Hi Stephen. I accidentally dropped you off the thread by replying to an earlier post. The TL;DR is that I think OpenSSH's behaviour is RFC-compliant although not optimal. You can read the rest of the thread here: http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-April/033789.html On Tue, Apr 7, 2015 at 3:47 PM, Stephen Hurd <shurd@xxxxxxxxxxx> wrote: > > The problem was originally reported via IRC against "a couple different > Linux distros", and I found I could reproduce with my FreeBSD 11 box so > I added a local patch to work around it, sent it to the reporter who > confirmed that it solved his issue. I can try to find out the specific > distros, though I suspect they have vendor patches as well. > I suspect the behaviour will be present in any system with UsePAM=yes and KbdInteractiveAuthentication=yes (or ChallengeResponseAuthentication=yes, from which KbdInteractiveAuthentication gets its default value). I also suspect you can work around it by setting KbdInteractiveAuthentication=no and PasswordAuthentication=yes, assuming your PAM modules are simple enough that this works. > His system also had all the CBC ciphers disabled by default, including > the mandatory 3des-cbc and recommended aes128-cbc, so I suspect a > reaction to some padding oracle attack (I don't really keep up) was > involved on his systems. It seems that Cryptlib only does CBC, so I had > to walk him through re-enabling those. FWIW I don't think the ciphers have any impact on this behaviour. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev