simply need to rename the defines in the include file of libcrypt:
>
> 1) remove the symlink /usr/include/crypt.h -> xcrypt.h (if it exists)
> 2a) copy xcrypt.h -> crypt.h
>
> in crypt.h change...
> 2b) change the defines:
>     #ifndef _XCRYPT_H
>     #define _XCRYPT_H
>     ->
>     #ifndef _CRYPT_H
>     #define _CRYPT_H
> 3) put comments in front of all defines of the following form:
>    #define crypt xcrypt
>    ->
>    //#define crypt xcrypt
> 4) rename all functions which contain an "x" in its name:
>    extern char *xcrypt (__const char *__key, __const char *__salt) __THROW;
>    ->
>    extern char *crypt (__const char *__key, __const char *__salt) __THROW;
> 5) now recompile OpenSSH and it should work
>
> Note: all changes are done after libxcrypt has been compiled. I am using
> libxcrypt V2.4.
>
> Hope this helps!
>
> Sebastian Faulborn
> Homepage: http://www.secure-slinux.org
>
>

Just beautiful. Worked flawlessly and effortlessly.
Thanks for the info, I can now use blowfish via openssh!

when you get a chance, robert, please update this on the hint

-- 
Kevin Day



More information about the hlfs-dev mailing list