Package: ssh Version: 1:3.0.2p1-8 Severity: normal On Sat, Mar 09, 2002 at 12:06:46PM -0500, Matt Zimmerman wrote: > Yes, this is pretty much what I assumed...I would like to track down why > this is happening, and send a good bug report to the OpenSSH folks, but I > can't reproduce the problem, and probably won't have the time to fiddle > with it too much. It may only happen when the client does something > specific, that the client from my version of OpenSSH will not do, even > under the same circumstances. Well, scratch that, it turns out that it's actually quite easy to reproduce. The key bits are: - v1 protocol - public key authentication - illegal user The bug only surfaces when all of these are active. For example: ssh -1 -i some-v1-key nonexistentuser@localhost will do it every time. -- Versions of packages ssh depends on: ii debconf 1.0.31 Debian configuration management sy ii libc6 2.2.5-3 GNU C Library: Shared libraries an ii libpam-modules 0.72-35 Pluggable Authentication Modules f ii libpam0g 0.72-35 Pluggable Authentication Modules l ii libssl0.9.6 0.9.6c-1 SSL shared libraries ii libwrap0 7.6-9 Wietse Venema's TCP wrappers libra ii zlib1g 1:1.1.3-19 compression library - runtime -- - mdz ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Mar 10 2002 - 16:45:03 PST