[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] Clue on sshdump w/special characters in passwords
From: Jason Lixfeld <jason+wireshark () lixfeld ! ca>
Date: 2020-07-31 14:31:24
Message-ID: 2A0523C2-26AB-4051-812E-8A01C2CABB64 () lixfeld ! ca
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Although this particular example wasn't on the command line, I tried it on the \
command line previously, both quoted and escaped, neither seemed to work.
I will open a bug report. Thank you.
> On Jul 31, 2020, at 10:28 AM, Jeff Morriss <jeff.morriss.ws@gmail.com> wrote:
>
> If this reflects what was actually sent on the command line:
> --remote-password XXXXXXXXXX
>
> then it sounds like a quoting problem to me. That is, it should be:
> --remote-password "XXXXXXXXX"
>
> I'd suggest opening a bug report: https://bugs.wireshark.org \
> <https://bugs.wireshark.org/>
> On Fri, Jul 31, 2020 at 7:49 AM Jason Lixfeld <jason+wireshark@lixfeld.ca \
> <mailto:jason%2Bwireshark@lixfeld.ca>> wrote: Hi,
>
> No, ‘X' is what the debug logger obfuscates the password to. A special character \
> could be, for example, one that is returned when you hold shift and hit one of the \
> top row of numbers on your keyboard (US layout).
> Sent from a mobile device
>
> > On Jul 31, 2020, at 7:34 AM, Jaap Keuter <jaap.keuter@xs4all.nl \
> > <mailto:jaap.keuter@xs4all.nl>> wrote:
> > Hi,
> >
> > I recon ‘X' is not a special character, so what did you consider special in \
> > this context?
> > Thanks,
> > Jaap
> >
> > > On 30 Jul 2020, at 22:38, Jason Lixfeld <jason+wireshark@lixfeld.ca \
> > > <mailto:jason%2Bwireshark@lixfeld.ca>> wrote:
> > > Hi,
> > >
> > > I'm wondering if anyone has some clue on a sshdump GUI oddity. The attempt to \
> > > start the sshdump always seems to result in an authentication failure when a \
> > > special character is used in the password:
> > > Error by extcap pipe:
> > > ** (process:27640): WARNING **: Error creating connection.
> > >
> > > ** (process:27640): WARNING **: Can't find a valid authentication. \
> > > Disconnecting.
> > > jlixfeld@BlackBox Desktop % more wireshark-debug.txt
> > > cmdline: /Applications/Wireshark.app/Contents/MacOS/extcap/sshdump --capture \
> > > --extcap-interface sshdump --fifo \
> > > /var/folders/ht/pffb_rd133jd1x12w50hdzcr0000gn/T//wireshark_extcap_sshdump_20200730163607_gRRHD2 \
> > > --remote-capture-command bash /sbin/tcpdump -i mirror0 -w - --debug-file \
> > > /Users/jlixfeld/Desktop/wireshark-debug.txt --remote-host 192.168.57.108 \
> > > --remote-port 22 --remote-password XXXXXXXXXX --remote-username jlixfeld \
> > > --debug [ssh_connect] ssh_connect: libssh 0.9.0 (c) 2003-2019 Aris \
> > > Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the \
> > > LGPL, please refer to COPYING file for information about your rights, using \
> > > threading threads_pthread [ssh_socket_connect] ssh_socket_connect: Nonblocking \
> > > connection socket: 5 [ssh_connect] ssh_connect: Socket connecting, now waiting \
> > > for the callbacks to work [socket_callback_connected] \
> > > socket_callback_connected: Socket connection callback: 1 (0) \
> > > [ssh_client_connection_callback] ssh_client_connection_callback: SSH server \
> > > banner: SSH-2.0-OpenSSH_7.8 [ssh_analyze_banner] ssh_analyze_banner: Analyzing \
> > > banner: SSH-2.0-OpenSSH_7.8 [ssh_analyze_banner] ssh_analyze_banner: We are \
> > > talking to an OpenSSH client version: 7.8 (70800) \
> > > [ssh_known_hosts_read_entries] ssh_known_hosts_read_entries: Failed to open the \
> > > known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory \
> > > [ssh_kex_select_methods] ssh_kex_select_methods: Negotiated \
> > > curve25519-sha256@libssh.org \
> > > <mailto:curve25519-sha256@libssh.org>,ecdsa-sha2-nistp521,aes256-gcm@openssh.com \
> > > <mailto:aes256-gcm@openssh.com>,aes256-gcm@openssh.com \
> > > <mailto:aes256-gcm@openssh.com>,hmac-sha2-256-etm@openssh.com \
> > > <mailto:hmac-sha2-256-etm@openssh.com>,hmac-sha2-256-etm@openssh.com \
> > > <mailto:hmac-sha2-256-etm@openssh.com>,none,none,, [ssh_init_rekey_state] \
> > > ssh_init_rekey_state: Set rekey after 4294967296 blocks [ssh_init_rekey_state] \
> > > ssh_init_rekey_state: Set rekey after 4294967296 blocks \
> > > [ssh_packet_client_curve25519_reply] ssh_packet_client_curve25519_reply: \
> > > SSH_MSG_NEWKEYS sent [ssh_packet_newkeys] ssh_packet_newkeys: Received \
> > > SSH_MSG_NEWKEYS [ssh_packet_newkeys] ssh_packet_newkeys: Signature verified and \
> > > valid [ssh_agent_get_ident_count] ssh_agent_get_ident_count: Answer type: 12, \
> > > expected answer: 12 [ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: \
> > > Error opening /Users/jlixfeld/.ssh/id_ed25519.pub: No such file or directory \
> > > [ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error opening \
> > > /Users/jlixfeld/.ssh/id_ed25519: No such file or directory \
> > > [ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: Error opening \
> > > /Users/jlixfeld/.ssh/id_ecdsa.pub: No such file or directory \
> > > [ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error opening \
> > > /Users/jlixfeld/.ssh/id_ecdsa: No such file or directory \
> > > [ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access denied for \
> > > 'publickey'. Authentication that can continue: publickey,keyboard-interactive \
> > > [ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access denied for \
> > > 'publickey'. Authentication that can continue: publickey,keyboard-interactive \
> > > [ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: Error opening \
> > > /Users/jlixfeld/.ssh/id_dsa.pub: No such file or directory \
> > > [ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error opening \
> > > /Users/jlixfeld/.ssh/id_dsa: No such file or directory \
> > > [ssh_userauth_publickey_auto] ssh_userauth_publickey_auto: Tried every public \
> > > key, none matched [ssh_packet_userauth_failure] ssh_packet_userauth_failure: \
> > > Access denied for 'password'. Authentication that can continue: \
> > > publickey,keyboard-interactive [ssh_packet_userauth_failure] \
> > > ssh_packet_userauth_failure: Access denied for 'password'. Authentication that \
> > > can continue: publickey,keyboard-interactive jlixfeld@BlackBox Desktop %
> > >
> > > Is there some magic required to use special characters in passwords?
