SGI: Security

No SSH banner when using PUTTY

Hello,

When I SSH from my Windows 10 system to my Irix 6.5.22 system using Putty (v0.67), I am not initially presented with a login banner. Instead, I'm asked for my username; after which, the login banner is presented (between the username and password prompts). This is the exact same behavior using Putty (v0.63) from my CentOS 6.8 system. The CLI ssh client (openssh-clients-5.3p1-118.1.el6_8.x86_64) is only slightly different in that it passes my username during session initialization but the banner is still presented between the username and password prompts.

It seems that the issue is likely on my Irix system. Any ideas on how to fix this?

Thanks!

Rob

Irix Host Information

Code: Select all

$ grep ^Banner /etc/openssh/sshd_config
Banner /etc/issue
$
$ cat /etc/issue
Irix 6.5.22

___..----'---`----..___
===================================_
`---.._______..---'.        -_ _  _______________
\ _______ (_||__)____________)
-_          _______\_____\
-________/

$
$ versions | grep -i ssh
I  openssh              10/19/2016  OpenSSH server and client tools for 6.5.22 and later, 3.6.1p2
I  openssh.man          10/12/2016  OpenSSH Online Documentation, 3.6.1p2
I  openssh.man.manpages 10/12/2016  OpenSSH man pages, 3.6.1p2
I  openssh.man.relnotes 10/12/2016  OpenSSH Release Notes, 3.6.1p2
I  openssh.sw           10/19/2016  OpenSSH execution only env, 3.6.1p2
I  openssh.sw.client    10/12/2016  OpenSSH Client Software, 3.6.1p2
I  openssh.sw.common    10/12/2016  OpenSSH Common Client/Server Software, 3.6.1p2
I  openssh.sw.server    10/19/2016  OpenSSH Server Software, 3.6.1p2
$
$ chkconfig | grep -i ssh
sshd                 on

$ ps -ef | grep -i ssh
root       1194          1  0 15:15:56 ?       0:00 /usr/sbin/sshd



SSH Client Debug

Code: Select all

[rob@localhost ~]$ ssh -v 172.16.0.4
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 172.16.0.4 [172.16.0.4] port 22.
debug1: Connection established.
debug1: identity file /home/rob/.ssh/identity type -1
debug1: identity file /home/rob/.ssh/identity-cert type -1
debug1: identity file /home/rob/.ssh/id_rsa type -1
debug1: identity file /home/rob/.ssh/id_rsa-cert type -1
debug1: identity file /home/rob/.ssh/id_dsa type -1
debug1: identity file /home/rob/.ssh/id_dsa-cert type -1
debug1: identity file /home/rob/.ssh/id_ecdsa type -1
debug1: identity file /home/rob/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '172.16.0.4' is known and matches the RSA host key.
debug1: Found key in /home/rob/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
Irix 6.5.22

___..----'---`----..___
===================================_
`---.._______..---'.        -_ _  _______________
\ _______ (_||__)____________)
-_          _______\_____\
-________/

debug1: Authentications that can continue: publickey,password,keyboard-interacti                                                                             ve
debug1: Next authentication method: publickey
debug1: Trying private key: /home/rob/.ssh/identity
debug1: Trying private key: /home/rob/.ssh/id_rsa
debug1: Trying private key: /home/rob/.ssh/id_dsa
debug1: Trying private key: /home/rob/.ssh/id_ecdsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interacti                                                                             ve
debug1: Next authentication method: password
[email protected]'s password:
Rob Ramsey
USAF Academy, CO
Security+, Network+, A+, Server+, Linux+, Project+,
CEH, CCNA, CCNA Security, CCNP, RHCSA, SCSA, ITILv3
:Indigo2IMP: R10k@195Mhz w/SolidIMPACT & 256MB RAM
:Indigo2IMP: R4400@250Mhz w/GU1-Extreme & 128MB RAM
Perhaps it's objecting to your heathen choice of the Enterprise-D over, say, the TOS version?
Computers: Amiga 1200, DEC VAXStation 4000/60, DEC MicroPDP-11/73
Synthesizers: Roland JX-10/SH-09/HS-80/MT-32/D-50, Yamaha DX7-II/V50/TX7/TG33/FB-01, Korg MS-20 Mini/ARP Odyssey/DW-8000/M1, Ensoniq SQ-80, E-mu Emax HD/Proteus-2, Casio CZ-5000, Moog Satellite, Sequential Circuits Prophet-600
So, I named my SGI system Picard and my Sun Ultra 5 system Kirk. Both good ships with good captains. For sure, there are worse choices: Janeway, Sisko, and Archer!
Rob Ramsey
USAF Academy, CO
Security+, Network+, A+, Server+, Linux+, Project+,
CEH, CCNA, CCNA Security, CCNP, RHCSA, SCSA, ITILv3
:Indigo2IMP: R10k@195Mhz w/SolidIMPACT & 256MB RAM
:Indigo2IMP: R4400@250Mhz w/GU1-Extreme & 128MB RAM
Ugh, Archer. Sterling Archer of the cartoon series would be more fit to command a starship.

Actually, hold that thought, I need to find someone to deliver a pitch to.
Computers: Amiga 1200, DEC VAXStation 4000/60, DEC MicroPDP-11/73
Synthesizers: Roland JX-10/SH-09/HS-80/MT-32/D-50, Yamaha DX7-II/V50/TX7/TG33/FB-01, Korg MS-20 Mini/ARP Odyssey/DW-8000/M1, Ensoniq SQ-80, E-mu Emax HD/Proteus-2, Casio CZ-5000, Moog Satellite, Sequential Circuits Prophet-600
Hello,

I found another peculiar issue with SSH logins... I'm permitted to log into my SGI via SSH as root even though my /etc/openssh/sshd_config shows "PermitRootLogin no" and my /etc/default/login shows "CONSOLE=/dev/console". Does the Irix default version of SSH not use the /etc/default/login file?

Irix 6.5.22 - sshd_config MAN page:

Code: Select all

PermitRootLogin

Specifies whether root can login using ssh(1).  The argument must be "yes", "without-password", "forced-commands-only" or "no".  The default is "yes".

If this option is set to "without-password" password authentication is disabled for root.

If this option is set to "forced-commands-only" root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for taking remote backups even if root login is normally not allowed). All other authentication methods are disabled for root.

If this option is set to "no" root is not allowed to login.
Rob Ramsey
USAF Academy, CO
Security+, Network+, A+, Server+, Linux+, Project+,
CEH, CCNA, CCNA Security, CCNP, RHCSA, SCSA, ITILv3
:Indigo2IMP: R10k@195Mhz w/SolidIMPACT & 256MB RAM
:Indigo2IMP: R4400@250Mhz w/GU1-Extreme & 128MB RAM
Interesting - perhaps you have more then one version of SSH installed on the system and the wrong sshd is running?
"Apollo was astonished, Dionysus thought me mad."
:Octane: :Octane: :O2: