Hi Amanda,
Thanks for pointing that out... I hadn't been sniffing round the code
enough and had only found the positive, not the negative.
Having done a search on the entire code I can only find reference to
that return code ('ROOT LOGIN REFUSED') at two points within the sshd.c
source code, and there doesn't seem to be anything returned other than
the text string that I see if running slogin from a command line.
Obviously if I try the same login from a different client (NiftyTelnet
on the Mac being the GUI one I use) I get it's interpretation of the
return code ... but I'm not worried about that interpretation, I just
want a consistent refusal at the server.
I can't actually find the 'permission denied' return on the sshd.c code
so I'm assuming this is the difference between the root login denied and
password wrong error you are talking about (one being verbose server
generated, the other being client generated). Do you know if copying the
return code from the section which denies on password failure would have
the correct response? (Any idea where in the code this is? & can I just
copy and paste this return segment into the root login refused section?)
Sorry to drag the thread on, but my understanding of C isn't that good,
and you appear to have a good grasp of the code. If I'm going to try and
patch this then I need to know I'm approaching it from the right angle.
>From what you are saying there is something I'm missing being passed
back to the client.... hacking code like this makes me a little nervous
and so your help is really appreciated :)
Kind regards
d.
amanda wrote:
> Obviously I didn't make myself clear. Here is how you beat this patch:
>
> edit sshconnect.c and change the message "Permission denied" to something else (like
>"Client got permission denied") and recompile ssh. Then connect to a server with the
>previous patch. Now you will see a distinction between denied permissions on the
>server and denied permissions on the client. One of the failure messages means that
>you typed the wrong password for root, and the other failure message means that you
>typed the right root password but the server didn't allow root password
>authentication.
>
> Amanda.
--
Techie wanted, apply within : http://www.kleber.net/job.html
Dorian Moore is property of Kleber Design Ltd. If found please contact Kleber
by phone on +44 207 581 1362 or visit http://www.kleber.net for further details.
You really shouldn't listen to anything he says... as it may just be an opinion
