First time poster.
Ultimately the solution to this is probably to upgrade but I would like to get
a better understanding of the mechanics behind the issue.
OpennSSH deamon allowed an ssh v1 connection despite config file set to allow
v2 only.
1. Occurred on a Solaris 9 server with sshd version OpenSSH_3.8p1, OpenSSL
0.9.7d
2. Confirmed that /usr/local/etc/sshd_config is set for protocol 2 only.
3. ps -eaf shows /usr/local/sbin/sshd -u0
4. Execute ssh -1 -v -p xx localhost and got the following output indicating a
successful
v1 connection:
--> Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port xx.
debug1: Connection established.
5. Confirmed that /etc/ssh/ssh_config is also set to use protocol 2 only.
6. Restarted OpenSHH using /etc/init.d/opensshd to ensure that config file was
being read
and got an error message stating OpenSSH could not write to the PID file.
7. Discovered that PID was missing from /var/run/sshd.pid (file was zero
bytes).
8. Deleting sshd.pid, kill -9 on sshd, failed to allow creation of PID file.
9. Manually entered PID into sshd.pid and restarted opensshd with complete
success.
10. Re-tested with ssh -1 -v localhost and connection failed. All is better.
11. I've since discovered that the ssh command from Sun_SSH is first in the
path which may
be part of the problem.
My main concern is that sshd allowed the insecure protocol v1 to connect
despite the fact that the sshd_config files were set to allow v2 only because
of the zero byte PID file. My company is nearly finished migrating to RHEL so I
have limited Solaris resources and have no way to test if removing Sun_SSH from
the scenario would prevent resolve this issue or to test if upgrading will
resolve the issue. Also, I understand that a zero byte PID can cause problems,
but I don't understand why I couldn't fix that by killing the sshd process and
then restarting OpenSSH.
I've been unable to find any information on this issue in the news group
archives, Google results, or anywhere else and would appreciate any
feedback/education including "Go look [wherever]."
Thanks,
Dave
The information contained in this message is proprietary and/or confidential.
If you are not the intended recipient, please: (i) delete the message and all
copies; (ii) do not disclose, distribute or use the message in any manner; and
(iii) notify the sender immediately. In addition, please be aware that any
message addressed to our domain is subject to archiving and review by persons
other than the intended recipient. Thank you.
