Vulnerability Development: Re: OpenSSH Password Question

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: OpenSSH Password Question

From: Bill Weiss <bill_weiss () att net>
Date: Sat, 9 Dec 2000 01:23:16 -0700

Erik Tayler(erik () DIGITALOFFENSE NET)@Fri, Dec 08, 2000 at 05:23:34AM -0600:

I decided this might be the most appropriate list to send this to, so
here I go.
I will start off with one basic question, does sshd
[SSH-1.99-OpenSSH_2.3.0p1]
permit the use of passwords that are longer than 8 characters? If not,
then ignore
the rest of this e-mail.

For example purposes only, let's say the password to one of my normal
user
accounts is abc123456789. I can log in with any of the following:

    abc12345
    abc123456
    abc1234567
    abc12345678
    abc123456789
    abc1234567890
    abc1234567890A
    abc1234567890AB

You get the picture. This is either the way the server is supposed to
act,
a bug, or a terrible misconfiguration on my part. Any help would be
greatly
appreciated. One thing is for sure, I want the be able to use my
password,
not a truncated version.


What about the system sshd is running on?  Shadown installed, PAM, etc...

By Date By Thread

Current thread:

OpenSSH Password Question Erik Tayler (Dec 09)
- Re: OpenSSH Password Question Gordon Messmer (Dec 09)
  - Re: OpenSSH Password Question White Vampire (Dec 10)
- Re: OpenSSH Password Question Daniel Jacobowitz (Dec 09)
- Re: OpenSSH Password Question Bill Weiss (Dec 10)
  - Re: OpenSSH Password Question Erik Tayler (Dec 10)
- Re: OpenSSH Password Question Markus Friedl (Dec 10)
  - Re: OpenSSH Password Question Bluefish (P.Magnusson) (Dec 11)
    - Re: OpenSSH Password Question Markus Friedl (Dec 11)
    - Re: OpenSSH Password Question Bennett Todd (Dec 12)