Community discussions

 
Fumi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Fri Jul 28, 2006 10:12 am

3.22 x86 ssh bug?

Mon Mar 30, 2009 12:08 pm

Hi Tikpeople!

I try ssh login with user password length >= 32 chars and don't work! (x86 arch)
Is a bug?


-----


If I disable ftp privilege from group user this bug not occur, only if privilege ftp is enabled. :shock:

With wrong password returns me:

admin@192.168.1.1's password:
Permission denied, please try again.

With correct passwords returns me:

admin@192.168.1.1's password:
Login failed, incorrect username or password

Login:

I belive that's a privileges error.
 
User avatar
taglio
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Wed Nov 12, 2008 4:55 pm
Location: 34T, Barcelona, Spain

Re: 3.22 x86 ssh bug?

Mon Mar 30, 2009 1:04 pm

I can confirm this bug. The system is a 3.22 mikrotik on a Pc Engines alix6b2 board.
 
/user set system password=01234567890123456789012345678901

/user pr detail 
Flags: X - disabled 
 0   ;;; system default user
     name="system" group=full address=0.0.0.0/0

/user group pr detail 
 0 name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,
                    sniff,!ftp,!write,!policy 

 1 name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password,
                     web,sniff,!ftp,!policy 

 2 name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,
                    password,web,sniff 

Setting the password to 32char i cannot login with ssh [telnet,winbox,mac-telnet yes i can] with user system:
system@192.168.1.10's password:
Login failed, incorrect username or password

echo: system,error,critical login failure for user system from 192.168.1.217 via
 ssh
echo: system,error,critical login failure for user  from 192.168.1.217 via ssh
Please look at the last line of the log.... there isn't the name of the user.
.mhavoc world
 
Fumi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Fri Jul 28, 2006 10:12 am

Re: 3.22 x86 ssh bug?

Wed Apr 01, 2009 11:28 am

Anyone else have the same problem?
It's strange... :shock:
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: 3.22 x86 ssh bug?

Wed Apr 01, 2009 11:31 am

we will look at this. but why such long password ? :)
No answer to your question? How to write posts
 
Fumi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Fri Jul 28, 2006 10:12 am

Re: 3.22 x86 ssh bug?

Wed Apr 01, 2009 11:49 am

For security reasons. It's a client requeriment.

Thanks a lot!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: 3.22 x86 ssh bug?

Wed Apr 01, 2009 11:52 am

I think it's much more secure to use certificates:
http://www.mikrotik.com/testdocs/ros/3.0/admin/ssh.php
No answer to your question? How to write posts
 
Fumi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Fri Jul 28, 2006 10:12 am

Re: 3.22 x86 ssh bug?

Wed Apr 01, 2009 12:20 pm

Sure! that's more secure!! :D but only I need large passwords

Thanks
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: 3.22 x86 ssh bug?

Thu Apr 02, 2009 12:17 pm

to be honest - it does not make any sense first you say, that you need very very safe and secure, so you are using password, when you have more secure option - you say, you do not need that and you need less secure solution. Make your mind - what you need, more secure - use certificate, less secure - password. and in last case any password longer than 32 symbols does not make sense, ask any security expert out there about "feature" where password is longer than that.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: 3.22 x86 ssh bug?

Thu Apr 02, 2009 12:22 pm

1. We will investigate why SSH doesn't work with long passwords, don't worry about that.

2. I think such long password is not possible to remember, and user will be forced to write it down somewhere, decreasing security ~-0 :)
No answer to your question? How to write posts
 
Fumi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Fri Jul 28, 2006 10:12 am

Re: 3.22 x86 ssh bug?

Fri Apr 03, 2009 11:56 am

Yes it's difficult to remember the password but it's my client requeriment... :shock:

But this is a bug and I think it's a error in privileges control. With ftp privilege disabled then works perfect.

Normis, to report other critical error, which mail I have to write?

Sorry for my english...
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: 3.22 x86 ssh bug?

Fri Apr 03, 2009 11:58 am

write to support with steps how to reproduce the bug
No answer to your question? How to write posts
 
Fumi
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Fri Jul 28, 2006 10:12 am

Re: 3.22 x86 ssh bug?

Mon Apr 27, 2009 11:10 am

Ssh bug (x86 arch) still in v3.23.

Any news?

Thanks

Who is online

Users browsing this forum: No registered users and 87 guests