Help needed! BIG problem with security

Satriani · 04-27-2004, 08:50 AM

Hi all,

I just found out I have a huge! security problem...
When connecting through SSH to my linux machine, i am prompted for my username (Sofar so good) and then my password.
There is where it goes wrong: I can type in any password I'd like, an I get access!!!!
So i.e.
User: myname
Passwd: blabla
Works...
User: myname
Passwd: somthingelse
User: myname
Passwd: AnythingITypeHere

All work, and I am logged in as user myname..

Fortunately, The access to this box is limited to internal traffic only, but still, I don't like this!!!!

Anyone with Ideas ?? Thanks VERY!!!! much!

Sat

hw-tph · 04-27-2004, 10:09 AM

Sounds like you are using host-based or stored key authentification? What distribution does this occur on, and have you changed anything in the sshd_conf file?

Håkan

Satriani · 04-27-2004, 11:05 AM

I run 2 linuxboxes:
1 = RH9 acting as Samba PDC
1 = RH7.3

From any box (windows - putty) or linux, i can login to both machines with any passwd as long as the username is correct...

I have not made any changes lately.....

Satriani · 04-27-2004, 11:14 AM

I have found that the problem has something to do wit PAM, but I am not sure how to solve it...

I commented everything out in the /etc/pam.d/sshd and then it seems to work as expected (Allthough I cannot login at all then...)

Any hints ?

unSpawn · 04-27-2004, 12:13 PM

I commented everything out in the /etc/pam.d/sshd and then it seems to work as expected
OpenSSH's PAM file uses system-auth. First thing I would do is activate all statements in pam.d/sshd and add debug statements. If that doesn't show anything usefull I'd add debug statements to system-auth too. If that doesn't anything usefull, verify any changes you made in the past, post what you did accompanied by your sshd and system-auth files. One crude way to verify changed files would be to run rpm -Va and grep for /etc/pam.d, then extract those originals and diff.

Satriani · 04-27-2004, 12:16 PM

I compared the ssh pam file with the original one (Thank God for backups)
I commented out the first line in it:

Code:

# auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_limits.so
session    optional     /lib/security/pam_console.so

I uncommented the first one and it seemd to work again, but logins are slow...

unSpawn · 04-27-2004, 12:53 PM

Any changes to system-auth?

Satriani · 04-27-2004, 03:30 PM

Sorry,

Where do i find that ? Changes to system-auth ?? I guess i didn't change anything there, since i don't even know where to find it...