From owner-FreeBSD-users-jp@jp.freebsd.org  Tue Apr 20 12:40:42 1999
Received: (from daemon@localhost)
	by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) id MAA23573;
	Tue, 20 Apr 1999 12:40:42 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from boyoyon.crayfish.co.jp (boyoyon.crayfish.co.jp [203.137.154.149])
	by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) with ESMTP id MAA23565
	for <freebsd-users-jp@jp.freebsd.org>; Tue, 20 Apr 1999 12:40:41 +0900 (JST)
	(envelope-from takano@crayfish.co.jp)
Received: from localhost (localhost.crayfish.co.jp [127.0.0.1])
	by boyoyon.crayfish.co.jp (8.9.3/3.7W-1.6boyo) with ESMTP id MAA04015
	for <freebsd-users-jp@jp.freebsd.org>; Tue, 20 Apr 1999 12:40:40 +0900 (JST)
To: freebsd-users-jp@jp.freebsd.org
From: TAKANO Yuji =?iso-2022-jp?B?GyRCJD8kKyROJGYhQSQ4GyhC?=
 <takachan@running-dog.net>
X-Mailer: Mew version 1.94b21 on XEmacs 20.4 (Emerald)
X-FingerPrint: DF 0E 6F 5A 7B 69 BE 62  10 6B 9B 5D 01 9C 23 1E
X-PGP-Key-URL: http://www.running-dog.net/takano.pubkey
X-Face: eat%|YBNv.@HDTro$1f+Kxp"N1C>75Ph~a;%UoNP'VPsk^-)}'RY[MD{y@M{b]|9twYu|3?
 )FuCzVmt8O?uRq$>LMwi=LLP^MRJDD50aZ=w~MIc"NiQLai,-UkQ@](.;@}o-vrjPH/eXW$;)u.%GU
 I4SW{fv2kAdS!k|Fd2lCR}f(.DSJtf3do0e3!X
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19990420124039Y.takano@crayfish.co.jp>
Date: Tue, 20 Apr 1999 12:40:39 +0900 (JST)
X-Dispatcher: imput version 990405(IM114)
Lines: 94
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990405
X-Sequence: FreeBSD-users-jp 41434
Subject: [FreeBSD-users-jp 41434] ssh-1.2.26 security
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: takano@crayfish.co.jp

$B$?$+$N$G$9!#$3$s$K$A$O!#(B

  $B:4ED$5$s(B $B$,(B SD 5 $B7n9f$K(B ssh $B$N;v$r=q$$$F$$$?MM$J$N$GKM$b=q$$$F$7(B
$B$^$*$&(B;-)$B!#(B

  ssh $B$G$O!"(Broot $B$G$G$b(B login $B=PMh$F$7$^$&$N$G$9$,!"(B/etc/sshd_config 
$B$N(B "PermitRootLogin no" $B$G2sHr$G$-$^$9!#(B

  $B$7$+$7!"$3$N;~!"(B($BKM$,;W$&$K$O!"B?$$$K(B)$BLdBj$,M-$C$F!"(B
"PermitRootLogin no" $B$H;XDj$7$FM-$C$?>l9g!"(Broot $B$N(B passwd $B$r@5$7$/(B
$BF~$l$?>l9g$H0c$C$FF~$l$?>l9g!"0J2<$N%a%C%;!<%8$,JV$5$l$^$9!#(B

---
1 takano /home/takano > slogin foo.running-dog.net -l root
root@foo.running-dog.net's password: $B4V0c$C$?%Q%9%o!<%I$rF~NO(B
Permission denied.

