From: Darryl Cook (dlc@cs.appstate.edu)
Date: Tue May 21 2002 - 16:54:46 EDT
Well I backed out all of the patches and ssh now works again.......I then reinstalled patches about 30 at a time and it quit again. I finally
narrowed it down to 2 that were the problem..It was either the one that fixed a ksh hand or one that dealt with Enhanced Security and I have a
feeling the last is the problem...
Well onto problem 2.....apparently a patch also overwrote the /var/yp/src/prpasswd file..well it overwrote part of it anyway. It inserted
Patch info at the top and seems to have corrupted all of the NIS passwords. Ill attach the part of the prpasswd file that it inserted...( I wont
include the rest of the prpasswd file :-) It appears that if I change the passwd of the user then they are ok again. I read in the prpasswd
file from a backup but even after doing a make passwd it still dont recognize the nis users until the password has been changed. Not sure why
really? Arent the nis passwords stored in the prpasswd file?
darryl
Darryl Cook wrote:
> I sent this to the ssh list since I didnt get any responses from this
> one.....maybe this will help jog someones memory :-)
>
> ------------------------------------------------------------------------
>
> Subject: ssh login not working after system patches applied
> Date: Tue, 21 May 2002 08:56:24 -0400
> From: Darryl Cook <dlc@cs.appstate.edu>
> To: ssh <secureshell@securityfocus.com>, dlc@cs.appstate.edu
>
> Hello,
>
> I installed patch kit 5 on an ES40 Tru64 version 5.1 machine and suddenly my ssh isnt working anymore. I can telnet into the machine fine.
> I can ssh out to other machines fine. After a day of work I decided to go ahead and upgrade to the latest version (3.2.2p1) and upgraded ssl
> to 0.9.6d. Same thing.....
>
> I can ssh in as long as I enter a passphrase to use but if I try to let the system prompt me for a password everything breaks. I see in the
> logs that my password is being accepted and on the screen I see the messages which tell me the last successful login and the last
> unsuccessful login but then the session is disconnected.
>
> ssh was compiled with configure --with-local-path=/usr/local --with-tcp-wrappers --with-ssl-dir=/usr/local/ssl
>
> below the ssh_config and the sshd_config files are attached.........
>
> thanks for any help,
> darryl cook
>
> ------------------------------------------------------------------------
> # $OpenBSD: ssh_config,v 1.12 2002/01/16 17:55:33 stevesk Exp $
>
> # This is the ssh client system-wide configuration file. See ssh(1)
> # for more information. This file provides defaults for users, and
> # the values can be changed in per-user configuration files or on the
> # command line.
>
> # Configuration data is parsed as follows:
> # 1. command line options
> # 2. user-specific file
> # 3. system-wide file
> # Any configuration value is only changed the first time it is set.
> # Thus, host-specific definitions should be at the beginning of the
> # configuration file, and defaults at the end.
>
> # Site-wide defaults for various options
>
> # Host *
> ForwardAgent no
> ForwardX11 no
> RhostsAuthentication no
> RhostsRSAAuthentication yes
> RSAAuthentication yes
> PasswordAuthentication yes
> FallBackToRsh no
> UseRsh no
> BatchMode no
> # CheckHostIP yes
> StrictHostKeyChecking ask
> IdentityFile ~/.ssh/identity
> IdentityFile ~/.ssh/id_rsa
> IdentityFile ~/.ssh/id_dsa
> Port 22
> Protocol 2,1
> Cipher blowfish
> Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
> # EscapeChar ~
>
> ------------------------------------------------------------------------
> # $OpenBSD: sshd_config,v 1.53 2002/05/15 21:02:53 markus Exp $
>
> # This is the sshd server system-wide configuration file. See sshd(8)
> # for more information.
>
> # This sshd was compiled with PATH=/usr/local
>
> # The strategy used for options in the default sshd_config shipped with
> # OpenSSH is to specify options with their default value where
> # possible, but leave them commented. Uncommented options change a
> # default value.
>
> Port 22
> Protocol 2,1
> ListenAddress 0.0.0.0
> #ListenAddress ::
>
> # HostKey for protocol version 1
> HostKey /usr/local/etc/ssh_host_key
> # HostKeys for protocol version 2
> HostKey /usr/local/etc/ssh_host_rsa_key
> HostKey /usr/local/etc/ssh_host_dsa_key
>
> # Lifetime and size of ephemeral version 1 server key
> KeyRegenerationInterval 3600
> ServerKeyBits 768
>
> # Logging
> #obsoletes QuietMode and FascistLogging
> SyslogFacility AUTH
> LogLevel INFO
>
> # Authentication:
>
> LoginGraceTime 600
> PermitRootLogin yes
> StrictModes yes
>
> RSAAuthentication yes
> PubkeyAuthentication no
> AuthorizedKeysFile .ssh/authorized_keys
>
> # rhosts authentication should not be used
> RhostsAuthentication no
> # Don't read the user's ~/.rhosts and ~/.shosts files
> IgnoreRhosts yes
> # For this to work you will also need host keys in /usr/local/etc/ssh_known_hosts
> RhostsRSAAuthentication yes
> # similar for protocol version 2
> HostbasedAuthentication yes
> # Change to yes if you don't trust ~/.ssh/known_hosts for
> # RhostsRSAAuthentication and HostbasedAuthentication
> IgnoreUserKnownHosts no
>
> # To disable tunneled clear text passwords, change to no here!
> PasswordAuthentication yes
> PermitEmptyPasswords no
>
> # Change to no to disable s/key passwords
> # ChallengeResponseAuthentication yes
>
> # Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
>
> #AFSTokenPassing no
>
> # Kerberos TGT Passing only works with the AFS kaserver
> #KerberosTgtPassing no
>
> # Set this to 'yes' to enable PAM keyboard-interactive authentication
> # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
> #PAMAuthenticationViaKbdInt yes
>
> X11Forwarding no
> X11DisplayOffset 10
> X11UseLocalhost yes
> PrintMotd yes
> PrintLastLog yes
> KeepAlive yes
> UseLogin no
> UsePrivilegeSeparation no
>
> MaxStartups 10
> # no default banner path
> #Banner /some/path
> #VerifyReverseMapping no
>
> # override default of no subsystems
> Subsystem sftp /usr/local/libexec/sftp-server
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:42 EDT