-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
During the maintenance on December 6th, 2010 I switched the Toolserver SSH server from Sun SSH to OpenSSH. A difference in how OpenSSH uses PAM to authenticate users meant that after the change, users were able to log via SSH using their LDAP password, without using an SSH key. This error has now been fixed.
If you have no LDAP password set, or if you have a strong password[0], then this should not have affected you. However, if you had a weak or easily guessable password set, or if your LDAP password could have been compromised (e.g. if you wrote it down in plain text somewhere) then it's possible someone could have used it to gain access to your account.
In that case, I suggest you immediately change your password (via 'passwd'), then review your home directory to ensure no unauthorised changes have been made (e.g. new SSH keys added, or shell rc files changed). If you have sensitive data such as SSH or PGP keys on the Toolserver, you may wish to revoke them and issue new ones. (However, storing that kind of data on the Toolserver is probably a bad idea in any case.)
I'm very sorry for the inconvenience this issue might cause to users, and I will be reviewing our authentication configuration to reduce the chance of something like this happening in the future.
- river.
[0] Which is somewhat enforced by the LDAP password policy, but it's still possible to set a weak password if you try hard enough.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
In article slrnin7g7n.15f3.saper@saper.info, Marcin Cieslak saper@saper.info wrote:
If you have no LDAP password set, (...)
How do I find out if I have one? I don't remember I ever set this, or may be it was long ago.
Run setpass:
willow% setpass setpass: password already set setpass: use passwd(1) to change your password
- river.
River Tarnell wrote:
Hi,
During the maintenance on December 6th, 2010 I switched the Toolserver SSH server from Sun SSH to OpenSSH. A difference in how OpenSSH uses PAM to authenticate users meant that after the change, users were able to log via SSH using their LDAP password, without using an SSH key. This error has now been fixed.
If you have no LDAP password set, or if you have a strong password[0], then this should not have affected you. However, if you had a weak or easily guessable password set, or if your LDAP password could have been compromised (e.g. if you wrote it down in plain text somewhere) then it's possible someone could have used it to gain access to your account.
Wouldn't such login have been logged? Seems easy to find out if any account was accessed this way.
The line would look like: <date time> localhost sshd[12345]: Accepted password for user from 208.80.152.165 port 23456 ssh2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
In article 4D73DEC0.9030900@gmail.com, Platonides platonides@gmail.com wrote:
Wouldn't such login have been logged? Seems easy to find out if any account was accessed this way.
No, because the problem was introduced in December and we don't keep 3 months' worth of old logs around.
- river.
toolserver-l@lists.wikimedia.org