Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
SSH Server and Hash algorithms
42 views
Skip to first unread message
alexm
Jun 5, 2012, 12:07:40 PM6/5/12
to
I have a Centos 6.2 server freshly updated. It is authenticating
against an Ldap server, and I am having an issue with the hashing
algorithms being used by various utilities and servers.
First of all:
authconfig --test | grep hashing
password hashing algorithm is sha512
However, when I change a password using the passwd command, I see the
following:
smbldap-usershow al...@domain.com
dn: uid=al...@domain.com,ou=domain,o=ndtc
uid: al...@domain.com
cn: Alex M
mail: al...@domain.com
...
userPassword: {crypt}$1$kxH/MHL7$.51e8u0CooCalDaXsHSKD/
Crypt? OK, well, it's a crypt (MD5) password even though authconfig
says it'll be using sha512... But, I can log in using sshd.
Now, if I change the password using the smbpasswd utility, and rerun
the smbldap-usershow command:
dn: uid=al...@domain.com,ou=domain,o=ndtc
uid: al...@domain.com
cn: Alex
mail: al...@domain.com
...
userPassword: {SSHA}UGRSbhcFL0qLRdj6yWvqRidZPfIiBPYb
OK, now it's an SSHA (sha512) hash! BUT, I can no longer ssh to the server!
WTF??? Anyone have any insights into what I am missing here, and more
importantly, how I can fix it? I'd obviously rather use SSHA than
Crypt...
TIA!
Alex
against an Ldap server, and I am having an issue with the hashing
algorithms being used by various utilities and servers.
First of all:
authconfig --test | grep hashing
password hashing algorithm is sha512
However, when I change a password using the passwd command, I see the
following:
smbldap-usershow al...@domain.com
dn: uid=al...@domain.com,ou=domain,o=ndtc
uid: al...@domain.com
cn: Alex M
mail: al...@domain.com
...
userPassword: {crypt}$1$kxH/MHL7$.51e8u0CooCalDaXsHSKD/
Crypt? OK, well, it's a crypt (MD5) password even though authconfig
says it'll be using sha512... But, I can log in using sshd.
Now, if I change the password using the smbpasswd utility, and rerun
the smbldap-usershow command:
dn: uid=al...@domain.com,ou=domain,o=ndtc
uid: al...@domain.com
cn: Alex
mail: al...@domain.com
...
userPassword: {SSHA}UGRSbhcFL0qLRdj6yWvqRidZPfIiBPYb
OK, now it's an SSHA (sha512) hash! BUT, I can no longer ssh to the server!
WTF??? Anyone have any insights into what I am missing here, and more
importantly, how I can fix it? I'd obviously rather use SSHA than
Crypt...
TIA!
Alex
spazza
Jun 5, 2012, 1:35:39 PM6/5/12
to
Il 05/06/2012 18.07, alexm ha scritto:
> ...
> userPassword: {SSHA}UGRSbhcFL0qLRdj6yWvqRidZPfIiBPYb
>
> OK, now it's an SSHA (sha512) hash! BUT, I can no longer ssh to the server!
It is a Salted SHA-1, not a SHA512.
> ...
> userPassword: {SSHA}UGRSbhcFL0qLRdj6yWvqRidZPfIiBPYb
>
> OK, now it's an SSHA (sha512) hash! BUT, I can no longer ssh to the server!
I dont know if it matter for your problem.
alexm
Jun 5, 2012, 2:42:07 PM6/5/12
to
On 2012-06-05 17:35:39 +0000, spazza said:
> It is a Salted SHA-1, not a SHA512.
> I dont know if it matter for your problem.
Curiouser and curiouser...
> It is a Salted SHA-1, not a SHA512.
> I dont know if it matter for your problem.
0 new messages