publickey authentication broken after SSH-050

Discussion:

publickey authentication broken after SSH-050_A051

(too old to reply)

Ken Connelly

2007-05-11 01:57:04 UTC

$ mu sh/ver
Process Software MultiNet V5.1 Rev A-X, AlphaServer ES40, OpenVMS AXP V7.3-2

I applied SSH-050_A051 this morning on all cluster nodes (separate
MultiNet installations on each) and rebooted the cluster. Tonight, from
home with my laptop, my publickey authentication is not working (I get
prompted for my password). Upon entering that, I gain access to the
system, but have a failed login recorded. ana/aud tells me that an
invalid password was entered, even though I entered my password
correctly and only one time.

I see nothing in the release notes about this topic, nor did I make any
changes to ssh2_dir:sshd2_config.

What am I missing?

- ken

Ken Connelly

2007-05-14 11:07:18 UTC

Permalink

This has been confirmed by Process as a problem, and will be issued a
D/E number and fixed. In the meantime, if you need publickey
authentication (hard to imagine that you don't), do *NOT* install this
patch. As a workaround to regain publickey authentication capabilities,
I did the following:

$ set def multinet:
$ rename/log SSHD.EXE .bad-joojoo
$ rename/log SSHD_MASTER.EXE .bad-joojoo
$ rename/log SSH-KEYGEN.EXE .bad-joojoo
$ rename/log SSH2.EXE .bad-joojoo
$ rename/log SSHD2.EXE .bad-joojoo
$ rename/log SCP2.EXE .bad-joojoo
$ rename/log SFTP-SERVER2.EXE .bad-joojoo
$ rename/log SSH-KEYGEN2.EXE .bad-joojoo
$ rename/log SSH-SIGNER2.EXE .bad-joojoo
$ rename/log SCP-SERVER1.EXE .bad-joojoo
$ rename/log SSH-ADD2.EXE .bad-joojoo
$ rename/log SSH-AGENT2.EXE .bad-joojoo
$ rename/log PUBLICKEY_ASSISTANT.EXE .bad-joojoo
$ rename/log SFTP2.EXE .bad-joojoo
$ rename/log SSHLEI.EXE .bad-joojoo
$ rename/log PUBLICKEY-SERVER.EXE .bad-joojoo
$ rename/log MULTINET.CLD .bad-joojoo
$ rename/log USER.CLD .bad-joojoo
$ rename/log LDAP-PLUGIN.EXE .bad-joojoo
$ rename/log SECURID-PLUGIN.EXE .bad-joojoo
$ rename/log LOAD_SSHLEI.EXE .bad-joojoo
$ rename/log SSH-CERTTOOL.EXE .bad-joojoo
$ rename/log SSH-CERTVIEW.EXE .bad-joojoo
$ rename/log SSH-CMPCLIENT.EXE .bad-joojoo
$ rename/log SSH_ACCPORNAM.EXE .bad-joojoo
$ rename/log SSH_FSCLM.EXE .bad-joojoo
$ rename/log SSH_ZLIB.EXE .bad-joojoo
$ rename/log UCX$IPC_SHR.EXE .bad-joojoo
$ rename/log UNLOAD_SSHLEI.EXE .bad-joojoo
$ set def sys$login

and rebooted.

YMMV and YGWYPF. You have been warned! :-)

-ken

Post by Ken Connelly
$ mu sh/ver
Process Software MultiNet V5.1 Rev A-X, AlphaServer ES40, OpenVMS AXP
V7.3-2
I applied SSH-050_A051 this morning on all cluster nodes (separate
MultiNet installations on each) and rebooted the cluster. Tonight,
from home with my laptop, my publickey authentication is not working
(I get prompted for my password). Upon entering that, I gain access
to the system, but have a failed login recorded. ana/aud tells me
that an invalid password was entered, even though I entered my
password correctly and only one time.
I see nothing in the release notes about this topic, nor did I make
any changes to ssh2_dir:sshd2_config.
What am I missing?
- ken

--
- Ken
=================================================================
Ken Connelly Associate Director, Security and Systems
ITS Network Services University of Northern Iowa
email: ***@uni.edu p: (319) 273-5850 f: (319) 273-7373

Roy Shishido

2007-05-14 22:18:49 UTC

Permalink

Does this mean that there might be an issue with the SSH-010_A052
patch for Multinet 5.2?

