Password that contains ! - SSH

This is a discussion on Password that contains ! - SSH ; A friend of mine is using password authentication with ssh and his password ends with an "!" (exclamation mark). He accidentally left it of but ssh still authenticated him. So I tried adding an ! when prompted for my password ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Password that contains !

  1. Password that contains !

    A friend of mine is using password authentication with ssh and his
    password ends with an "!" (exclamation mark). He accidentally left it of
    but ssh still authenticated him. So I tried adding an ! when prompted
    for my password and it authenticated me too, even though there is no !
    in my password. Is this a bug?
    --
    To reply by email remove "_nospam"

  2. Re: Password that contains !

    > A friend of mine is using password authentication with ssh and his
    > password ends with an "!" (exclamation mark). He accidentally left it of
    > but ssh still authenticated him. So I tried adding an ! when prompted
    > for my password and it authenticated me too, even though there is no !
    > in my password. Is this a bug?


    What version of OpenSSH and OpenSSL are you using, also what platform
    are you seeing this on. I CANNOT reproduce this on my machines using:
    OpenSSH_4.2p1 and OpenSSL 0.9.7i on GNU/Linux 2.6.15 on AMD64.

    -Ben

  3. Re: Password that contains !

    Ben Carr wrote:
    >> A friend of mine is using password authentication with ssh and his
    >> password ends with an "!" (exclamation mark). He accidentally left it of
    >> but ssh still authenticated him. So I tried adding an ! when prompted
    >> for my password and it authenticated me too, even though there is no !
    >> in my password. Is this a bug?

    >
    > What version of OpenSSH and OpenSSL are you using, also what platform
    > are you seeing this on. I CANNOT reproduce this on my machines using:
    > OpenSSH_4.2p1 and OpenSSL 0.9.7i on GNU/Linux 2.6.15 on AMD64.
    >
    > -Ben


    The server in question is running Solaris 8 and ssh -v returns the
    following...

    OpenSSH_3.9p1-lofix, OpenSSL 0.9.7d 17 Mar 2004

    The clients are all different but exhibit the same behavior.

    OpenSSH_4.3p1, OpenSSL 0.9.8a 11 Oct 2005
    Putty 0.58
    WinSCP 3.8.0


    --
    To reply by email remove "_nospam"

  4. Re: Password that contains !

    Chuck said:
    >A friend of mine is using password authentication with ssh and his
    >password ends with an "!" (exclamation mark). He accidentally left it of
    >but ssh still authenticated him. So I tried adding an ! when prompted
    >for my password and it authenticated me too, even though there is no !
    >in my password. Is this a bug?


    Hmm.. could it be that the exclamation mark is the 9th character
    in your password? If so, this'd mean the system is configured with
    a password store that supports only 8-character passwords.
    --
    Wolf a.k.a. Juha Laiho Espoo, Finland
    (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
    PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
    "...cancel my subscription to the resurrection!" (Jim Morrison)

  5. Re: Password that contains !

    Juha Laiho wrote:
    > Chuck said:
    >> A friend of mine is using password authentication with ssh and his
    >> password ends with an "!" (exclamation mark). He accidentally left it of
    >> but ssh still authenticated him. So I tried adding an ! when prompted
    >> for my password and it authenticated me too, even though there is no !
    >> in my password. Is this a bug?

    >
    > Hmm.. could it be that the exclamation mark is the 9th character
    > in your password? If so, this'd mean the system is configured with
    > a password store that supports only 8-character passwords.


    I think you hit the nail on the head. Both of our passwords happened to
    be 8 characters (without the !). After a few more tests, the server
    appers to be ignoring everything from position 9 on.

    --
    To reply by email remove "_nospam"

  6. Re: Password that contains !

    Chuck wrote:
    > I think you hit the nail on the head. Both of our passwords happened to
    > be 8 characters (without the !). After a few more tests, the server
    > appers to be ignoring everything from position 9 on.


    The DES encryption scheme used for passwords only handles 8 characters.
    There's no supported way to change that on Solaris 8. You'd need to go
    to at least Solaris 9.

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

  7. Re: Password that contains !

    Chuck writes:

    >A friend of mine is using password authentication with ssh and his
    >password ends with an "!" (exclamation mark). He accidentally left it of
    >but ssh still authenticated him. So I tried adding an ! when prompted
    >for my password and it authenticated me too, even though there is no !
    >in my password. Is this a bug?


    I suspect that you are using unix passwords and have a password of max
    length 8 characters. If that is true then any more are simply truncated.

    That is why you wnat to use the BSD/MD5 enhanced passwords, not the unix passwords on
    your system.
    (Look at /etc/shadow. The unix passwords have 13 characters. The BSD
    contain 34 and start with $1 in /etc/shadow.




+ Reply to Thread