Debian Bug report logs - #192207
ssh 3.6.1p2-1 introduces a 2-3 second delay when logging in

version graph

Package: ssh; Maintainer for ssh is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>; Source for ssh is src:openssh.

Reported by: "Theodore Y. Ts'o" <tytso@mit.edu>

Date: Tue, 6 May 2003 21:18:01 UTC

Severity: important

Found in version 1:3.6.1p2-1

Fixed in version openssh/1:3.6.1p2-6

Done: Colin Watson <cjwatson@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org:
Bug#192207; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to "Theodore Y. Ts'o" <tytso@mit.edu>:
New Bug report received and forwarded. Copy sent to Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ssh 3.6.1p2-1 introduces a 2-3 second delay when logging in
Date: Tue, 06 May 2003 17:04:10 -0400
Package: ssh
Version: 1:3.6.1p2-1
Severity: important

Starting with ssh 3.6.1p2-1 (this problem does not exist with ssh 3.6.1p1-1),
sshd is stalling for 2-3 seconds before starting the requested program:

% date;  ssh thank.thunk.org date ;date
Tue May  6 16:52:06 EDT 2003
Tue May  6 16:52:09 EDT 2003
Tue May  6 16:52:09 EDT 2003

Here are the relevant lines from the /var/log/auth.log

May  6 16:52:06 thank ssh(pam_unix)[13886]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=think.thunk.org  user=tytso
May  6 16:52:09 thank sshd[13886]: Accepted publickey for tytso from 216.175.175.162 port 36305 ssh2
May  6 16:52:09 thank ssh(pam_unix)[13886]: session opened for user tytso by (uid=0)
May  6 16:52:09 thank ssh(pam_unix)[13886]: session closed for user tytso

Note timestamps 16:52:06 and 16:52:09.  This completely ruins the
usefulness of my machine as a distcc server.  Downgrading to ssh
3.6.1p1-1 makes the problem go away.

I'll keep running 3.6.1p1-1 for now, but if you could give me a hint
about why 3.6.1p2-1 is introducing a delay, I would greatly appreciate
it.

						- Ted

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux thank 2.4.21-rc1 #1 Fri Apr 25 22:08:15 EDT 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages ssh depends on:
ii  adduser                     3.50         Add and remove users and groups
ii  debconf                     1.2.35       Debian configuration management sy
ii  libc6                       2.3.1-17     GNU C Library: Shared libraries an
ii  libpam-modules              0.76-10      Pluggable Authentication Modules f
ii  libpam0g                    0.76-10      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7b-2     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.1.4-11   compression library - runtime

-- debconf information:
* ssh/privsep_tell: 
  ssh/insecure_rshd: 
  ssh/privsep_ask: true
  ssh/ssh2_keys_merged: 
* ssh/user_environment_tell: 
* ssh/forward_warning: 
* ssh/insecure_telnetd: 
  ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: true
  ssh/encrypted_host_key_but_no_keygen: 
* ssh/run_sshd: true
* ssh/SUID_client: true




Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org:
Bug#192207; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to James Troup <james@nocrew.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org. Full text and rfc822 format available.

Message #10 received at 192207@bugs.debian.org (full text, mbox):

From: James Troup <james@nocrew.org>
To: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: 192207@bugs.debian.org
Subject: Re: Bug#192207: ssh 3.6.1p2-1 introduces a 2-3 second delay when logging in
Date: Tue, 06 May 2003 23:40:18 +0100
"Theodore Y. Ts'o" <tytso@mit.edu> writes:

> This completely ruins the usefulness of my machine as a distcc server. 

It's orthogonal to this bug but you might want to have a look at the
fsh package...

-- 
James



Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org:
Bug#192207; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to James Cameron <james.cameron@hp.com>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org. Full text and rfc822 format available.

Message #15 received at 192207@bugs.debian.org (full text, mbox):

From: James Cameron <james.cameron@hp.com>
To: 192207@bugs.debian.org
Subject: reproduced and traced
Date: Tue, 13 May 2003 19:09:36 +1000
G'day,

While in pam_authenticate() or deeper, the forked sshd process for the
connection deliberately sleeps for a second or more, using select() with
no file descriptors and an apparently random timeout.  I've traced this
using strace, and captured a backtrace using gdb at the point of the
sleep.

