Re: Where to look next?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Sep 22, 2016 at 2:28 AM, Delisle, John
<john.delisle@xxxxxxxxxxxx> wrote:
[...]
> debug1: Remote protocol version 2.0, remote software version Welcome To Ceridian

OpenSSH should probably log it better, but this banner is weird.
According to RFC 4253 section 4.2 the format is:

      SSH-protoversion-softwareversion SP comments CR LF

so this server is claiming that its software version is "Welcome" with
a comment of "To Ceridian".

[...]
> debug3: receive packet: type 1
> Received disconnect from 1.2.3.4 port 32:11: Too many bad authentication attempts!

The server sends a disconnect.

> debug1: Authentication succeeded (password).
> Authenticated to IBM.SFG.SFTP.server ([1.2.3.4]:32).

The client thinks the session is authenticated, though.  I think
that's actually a bug in the OpenSSH client: ssh_userauth2() calls
ssh_dispatch_run() with DISPATCH_BLOCK blocking on authctxt.success.
It assumes that if it exits then it's authenticated.

ssh_packet_read_poll_seqnr(), however, will return
SSH_ERR_DISCONNECTED in that case, which will cause ssh_dispatch_run()
to return.

I don't think this is relevant to your problem, though.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux