grsecurity forums

Hi,

I've tried a few iterations of kernel 2.4 (currently on 2.4.31) with different configs
for grsec all the way down to to the Low settings and everything seems to work except for SSH logins for child accounts (i.e. other than root).
This only happens on Redhat Enterprise AS3 apparently (our CentOS and Fedora boxes work perfect with the same kernel).

What's really strange is that it connects and seems to start to login but then the connection just closes:

osiris:~# ssh -l tsadmin 11.22.33.44
tsadmin@11.22.33.44's password:
Last login: Fri Jul 1 20:08:29 2005 from c-67-111-5-111.hsd1.il.comcast.net
Connection to 11.22.33.44 closed.
osiris:~#

(I've changed the real ip addresses obviously)
As you can see the password is accepted and it starts to login.
Even the secure log shows:
Jul 1 02:24:28 server1 sshd[8023]: Accepted password for tsadmin from 67.111.5.111 port 61788 ssh2

As I mentioned root login works perfectly though:

osiris:~# ssh -l root 11.22.33.44
root@11.22.33.44's password:
Last login: Fri Jul 1 15:22:17 2005 from
c-67-111-5-111.hsd1.il.comcast.net
root@server1 [~]#

This does not happen with a stock RHEL3 kernel, and the firewall is totally flushed.
Any insight is appreciated.

Are there any grsec logs?

-Brad

Hi brad,

Nope; grsec makes no log entries on this one.

Have you tried just a vanilla 2.4.31 kernel?

-Brad

yes , it causes no issues ....... except for the blazing security holes of course.

anybody else seen this?

TSJason wrote:anybody else seen this?

Try "UsePrivilegeSeparation no" in /etc/ssh/sshd_config

Hi,

This doesn't change the behavior at all.

Greetings,

I was feeling frisky so I installed module-init-tools and compiled 2.6.11.12 with grsec on a RHEL box, it also breaks non-root logins via ssh so it's definitely grsec doing this; I just don't know how! The vanilla 2.6.11.12 doesn't break anything.

Can you show me the output of an ssh -v to the machine?

-Brad