Thanks,
Roy

Post by Ken Connelly
This has been confirmed by Process as a problem, and will be issued
a D/E number and fixed. In the meantime, if you need publickey
authentication (hard to imagine that you don't), do *NOT* install
this patch. As a workaround to regain publickey authentication
$ rename/log SSHD.EXE .bad-joojoo
$ rename/log SSHD_MASTER.EXE .bad-joojoo
$ rename/log SSH-KEYGEN.EXE .bad-joojoo
$ rename/log SSH2.EXE .bad-joojoo
$ rename/log SSHD2.EXE .bad-joojoo
$ rename/log SCP2.EXE .bad-joojoo
$ rename/log SFTP-SERVER2.EXE .bad-joojoo
$ rename/log SSH-KEYGEN2.EXE .bad-joojoo
$ rename/log SSH-SIGNER2.EXE .bad-joojoo
$ rename/log SCP-SERVER1.EXE .bad-joojoo
$ rename/log SSH-ADD2.EXE .bad-joojoo
$ rename/log SSH-AGENT2.EXE .bad-joojoo
$ rename/log PUBLICKEY_ASSISTANT.EXE .bad-joojoo
$ rename/log SFTP2.EXE .bad-joojoo
$ rename/log SSHLEI.EXE .bad-joojoo
$ rename/log PUBLICKEY-SERVER.EXE .bad-joojoo
$ rename/log MULTINET.CLD .bad-joojoo
$ rename/log USER.CLD .bad-joojoo
$ rename/log LDAP-PLUGIN.EXE .bad-joojoo
$ rename/log SECURID-PLUGIN.EXE .bad-joojoo
$ rename/log LOAD_SSHLEI.EXE .bad-joojoo
$ rename/log SSH-CERTTOOL.EXE .bad-joojoo
$ rename/log SSH-CERTVIEW.EXE .bad-joojoo
$ rename/log SSH-CMPCLIENT.EXE .bad-joojoo
$ rename/log SSH_ACCPORNAM.EXE .bad-joojoo
$ rename/log SSH_FSCLM.EXE .bad-joojoo
$ rename/log SSH_ZLIB.EXE .bad-joojoo
$ rename/log UCX$IPC_SHR.EXE .bad-joojoo
$ rename/log UNLOAD_SSHLEI.EXE .bad-joojoo
$ set def sys$login
and rebooted.
YMMV and YGWYPF. You have been warned! :-)
-ken

Post by Ken Connelly
$ mu sh/ver
Process Software MultiNet V5.1 Rev A-X, AlphaServer ES40, OpenVMS AXP V7.3-2
I applied SSH-050_A051 this morning on all cluster nodes (separate
MultiNet installations on each) and rebooted the cluster. Tonight,
from home with my laptop, my publickey authentication is not
working (I get prompted for my password). Upon entering that, I
gain access to the system, but have a failed login
recorded. ana/aud tells me that an invalid password was entered,
even though I entered my password correctly and only one time.
I see nothing in the release notes about this topic, nor did I make
any changes to ssh2_dir:sshd2_config.
What am I missing?
- ken

--
- Ken
=================================================================
Ken Connelly Associate Director, Security and Systems
ITS Network Services University of Northern Iowa

Dan O'Reilly

2007-05-14 22:40:23 UTC

Permalink

Not with the patch, but 5.2 by itself can also exhibit this problem. We
will be re-releasing the ECO's within the next day or so with this problem
fixed.

Does this mean that there might be an issue with the SSH-010_A052 patch
for Multinet 5.2?
Thanks,
Roy

This has been confirmed by Process as a problem, and will be issued a D/E
number and fixed. In the meantime, if you need publickey authentication
(hard to imagine that you don't), do *NOT* install this patch. As a
workaround to regain publickey authentication capabilities, I did the
$ rename/log SSHD.EXE .bad-joojoo
$ rename/log SSHD_MASTER.EXE .bad-joojoo
$ rename/log SSH-KEYGEN.EXE .bad-joojoo
$ rename/log SSH2.EXE .bad-joojoo
$ rename/log SSHD2.EXE .bad-joojoo
$ rename/log SCP2.EXE .bad-joojoo
$ rename/log SFTP-SERVER2.EXE .bad-joojoo
$ rename/log SSH-KEYGEN2.EXE .bad-joojoo
$ rename/log SSH-SIGNER2.EXE .bad-joojoo
$ rename/log SCP-SERVER1.EXE .bad-joojoo
$ rename/log SSH-ADD2.EXE .bad-joojoo
$ rename/log SSH-AGENT2.EXE .bad-joojoo
$ rename/log PUBLICKEY_ASSISTANT.EXE .bad-joojoo
$ rename/log SFTP2.EXE .bad-joojoo
$ rename/log SSHLEI.EXE .bad-joojoo
$ rename/log PUBLICKEY-SERVER.EXE .bad-joojoo
$ rename/log MULTINET.CLD .bad-joojoo
$ rename/log USER.CLD .bad-joojoo
$ rename/log LDAP-PLUGIN.EXE .bad-joojoo
$ rename/log SECURID-PLUGIN.EXE .bad-joojoo
$ rename/log LOAD_SSHLEI.EXE .bad-joojoo
$ rename/log SSH-CERTTOOL.EXE .bad-joojoo
$ rename/log SSH-CERTVIEW.EXE .bad-joojoo
$ rename/log SSH-CMPCLIENT.EXE .bad-joojoo
$ rename/log SSH_ACCPORNAM.EXE .bad-joojoo
$ rename/log SSH_FSCLM.EXE .bad-joojoo
$ rename/log SSH_ZLIB.EXE .bad-joojoo
$ rename/log UCX$IPC_SHR.EXE .bad-joojoo
$ rename/log UNLOAD_SSHLEI.EXE .bad-joojoo
$ set def sys$login
and rebooted.
YMMV and YGWYPF. You have been warned! :-)
-ken

Post by Ken Connelly
$ mu sh/ver
Process Software MultiNet V5.1 Rev A-X, AlphaServer ES40, OpenVMS AXP V7.3-2
I applied SSH-050_A051 this morning on all cluster nodes (separate
MultiNet installations on each) and rebooted the cluster. Tonight, from
home with my laptop, my publickey authentication is not working (I get
prompted for my password). Upon entering that, I gain access to the
system, but have a failed login recorded. ana/aud tells me that an
invalid password was entered, even though I entered my password
correctly and only one time.
I see nothing in the release notes about this topic, nor did I make any
changes to ssh2_dir:sshd2_config.
What am I missing?
- ken

--
- Ken
=================================================================
Ken Connelly Associate Director, Security and Systems
ITS Network Services University of Northern Iowa