I conjecture that the behaviour was added as a result of the fix applied
for bug #191681, but in my case the username being attempted is quite
legitimate.

Please find below;
- where the pause occurs as far as the client is concerned,
- the /var/log/auth.log error that immediately preceeds the pause,
- the edited output of strace showing the pause after logging the error,
- a backtrace in gdb made by delivering a SIGINT during the pause.

I agree fsh works around this bug nicely!


% ssh -v root@server "whoami"
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
[... delay here ...]
debug1: authentications that can continue: publickey,password,keyboard-interactive
[...]

% tail /var/log/auth.log
[...]
May 13 18:26:17 server ssh(pam_unix)[4561]: authentication failure; logname= uid=
0 euid=0 tty=NODEVssh ruser= rhost=client.lan  user=root
[...]

% strace -f -r -p 374
[...]
4561       0.000119 connect(5, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
4561       0.000165 send(5, "<37>May 13 18:26:17 ssh(pam_unix"..., 133, 0) = 133
4561       0.000585 rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0
4561       0.000166 close(5)            = 0
4561       0.000255 select(0, NULL, NULL, NULL, {1, 777718} <unfinished ...>
4562       0.000097 read(5,  <unfinished ...>
4561       1.778545 <... select resumed> ) = 0 (Timeout)
4561       0.000129 write(7, "\0\0\0\5\v", 5) = 5
4561       0.000148 write(7, "\0\0\0\0", 4) = 4
4561       0.000164 getpeername(6, {sa_family=AF_INET, sin_port=htons(49588), sin_addr=inet_addr("10.0.0.1")}, [16]) = 0
[...]

# gdb sshd
(gdb) run -d -e -p 5523
Starting program: /usr/sbin/sshd -d -e -p 5523
[...]
debug1: Server will not fork when running in debugging mode.
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Connection from 10.0.0.1 port 49608
debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1 Debian 1:3.4p1-1
debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-1
debug1: permanently_set_uid: 101/65534
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "root"
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
debug1: PAM setting rhost to "client.lan"
(no debugging symbols found)...
Program received signal SIGINT, Interrupt.
0x40205b1e in select () from /lib/libc.so.6
(gdb) bt
#0  0x40205b1e in select () from /lib/libc.so.6
#1  0x4002fe28 in _pam_token_returns () from /lib/libpam.so.0
#2  0x4002c6da in pam_authenticate () from /lib/libpam.so.0
#3  0x0805f964 in chroot ()
#4  0x0805fbed in chroot ()
#5  0x0804f16d in chroot ()
#6  0x0805b31b in chroot ()
#7  0x0805ac4e in chroot ()
#8  0x0805a986 in chroot ()
#9  0x0804ca3f in chroot ()
#10 0x0804d9a9 in chroot ()
#11 0x4015da51 in __libc_start_main () from /lib/libc.so.6
(gdb) cont
Continuing.
debug1: PAM password authentication failed for root: Authentication failure


-- 
James Cameron                                     (james.cameron@hp.com)

http://quozl.linux.org.au/         (or)         http://quozl.netrek.org/



Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org:
Bug#192207; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to James Cameron <james.cameron@hp.com>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org. Full text and rfc822 format available.

Message #20 received at 192207@bugs.debian.org (full text, mbox):

From: James Cameron <james.cameron@hp.com>
To: 192207@bugs.debian.org
Subject: workaround, edit /etc/pam.d/ssh
Date: Tue, 13 May 2003 19:16:56 +1000
Sorry, another workaround ... edit the file /etc/pam.d/ssh and add the
word nodelay to the pam_unix.o line ... change this line;

	auth       required     pam_unix.so 

to read like this;

	auth       required     pam_unix.so nodelay

I then restarted sshd with "/etc/init.d/ssh restart", though I've no
idea if that was necessary.

