Only first 8 characters of password are checked with ssh!

meulie

Hi all,

A problem on a box of mine here... When I ssh in only the first 8 characters of my password are checked. As long as those are correct, I get in (no matter what the 9th-nth character are that I enter...)

ssh seems to be the only authentication having this problem at the moment. When I for example use 'su', my entire password has to be correct...
_________________
Greetz,
Evert Meulie

DrWilken · Posted: Mon Dec 08, 2008 3:04 pm Post subject:

Are You using PAM authentication with SSH...?

Please post Your /etc/pam.d/sshd file and also Your /etc/ssh/sshd_config file...

Also try running this:

meulie · Posted: Mon Dec 08, 2008 6:41 pm Post subject:

/etc/pam.d/sshd:

DrWilken · Posted: Mon Dec 08, 2008 6:47 pm Post subject:

meulie · Posted: Fri Dec 19, 2008 11:53 am Post subject:

Anyone?

I would like my system as secure as possible, and this limited password check is not helping...

_________________
Greetz,
Evert Meulie

vaguy02 · Posted: Fri Dec 19, 2008 1:57 pm Post subject:

Are you using DES challenge-response for SSH? I vaguely remember something about DES C-R only accepting up to 8 characters but I could be wrong...... I will google a little bit and write back.
_________________
Linux Registered User #458185

Intel Quad-Core w/ 4gigs Ram w/ 8800 GTX - Windows 7 RC
2x (Intel Dual-Core w/ 2gigs Ram - Gentoo)
Mac G5 Dual-Core w/ 2gigs Ram - OS 10.5

vaguy02 · Posted: Fri Dec 19, 2008 2:01 pm Post subject:

Yep, DES only supports 8 characters.

meulie · Posted: Fri Dec 19, 2008 2:48 pm Post subject:

How do I make it more secure?
_________________
Greetz,
Evert Meulie

outermeasure · Posted: Sat Dec 20, 2008 3:41 am Post subject:

desultory · Bodhisattva Joined: 04 Nov 2005 Posts: 9410

Even better in addition.

meulie · Posted: Sat Dec 20, 2008 9:43 am Post subject:

What is the default/recommended config that ships with Gentoo nowadays?
_________________
Greetz,
Evert Meulie