Wireshark-users: Re: [Wireshark-users] Clue on sshdump w/special characters in passwords
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Fri, 31 Jul 2020 13:33:54 +0200
Hi, I recon ‘X’ is not a special character, so what did you consider special in this context? Thanks, Jaap > On 30 Jul 2020, at 22:38, Jason Lixfeld <jason+wireshark@xxxxxxxxxx> wrote: > > Hi, > > I’m wondering if anyone has some clue on a sshdump GUI oddity. The attempt to start the sshdump always seems to result in an authentication failure when a special character is used in the password: > > Error by extcap pipe: > ** (process:27640): WARNING **: Error creating connection. > > ** (process:27640): WARNING **: Can't find a valid authentication. Disconnecting. > > jlixfeld@BlackBox Desktop % more wireshark-debug.txt > cmdline: /Applications/Wireshark.app/Contents/MacOS/extcap/sshdump --capture --extcap-interface sshdump --fifo /var/folders/ht/pffb_rd133jd1x12w50hdzcr0000gn/T//wireshark_extcap_sshdump_20200730163607_gRRHD2 --remote-capture-command bash /sbin/tcpdump -i mirror0 -w - --debug-file /Users/jlixfeld/Desktop/wireshark-debug.txt --remote-host 192.168.57.108 --remote-port 22 --remote-password XXXXXXXXXX --remote-username jlixfeld --debug > [ssh_connect] ssh_connect: libssh 0.9.0 (c) 2003-2019 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread > [ssh_socket_connect] ssh_socket_connect: Nonblocking connection socket: 5 > [ssh_connect] ssh_connect: Socket connecting, now waiting for the callbacks to work > [socket_callback_connected] socket_callback_connected: Socket connection callback: 1 (0) > [ssh_client_connection_callback] ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_7.8 > [ssh_analyze_banner] ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_7.8 > [ssh_analyze_banner] ssh_analyze_banner: We are talking to an OpenSSH client version: 7.8 (70800) > [ssh_known_hosts_read_entries] ssh_known_hosts_read_entries: Failed to open the known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory > [ssh_kex_select_methods] ssh_kex_select_methods: Negotiated curve25519-sha256@xxxxxxxxxx,ecdsa-sha2-nistp521,aes256-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,none,none,, > [ssh_init_rekey_state] ssh_init_rekey_state: Set rekey after 4294967296 blocks > [ssh_init_rekey_state] ssh_init_rekey_state: Set rekey after 4294967296 blocks > [ssh_packet_client_curve25519_reply] ssh_packet_client_curve25519_reply: SSH_MSG_NEWKEYS sent > [ssh_packet_newkeys] ssh_packet_newkeys: Received SSH_MSG_NEWKEYS > [ssh_packet_newkeys] ssh_packet_newkeys: Signature verified and valid > [ssh_agent_get_ident_count] ssh_agent_get_ident_count: Answer type: 12, expected answer: 12 > [ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: Error opening /Users/jlixfeld/.ssh/id_ed25519.pub: No such file or directory > [ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error opening /Users/jlixfeld/.ssh/id_ed25519: No such file or directory > [ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: Error opening /Users/jlixfeld/.ssh/id_ecdsa.pub: No such file or directory > [ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error opening /Users/jlixfeld/.ssh/id_ecdsa: No such file or directory > [ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey,keyboard-interactive > [ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can continue: publickey,keyboard-interactive > [ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: Error opening /Users/jlixfeld/.ssh/id_dsa.pub: No such file or directory > [ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error opening /Users/jlixfeld/.ssh/id_dsa: No such file or directory > [ssh_userauth_publickey_auto] ssh_userauth_publickey_auto: Tried every public key, none matched > [ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access denied for 'password'. Authentication that can continue: publickey,keyboard-interactive > [ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access denied for 'password'. Authentication that can continue: publickey,keyboard-interactive > jlixfeld@BlackBox Desktop % > > Is there some magic required to use special characters in passwords? > > macOS Catalina > Wireshark 3.0.12 > > Thanks in advance!
- Follow-Ups:
- Re: [Wireshark-users] Clue on sshdump w/special characters in passwords
- From: Jason Lixfeld
- Re: [Wireshark-users] Clue on sshdump w/special characters in passwords
- References:
- [Wireshark-users] Clue on sshdump w/special characters in passwords
- From: Jason Lixfeld
- [Wireshark-users] Clue on sshdump w/special characters in passwords
- Prev by Date: [Wireshark-users] Clue on sshdump w/special characters in passwords
- Next by Date: Re: [Wireshark-users] Clue on sshdump w/special characters in passwords
- Previous by thread: [Wireshark-users] Clue on sshdump w/special characters in passwords
- Next by thread: Re: [Wireshark-users] Clue on sshdump w/special characters in passwords
- Index(es):