Note that this makes it easier for an attacker to test usernames for
validity.  Thanks to Marco on bug #191681.

-- 
James Cameron                                     (james.cameron@hp.com)

http://quozl.linux.org.au/         (or)         http://quozl.netrek.org/



Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org:
Bug#192207; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Paul Traina <pst+reportbug@spamcatcher.bogus.com>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>, openssh@packages.qa.debian.org. Full text and rfc822 format available.

Message #25 received at 192207@bugs.debian.org (full text, mbox):

From: Paul Traina <pst+reportbug@spamcatcher.bogus.com>
To: Debian Bug Tracking System <192207@bugs.debian.org>
Subject: ssh: but nodelay isn't solving the real problem...
Date: Sat, 24 May 2003 19:37:20 -0700
Package: ssh
Version: 1:3.6.1p2-1
Followup-For: Bug #192207

Authentication is failing, which seems to be introducing the delay.

I may be very confused here, but in the default sshd pam file, we're
just calling pam_unix.  If a client attempts to connect using just a
ssh2 identity, why why the heck is pam_unix generating this error message?

quemadura ssh(pam_unix)[12879]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=weychopee.shockwave.org  user=pst

Clearly we don't want ruser authentication enabled, but I haven't looked
closely enough at the debian version of this code to figure out if that
is being attempted or not.

sshd should have approved my connection attempt based on the ssh2 credentials
passed in, and pam_unix should not be attempting either passwd or rhosts style
authentication on its own.

If I'm actually looking over this correctly (could be wrong) then there
might be a security bug here as well. :-( I am NOT going to tag this
bug report [security] because I have not done enough honest work digging
through the code.

Paul



-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux quemadura.shockwave.org 2.4.20-1-686 #1 Sat Mar 22 13:16:21 EST 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages ssh depends on:
ii  adduser                     3.50         Add and remove users and groups
ii  debconf                     1.2.35       Debian configuration management sy
ii  libc6                       2.3.1-17     GNU C Library: Shared libraries an
ii  libpam-modules              0.76-10      Pluggable Authentication Modules f
ii  libpam0g                    0.76-10      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7b-2     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.1.4-11   compression library - runtime

-- debconf information:
  ssh/protocol2_default: 
* ssh/privsep_tell: 
  ssh/insecure_rshd: 
  ssh/privsep_ask: true
* ssh/ssh2_keys_merged: 
* ssh/user_environment_tell: 
* ssh/forward_warning: 
* ssh/insecure_telnetd: 
  ssh/new_config: true
  ssh/ancient_version: 
* ssh/use_old_init_script: true
  ssh/protocol2_only: true
  ssh/encrypted_host_key_but_no_keygen: 
* ssh/run_sshd: true
* ssh/upgrade_to_openssh: true
* ssh/SUID_client: false




Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#192207; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Johan Thelmén <jth@home.se>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #30 received at 192207@bugs.debian.org (full text, mbox):

From: Johan Thelmén <jth@home.se>
To: 192207@bugs.debian.org
Subject: Why do ssh try null password first?
Date: Fri, 18 Jul 2003 13:37:27 +0200
Hello

I have a similar problem but not for the delay but for the probably cause
of the delay.

That extra failed login with null password login.
Jul 18 12:24:34 localhost ssh(pam_unix)[9239]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=localhost  user=root

Using putty I never get that extra failed login.

Could we only try it if we are in batch or not password auth mode?
or should we have a option to turn it on or off?

I don't think it is suitable for a security program to automaticly try
empty passwords. I'm not able to differ the log from a normal login and
attempts with empty passwords.

Any suggestions?

We are not alone..
http://www.securityfocus.com/archive/121/326500/2003-06-18/2003-06-24/0
I'm not sure that is the proper fix because then it will probably not
send any empty passwords after that fix.

