ssh/C2 problems (partially) solved on Digital Unix

From: lombardi emanuele <lele_at_mantegna.casaccia.enea.it>
Date: Tue, 27 Oct 1998 17:06:51 +0100 (MET)

Hi to all of you ssh-ers & alphers!

I'm using ssh 1.2.26 on my alphas running Digital Unix 4.0d (patch 2)
and Enhanced Security (C2).

You know that with C2 when you log-in you are
told when the last succesfull login and the last unsuccesfull
login occured. Another important characteristics is that you can assign
each user login shell some usefull characteristics (NICE value is among
them)

Since it is clear
        (now to me too, thanks to
                Martin Mokrejs <mmokrejs_at_natur.cuni.cz>
                Richard L Jackson Jr <rjackson_at_gmu.edu>
                Jonathan Burelbach <jburelba_at_eos.nih.gov>
                Atro Tossavainen <atossava_at_cc.helsinki.fi>
                John Speno <speno_at_isc.upenn.edu>
        )
that ssh is not C2 compliant, I'm trying to bypass this problem
configuring ssh in this way:
        ./configure --with-login=/usr/bin/login
so that the actual login is made using /usr/bin/login which uses C2.

1) I found a missing line in sshd.c
   Reguardless of any value of USELOGIN
   (descending from the --with-login switch)
   the value of options.use_login is always set to 0 .
   At about line 3226 of sshd.c I got

        #ifndef USELOGIN
          options.use_login = 0;
        #endif /* USELOGIN */

    It is necessary to set options.use_login before that.

        options.use_login = 1;
        #ifndef USELOGIN
          options.use_login = 0;
        #endif /* USELOGIN */

2) Having made the above change then making again gives the proper
   sshd because it now executes the following code when logging-in:

        #ifdef USELOGIN
               else
                {
                  execl(PATH_LOGIN, "login", "-h", remote_ip, "-p", "-f",
                    "--", user_name, NULL);
                  /* NOTREACHED */
                }
        #endif /* USELOGIN */

3) So I did what I wanted to: being in a C2 environment while using ssh !!

   a) My login shell HAS the NICE value which was given to it by
      dxaccounts;
   b) when loggin I'm told when happened the last succesfull &
      unsuccesfull login,
   c) the logins are properly audited by auditd .....

   .... BUT....

   ...But there are problems opening X11 connections: I'm not any more
   able to open them !!

X11 connection rejected because of wrong authentication at Tue Oct 27 17:00:36 1998.
a
Rejected connection at Tue Oct 27 17:00:36 1998: X11 connection from botticelli.casaccia.enea.it port 2561
X connection to botticelli.casaccia.enea.it:11.0 broken (explicit kill or server shutdown).


Can anybody help me in solving the X11 problem and/or suggesting any other ideas
about the ssh/C2 topic ?

After my signature there is the log reguarding the X11 error.

