Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

gssapi vs. gssapi-with-mic in 4.2p1

from [ms419] Network Security [Permanent Link]
Subject: gssapi vs. gssapi-with-mic in 4.2p1
Date: Sun, 6 Nov 2005 18:28:25 -0800 
I'm struggling to ssh between OS X & Linux using GSSAPI authentication

OS X is 10.3.9, OpenSSH_3.6.1p1+CAN-2004-0175

Linux is Debian, OpenSSH_4.2p1

After some reading, I gather OS X ssh supports only the insecure "gssapi" method - & ssh 4.2p1 supports only the new "gssapi-with-mic" method

- but I can ssh from Linux -> OS X using GSSAPI - only not OS X -> Linux

Does this mean the ssh 4.2 client supports the insecure "gssapi" method, though the server does not?


linux% ssh -v osx
OpenSSH_4.2p1 Debian-5, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /home/jablko/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to osx [192.168.179.9] port 22.
debug1: Connection established.
debug1: identity file /home/jablko/.ssh/identity type -1
debug1: identity file /home/jablko/.ssh/id_rsa type -1
debug1: identity file /home/jablko/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p1+CAN-2004-0175
debug1: match: OpenSSH_3.6.1p1+CAN-2004-0175 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1 Debian-5
debug1: Offering GSSAPI proposal: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-A/ vxljAEU54gt9a48EiANQ==
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: Calling gss_init_sec_context
debug1: Delegating credentials
debug1: Received GSSAPI_COMPLETE
debug1: Calling gss_init_sec_context
debug1: Delegating credentials
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: gssapi,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi
debug1: Delegating credentials
debug1: Delegating credentials
debug1: Authentication succeeded (gssapi).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
Welcome to Darwin!


[osx:~] jablko% ssh -v linux
OpenSSH_3.6.1p1+CAN-2004-0175, SSH protocols 1.5/2.0, OpenSSL 0x0090707f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to linux [192.168.179.246] port 22.
debug1: Connection established.
debug1: identity file /home/jablko/.ssh/identity type -1
debug1: identity file /home/jablko/.ssh/id_rsa type -1
debug1: identity file /home/jablko/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1 Debian-5
debug1: match: OpenSSH_4.2p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p1+CAN-2004-0175
debug1: Mechanism encoded as toWM5Slw5Ew8Mqkay+al2g==
debug1: Mechanism encoded as A/vxljAEU54gt9a48EiANQ==
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'linux' is known and matches the RSA host key.
debug1: Found key in /home/jablko/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyx,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/jablko/.ssh/identity
debug1: Trying private key: /home/jablko/.ssh/id_rsa
debug1: Trying private key: /home/jablko/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • gssapi vs. gssapi-with-mic in 4.2p1, ms419 <=
Previous by Date:  Re: passwordless login with heimdal (kerberos) on openssh 4.2p1, Flo Gleixner
Next by Date:  FW: ECCN and CCATS#, Deirdre Fitzgerald (AT/LMI)
Previous by Thread:  Re: passwordless login with heimdal (kerberos) on openssh 4.2p1, Flo Gleixner
Next by Thread:  FW: ECCN and CCATS#, Deirdre Fitzgerald (AT/LMI)
Indexes:  [Date] [Thread] [Top] [All Lists]