2 takano /home/takano > slogin foo.running-dog.net -l root
root@foo.running-dog.net's password: $B@5$7$$%Q%9%o!<%I$rF~NO(B
ROOT LOGIN REFUSED FROM boyoyon.crayfish.co.jp
---

  $B$A$g$C$H!"2x$7$2$J$*JV;v$rJV$5$l$F$7$^$$$^$9!#(Bsshd $B$rMxMQ$7$F$$(B
$B$k8B$j(B CPU $B%Q%o!<E*$K%"%?%C%/$r$+$1$i$l$k$H!"I,A3E*$K(B root $B$N%Q%9(B
$B%o!<%I$,$P$l$F$7$^$&$H8@$&$3$H$G$9$M!#(B

  $B2sHr:v$H$7$F$O!"(Bslogin $B$G%"%/%;%9=PMh$k%5%$%H$r8BDj$9$kJ}K!$,0l$D$"(B
$B$j$^$9!#8e$O!"$?$H$(;EMM$H$O8@$(!"$A$g$C$H4m$J$9$.$k$N$G;d$N>l9g$O%=!<(B
$B%9$r=$@5$7$^$7$?!#:G8e$K%Q%C%A$rE:IU$7$^$9!#$9$k$H$3$s$JIw$K$J$j$^(B
$B$9!#(B

---
4 takano /home/takano > slogin foo.running-dog.net -l root
root@foo.running-dog.net's password: $B4V0c$C$?%Q%9%o!<%I$rF~NO(B
Permission denied.

5 takano /home/takano > slogin foo.running-dog.net -l root
root@foo.running-dog.net's password: $B@5$7$$%Q%9%o!<%I$rF~NO(B
Permission denied.
---

  /etc/sshd_config $B$G(B "PermitRootLogin no" $B$H;XDj$7$FM-$C$?>l9g!"(B
root $B$N(B passwd $B$r@5$7$/F~$l$F$b4V0c$C$FF~$l$F$b(B 
"Permission denied." $B$HJV$9MM$K$7$^$7$?!#$3$l$K$h$jM-$kDxEY$O(B 
CPU $B%Q%o!<E*%"%?%C%/$+$i$O2sHr=PMh$k$H;W$$$^$9!#(B

  $B$3$NJU$j$O3F%5%$%H$N%]%j%7!<$NLdBj$G$7$g$&!#(Blogin $B%3%^%s%I$O(B passwd 
$BF~NO$G4V0c$C$?F~NO$r7+$jJV$9$HCJ!9JV;v$,5"$C$F$/$k$N$,CY$/$J$k$N$G$9(B
$B$,!"(Bslogin $B$O$=!<8@$&;v$bL5$$$N$G(B CPU $B%Q%o!<E*%"%?%C%/$K$O<e$$MM$J5$$b(B
$B$7$^$9$,$$$+$,$J%b%s$G$7$g$&$+!&!&!#(B

$B!t$=$b$=$b$J$<$3$&$$$C$?;EMM$K$7$F$$$k$+CN$C$F$$$kJ}$O$$$^$9$G$7$g$&$+!)(B

$B$?$+$N(B
---
   e-mail : takachan@running-dog.net
Home Page : http://www.running-dog.net/



*** sshd.c.ORG	Thu Jul  9 01:40:38 1998
--- sshd.c	Mon Feb 22 16:27:29 1999
***************
*** 2648,2655 ****
--- 2648,2660 ----
    if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1)
      {
        if (authentication_type == SSH_AUTH_PASSWORD)
+ /* root login error mesage changed by Takano 1999.02.22
  	packet_disconnect("ROOT LOGIN REFUSED FROM %.200s", 
  			  get_canonical_hostname());
+ */
+         packet_disconnect("Permission denied.",
+                           get_canonical_hostname());
+ 
      }
    else
      if (pw->pw_uid == UID_ROOT && options.permit_root_login == 0)
***************
*** 2657,2664 ****
--- 2662,2674 ----
  	if (forced_command)
  	  log_msg("Root login accepted for forced command.", forced_command);
  	else
+ /* root login error mesage changed by Takano 1999.02.22
  	  packet_disconnect("ROOT LOGIN REFUSED FROM %.200s", 
  			    get_canonical_hostname());
+ */
+           packet_disconnect("Permission denied.",
+                             get_canonical_hostname());
+ 
        }
  
  #if defined (__FreeBSD__) && defined (HAVE_LOGIN_CAP_H)