-- 
Johan Thelmén
Sweden Falun




Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#192207; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Darren Tucker <dtucker@zip.com.au>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #35 received at 192207@bugs.debian.org (full text, mbox):

From: Darren Tucker <dtucker@zip.com.au>
To: Klaus Ethgen <Klaus@Ethgen.de>, "Theodore Y. Ts'o" <tytso@mit.edu>, oskar@osk.mine.nu
Cc: 193546@bugs.debian.org, 192207@bugs.debian.org, 99168@bugs.debian.org
Subject: Debian bugs 99168, 192207, 193546: fixed in upstream (+patch).
Date: Wed, 06 Aug 2003 16:44:05 +1000
[Message part 1 (text/plain, inline)]
Hi.
	Regarding the following Debian OpenSSH bugs:
#99168: identifying root's password by measuring password-failure delays
#192207: ssh 3.6.1p2-1 introduces a 2-3 second delay when logging in
#193546: ssh: Strange authentication failure... 

	I've been looking at these.  They're interrelated, hence the multiple
update.

	They have all been fixed in the current development tree as part of a
cleanup of auth-passwd.c (rev 1.57, but the diff is large) and new PAM
code (auth-pam.c rev 1.58 + associated changes).

	Attached is a small patch against 3.6.1p2 which should solve all three. 
I would review it very carefully before using it, though, I may have
overlooked something.

	Basically, the issue arises because in the SSH2 protocol, the "none"
authentication method does double duty as "let me log in now if you don't
require authentication" and "otherwise tell me what authentications you
require".

	The client starts an authentication by asking the server for "none"
authentication, and the server must either allow the login at that point
(if the user has no passsword and empty passwords are permitted) or reply
with a list of allowed methods.  To determine if the "none" login should
be allowed, auth_password is called with a password of "", and if that
fails it proceeds with the rest of the authentication protocol.

	Previously, auth_password would return as soon as any of its tests
failed, so as long as the server was configured with "PermitEmptyPasswords
no" the attempt to authenticate with the empty password would fail
immediately (before asking PAM).  Unfortunately this leaked information
(eg about the state of PermitRootLogin).

	The "owl-always-auth" patch added for 3.6.1p2 changed the way
auth_password worked.  Instead of failing immediately, it set a flag on
failure but tried all the tests anyway.  Unfortunately this meant the
"none" authentication tries a PAM authentication without a password, which
fails and adds the delay and log message.  It also meant that regardless
of the PermitRootLogin setting, a PAM authentication was always attempted
for root, which returns much faster when the password is correct and thus
leaks information (ie #99168 re-occurred).

	The attached patch:
a) returns immediately for empty passwords if PermitEmptyPasswords=no.
b) makes an invalid call to auth_pam_password if PermitRootLogin=no which
will always fail.

	Note that a) will leak the PermitEmptyPasswords setting; I don't see any
way around that without imposing a delay on *all* logins.  This is
behaviour is consistent with the current development tree.

	Also note that b) will leak info on whether or not root actually has a
password.  I suspect that could be determined easily in other ways :-)

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
[openssh-debian_login.patch (text/plain, inline)]
Index: auth-passwd.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-passwd.c,v
retrieving revision 1.51.4.1
diff -u -r1.51.4.1 auth-passwd.c
--- auth-passwd.c	29 Apr 2003 09:12:08 -0000	1.51.4.1
+++ auth-passwd.c	6 Aug 2003 06:16:36 -0000
@@ -117,14 +117,22 @@
 	/* deny if no user. */
 	if (pw == NULL)
 		ok = 0;
+	if (*password == '\0' && options.permit_empty_passwd == 0)
+		return 0;
 #ifndef HAVE_CYGWIN
 	if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
 		ok = 0;
 #endif
-	if (*password == '\0' && options.permit_empty_passwd == 0)
-		ok = 0;
 
 #if defined(USE_PAM)
+	/*
+	 * If the user logging in is root and RootLogin=no, always attempt
+	 * an invalid root login to prevent leaking timing information
+	 */
+	if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) {
+		auth_pam_password(authctxt, "");
+		return 0;
+	}
 	return auth_pam_password(authctxt, password) && ok;
 #elif defined(HAVE_OSF_SIA)
 	if (!ok)

