Re: Troubles w/Vista

Also:

OpenSSH's UseLogin option allows remote access with root privilege.

1. Systems affected:

        The default installation of OpenSSH is not vulnerable, since
        UseLogin defaults to 'no'. However, if UseLogin is enabled,
        all versions of OpenSSH prior to 2.1.1 are affected.

2. Description:

        If the UseLogin option is enabled the OpenSSH server (sshd)
        does not switch to the uid of the user logging in. Instead,
        sshd relies on login(1) to do the job. However, if the user
        specifies a command for remote execution login(1) cannot
        be used and sshd fails to set the correct user id. The
        command is run with the same privilege as sshd (usually
        with root privilege).

3. Impact:

        If the administrator enables UseLogin users can get privileged
        access to the server running sshd.

4. Short Term Solution:

        Do not enable UseLogin on your machines or disable UseLogin
        again in /etc/sshd_config:
                UseLogin no

5. Solution:

        Upgrade to OpenSSH-2.1.1 or apply the attached patch.
        OpenSSH-2.1.1 is available from www.openssh.com.

  ----- Original Message -----
  From: Mike
  To: ssh@erdelynet.com
  Sent: Sunday, December 02, 2007 11:58 PM
  Subject: Re: Troubles w/Vista

  The client box runs the same version of OpenSSH (4.7p1).

  I did more testing with another box and found out the following...

  server1: Vista Home Premium
  client1: Vista Home Premium
  client2: Windows 2003
  (all running same version of OpenSSH, and all running sshd)

  client1 -> server1, fails (as already stated)
  client2 -> server1, success
  server1 -> server1, success
  server1 -> client1, success
  server1 -> client2, success

  So it appears that only one machine (client1) is having a problem connecting to server1 but I don't know why.

  ----- Original Message ----
  From: kamal <kamal2222ahmed@yahoo.com>
  To: ssh@erdelynet.com
  Sent: Sunday, December 2, 2007 7:32:20 PM
  Subject: Re: Troubles w/Vista

  Mike,

  Can you login from the same box as having multiple ssh login sessions? if so, then, the "other" vista" computer has different configuration, i suggest check the version of ssh, and disable root login on the host

  Hope this helps,
  -Kamal.
    ----- Original Message -----
    From: Mike
    To: ssh@erdelynet.com
    Sent: Sunday, December 02, 2007 8:06 PM
    Subject: Troubles w/Vista

    I'm running Cygwin OpenSSH (sshd) on a box running Windows Vista Home Premium. Everything appears to work fine locally after installation--I can run "ssh -p1234 user@10.0.0.4" and login with my password. However, when I try to do the same from another Vista box on my network the connection is immediately closed (no password prompt). The Event Log on the server shows "sshd: PID 4960: fatal: seteuid 1007: No such process." I don't understand why I can log in from the same box but not from a separate box using the same command. I've verified it's not a firewall issue by running "telnet 10.0.0.4 1234" and getting a connection from the second (client) box. Any ideas?

----------------------------------------------------------------------------
    Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now.

------------------------------------------------------------------------------
  Get easy, one-click access to your favorites. Make Yahoo! your homepage.

--
List Info:      http://erdelynet.com/ssh-l/
List Archives:  http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com