thank you very much,
Greetings from Italy,

Emanuele

-- 
 Emanuele Lombardi
 mail:  AMB-GEM-CLIM ENEA Casaccia
        I-00060 S.M. di Galeria (RM)  ITALY
 mailto:lele_at_mantegna.casacica.enea.it
 tel	+39 6 30483366 fax	+39 6 30483591
     This transmission was made possible by 100% recycled electrons.
-------------------------------------------------------------------------------------------------
   Here what it happens executing ssh from the machine named mantegna to
    the machine named botticelli which runs my new sshd.
botticelli:
sshd -d
	debug: sshd version 1.2.26 [alpha-dec-osf4.0]
	log: OSF/1: security level : C2
	debug: Initializing random number generator; seed file /etc/ssh_random_seed
	log: Server listening on port 22.
	log: Generating 768 bit RSA key.
	Generating p:  ...........................++ (distance 514)
	Generating q:  ....++ (distance 74)
	Computing the keys...
	Testing the keys...
	Key generation complete.
	log: RSA key generation complete.
mantegna:
echo $DISPLAY 
	mantegna.casaccia.enea.it:12.0 
ssh -v botticelli
	SSH Version 1.2.26 [alpha-dec-osf4.0], protocol version 1.5.
	Standard version.  Does not use RSAREF.
	mantegna: Reading configuration data /etc/ssh_config
	mantegna: ssh_connect: getuid 1001 geteuid 0 anon 0
	mantegna: Connecting to botticelli [192.107.71.111] port 22.
	mantegna: Allocated local port 1020.
	mantegna: Connection established.
	mantegna: Remote protocol version 1.5, remote software version 1.2.26
	mantegna: Waiting for server public key.
	mantegna: Received server public key (768 bits) and host key (1024 bits).
	mantegna: Host 'botticelli' is known and matches the host key.
	mantegna: Initializing random; seed file /usr/users/lele/.ssh/random_seed
	mantegna: Encryption type: idea
	mantegna: Sent encrypted session key.
	mantegna: Installing crc compensation attack detector.
	mantegna: Received encrypted confirmation.
	mantegna: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
	mantegna: Remote: Accepted by .shosts.
	mantegna: Received RSA challenge for host key from server.
	mantegna: Sending response to host key RSA challenge.
	mantegna: Remote: Rhosts with RSA host authentication accepted.
	mantegna: Rhosts or /etc/hosts.equiv with RSA host authentication accepted by server.
	mantegna: Requesting pty.
	mantegna: Requesting X11 forwarding with authentication spoofing.
	mantegna: Requesting shell.
	mantegna: Entering interactive session.
	Environment:
	  SSH_CLIENT=192.107.71.51 1020 22
	  SSH_TTY=/dev/ttyp0
	  TERM=xterm
	  DISPLAY=botticelli.casaccia.enea.it:11.0
	  REMOTEUSER=lele
	Last   successful login for lele: Tue Oct 27 16:16:42 1998 from 192.107.71.51
	Last unsuccessful login for lele: Tue Oct 27 12:09:53 1998 on ttyp8
	Digital UNIX V4.0D  (Rev. 878); Wed Aug 26 11:43:19 MET DST 1998 
botticelli:
	debug: Server will not fork when running in debugging mode.
	log: Connection from 192.107.71.51 port 1020
	debug: Client protocol version 1.5; client software version 1.2.26
	debug: Sent 768 bit public key and 1024 bit host key.
	debug: Encryption type: idea
	debug: Received session key; encryption turned on.
	debug: Installing crc compensation attack detector.
	debug: Attempting authentication for lele.
	debug: Trying rhosts with RSA host authentication for lele
	debug: Rhosts RSA authentication: canonical host mantegna
	log: Rhosts with RSA host authentication accepted for lele, lele on mantegna.
	debug: Allocating pty.
	debug: Received request for X11 forwarding with auth spoofing.
	debug: bind port 6010: Address already in use
	debug: Allocated channel 0 of type 1.
	debug: Forking shell.
	debug: Entering interactive session.
	debug: Setting controlling tty using TIOCSCTTY.
mantegna:
xterm
	mantegna: Received X11 open request.
	mantegna: Allocated channel 0 of type 9.
	mantegna: Sending open confirmation to the remote host.
	mantegna: X11 auth data does not match fake data.
	X11 connection rejected because of wrong authentication at Tue Oct 27 16:18:16 1998.
	a
	Rejected connection at Tue Oct 27 16:18:16 1998: X11 connection from botticelli.casaccia.enea.it port 2549
	mantegna: Channel 0 closes incoming data stream.
	mantegna: Channel 0 closes outgoing data stream.
	mantegna: Channel 0 sends oclosed.
	mantegna: Channel 0 sends ieof.
	mantegna: Channel 0 receives input eof.
	mantegna: X problem fix: close the other direction.
	mantegna: Channel 0 receives output closed.
	mantegna: Channel 0 terminates.
	X connection to botticelli.casaccia.enea.it:11.0 broken (explicit kill or server shutdown).
botticelli:
	debug: X11 connection requested.
	log: fwd X11 connect from botticelli.casaccia.enea.it
	debug: Allocated channel 1 of type 3.
	debug: Received channel open confirmation.
	debug: Channel now open, status bits 0
	debug: Received channel close confirmation.
	debug: Channel 1 receives output closed.
	debug: Channel 1 closes incoming data stream.
	debug: Channel 1 sends ieof.
	debug: Received channel close.
	debug: Channel 1 receives input eof.
	debug: X problem fix: close the other direction.
	debug: Channel 1 closes outgoing data stream.
	debug: Channel 1 sends oclosed.
	debug: Channel 1 terminates.

Received on Tue Oct 27 1998 - 16:09:57 NZDT