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#192207; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #40 received at 192207@bugs.debian.org (full text, mbox):

From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
To: Colin Watson <cjwatson@debian.org>
Cc: 192207@bugs.debian.org, debian-ssh@lists.debian.org
Subject: Re: poor performance from ssh 1:3.6.1p2-4 backported to woody
Date: Fri, 8 Aug 2003 17:20:53 +0200 (CEST)
On Fri, 8 Aug 2003, Colin Watson wrote:

> On Thu, Aug 07, 2003 at 08:27:14PM +0200, Cristian Ionescu-Idbohrn wrote:
> > On Thu, 7 Aug 2003, Colin Watson wrote:
> > > See bug #192207.
> >
> > Overwhelming...
> >
> > Can we expect that patch implemented soon?
>
> I should think so, yes.
>
> > Is the pam trick
> >
> >   auth       required     pam_unix.so nodelay
> >
> > good enaugh for now?
>
> Um, I believe so, but I haven't particularly tested it because leaving
> the annoyance in for myself made it more likely to get fixed. :)

All right. I can confirm the pam trick helped. A collegue of mine
experimented with fetching a whole cvs-tree and the elapsed time was:

  870s without the pam trick
  360s with the pam trick

Substantial speedup.
Hope the proper patch will be released soon.


Cheers,
Cristian



Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#192207; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Darren Tucker <dtucker@zip.com.au>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #45 received at 192207@bugs.debian.org (full text, mbox):

From: Darren Tucker <dtucker@zip.com.au>
To: 192207@bugs.debian.org
Subject: Updated patch
Date: Sat, 09 Aug 2003 15:47:24 +1000
[Message part 1 (text/plain, inline)]
Hi.
	Attached is an updated patch that should address a couple of issues with
the previous one:

a) The short-cut for permitemptypassword=no is in the authentication
negotiation.  This means that if the user actually supplies a null
password, it will be logged.

b) In the case of permitrootlogin=no, attempt an auth with a totally bogus
password (idea from openwall linux).

	Again, review carefully before using it, I may have overlooked something.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
[openssh-debian_login2.patch (text/plain, inline)]
Index: auth-passwd.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-passwd.c,v
retrieving revision 1.51.4.1
diff -u -p -r1.51.4.1 auth-passwd.c
--- auth-passwd.c	29 Apr 2003 09:12:08 -0000	1.51.4.1
+++ auth-passwd.c	9 Aug 2003 05:17:25 -0000
@@ -125,6 +125,14 @@ auth_password(Authctxt *authctxt, const 
 		ok = 0;
 
 #if defined(USE_PAM)
+	/*
+	 * If the user logging in is root and RootLogin=no, always attempt
+	 * an invalid root login to prevent leaking timing information
+	 */
+	if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) {
+		auth_pam_password(authctxt, "\b\n\r\177INCORRECT");
+		return 0;
+	}
 	return auth_pam_password(authctxt, password) && ok;
 #elif defined(HAVE_OSF_SIA)
 	if (!ok)
Index: auth1.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth1.c,v
retrieving revision 1.79
diff -u -p -r1.79 auth1.c
--- auth1.c	24 Feb 2003 00:59:27 -0000	1.79
+++ auth1.c	9 Aug 2003 05:30:30 -0000
@@ -80,7 +80,7 @@ do_authloop(Authctxt *authctxt)
 	    authctxt->valid ? "" : "illegal user ", authctxt->user);
 
 	/* If the user has no password, accept authentication immediately. */
-	if (options.password_authentication &&
+	if (options.password_authentication && options.permit_empty_passwd &&
 #if defined(KRB4) || defined(KRB5)
 	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif
Index: auth2-none.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth2-none.c,v
retrieving revision 1.3.6.1
diff -u -p -r1.3.6.1 auth2-none.c
--- auth2-none.c	29 Apr 2003 09:12:08 -0000	1.3.6.1
+++ auth2-none.c	9 Aug 2003 05:22:07 -0000
@@ -100,6 +100,8 @@ userauth_none(Authctxt *authctxt)
 	if (check_nt_auth(1, authctxt->pw) == 0)
 		return(0);
 #endif
+	if (options.permit_empty_passwd == 0)
+		return 0;
 	return PRIVSEP(auth_password(authctxt, "")) && authctxt->valid;
 }
 

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#192207; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #50 received at 192207@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Darren Tucker <dtucker@zip.com.au>, 192207@bugs.debian.org
Cc: 99168-quiet@bugs.debian.org, 193546-quiet@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#192207: Updated patch
Date: Wed, 3 Sep 2003 01:30:59 +0100
tags 99168 pending
tags 192207 pending
tags 193546 pending
thanks

On Sat, Aug 09, 2003 at 03:47:24PM +1000, Darren Tucker wrote:
> 	Attached is an updated patch that should address a couple of issues with
> the previous one:
> 
> a) The short-cut for permitemptypassword=no is in the authentication
> negotiation.  This means that if the user actually supplies a null
> password, it will be logged.
> 
> b) In the case of permitrootlogin=no, attempt an auth with a totally bogus
> password (idea from openwall linux).
> 
> 	Again, review carefully before using it, I may have overlooked something.

I've thought about this carefully and tested all the interesting
combinations I can think of, and it seems fine. I'll upload to Debian
unstable shortly, at which point no doubt it'll break for half a dozen
people with strange setups, but that's life. ;)

Thanks!

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Tags added: pending Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Theodore Y. Ts'o" <tytso@mit.edu>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #57 received at 192207-close@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: 192207-close@bugs.debian.org
Subject: Bug#192207: fixed in openssh 1:3.6.1p2-6
Date: Wed, 03 Sep 2003 16:26:05 -0400
Source: openssh
Source-Version: 1:3.6.1p2-6

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh_3.6.1p2-6.diff.gz
  to pool/main/o/openssh/openssh_3.6.1p2-6.diff.gz
openssh_3.6.1p2-6.dsc
  to pool/main/o/openssh/openssh_3.6.1p2-6.dsc
ssh-askpass-gnome_3.6.1p2-6_i386.deb
  to pool/main/o/openssh/ssh-askpass-gnome_3.6.1p2-6_i386.deb
ssh_3.6.1p2-6_i386.deb
  to pool/main/o/openssh/ssh_3.6.1p2-6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 192207@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed,  3 Sep 2003 19:14:02 +0100
Source: openssh
Binary: ssh-askpass-gnome ssh
Architecture: source i386
Version: 1:3.6.1p2-6
Distribution: unstable
Urgency: medium
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 ssh        - Secure rlogin/rsh/rcp replacement (OpenSSH)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 99168 192207 193546 197576 208036
Changes: 
 openssh (1:3.6.1p2-6) unstable; urgency=medium
 .
   * Use a more CVS-friendly means of setting SSH_VERSION.
   * Update Brazilian Portuguese debconf template translation (thanks, Andre
     Luis Lopes; closes: #208036).
   * Don't run 'sshd -t' in init script if the server isn't to be run
     (closes: #197576).
   * Fix login delay, spurious auth.log entry, and PermitRootLogin
     information leakage due to PAM issues with upstream's recent security
     update (thanks, Darren Tucker; closes: #99168, #192207, #193546).
   * Policy version 3.6.1: recode this changelog to UTF-8.
Files: 
 79a152667d63253e2086fa31f78425f1 847 net standard openssh_3.6.1p2-6.dsc
 0ed10571bcc3518bd5c10fd8f6418438 80668 net standard openssh_3.6.1p2-6.diff.gz
 5ae4629042fc19ef0f5b422ddc5bd6e2 645280 net standard ssh_3.6.1p2-6_i386.deb
 9a738e3aa3c8bd9512e5166772b4b65e 42648 gnome optional ssh-askpass-gnome_3.6.1p2-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQE/VjhV9t0zAhD6TNERAnPdAJwJY8w0hKP7YjqCIXX88LtblA9sggCeMSar
uMuo5E2Omu+KC+f0zFA50xc=
=Lwmi
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 08:14:01 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.