> > >
> > > macOS Catalina
> > > Wireshark 3.0.12
> > >
> > > Thanks in advance!
> >
> > ___________________________________________________________________________
> > Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org \
> > <mailto:wireshark-users@wireshark.org>>
> > Archives: https://www.wireshark.org/lists/wireshark-users \
> > <https://www.wireshark.org/lists/wireshark-users>
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users \
> > <https://www.wireshark.org/mailman/options/wireshark-users> \
> > mailto:wireshark-users-request@wireshark.org \
> > <mailto:wireshark-users-request@wireshark.org>?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org \
> <mailto:wireshark-users@wireshark.org>>
> Archives: https://www.wireshark.org/lists/wireshark-users \
> <https://www.wireshark.org/lists/wireshark-users>
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users \
> <https://www.wireshark.org/mailman/options/wireshark-users> \
> mailto:wireshark-users-request@wireshark.org \
> <mailto:wireshark-users-request@wireshark.org>?subject=unsubscribe \
> ___________________________________________________________________________ Sent \
> via: Wireshark-users mailing list \
> <wireshark-users@wireshark.org>
> Archives: https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[Attachment #5 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html; \
charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
line-break: after-white-space;" class="">Although this particular example wasn't on \
the command line, I tried it on the command line previously, both quoted and escaped, \
neither seemed to work.<div class=""><br class=""></div><div class="">I will open a \
bug report. Thank you.<br class=""><div><br class=""><blockquote type="cite" \
class=""><div class="">On Jul 31, 2020, at 10:28 AM, Jeff Morriss <<a \
href="mailto:jeff.morriss.ws@gmail.com" class="">jeff.morriss.ws@gmail.com</a>> \
wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" \
class=""><div class="">If this reflects what was actually sent on the command \
line:</div><div style="margin-left:40px" class="">
--remote-password XXXXXXXXXX <br class=""></div><div class=""><br class=""></div><div \
class="">then it sounds like a quoting problem to me. That is, it should \
be:</div><div style="margin-left:40px" class="">
--remote-password "XXXXXXXXX"
</div><div class=""><br class=""></div><div class="">I'd suggest opening a bug \
report: <a href="https://bugs.wireshark.org/" \
class="">https://bugs.wireshark.org</a><br class=""></div><div class=""><br \
class=""></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jul \
31, 2020 at 7:49 AM Jason Lixfeld <<a href="mailto:jason%2Bwireshark@lixfeld.ca" \
class="">jason+wireshark@lixfeld.ca</a>> wrote:<br class=""></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">Hi,<br class=""> <br class="">
No, ‘X' is what the debug logger obfuscates the password to. A special \
character could be, for example, one that is returned when you hold shift and hit one \
of the top row of numbers on your keyboard (US layout).<br class=""> <br class="">
Sent from a mobile device<br class="">
<br class="">
> On Jul 31, 2020, at 7:34 AM, Jaap Keuter <<a \
href="mailto:jaap.keuter@xs4all.nl" target="_blank" \
class="">jaap.keuter@xs4all.nl</a>> wrote:<br class=""> > <br class="">
> Hi,<br class="">
> <br class="">
> I recon ‘X' is not a special character, so what did you consider special in \
this context?<br class=""> > <br class="">
> Thanks,<br class="">
> Jaap<br class="">
> <br class="">
>> On 30 Jul 2020, at 22:38, Jason Lixfeld <<a \
href="mailto:jason%2Bwireshark@lixfeld.ca" target="_blank" \
class="">jason+wireshark@lixfeld.ca</a>> wrote:<br class=""> >> <br \
class=""> >> Hi,<br class="">
>> <br class="">
>> I'm wondering if anyone has some clue on a sshdump GUI oddity. The \
attempt to start the sshdump always seems to result in an authentication failure when \
a special character is used in the password:<br class=""> >> <br class="">
>> Error by extcap pipe:<br class="">
>> ** (process:27640): WARNING **: Error creating connection.<br class="">
>> <br class="">
>> ** (process:27640): WARNING **: Can't find a valid authentication. \
Disconnecting.<br class=""> >> <br class="">
>> jlixfeld@BlackBox Desktop % more wireshark-debug.txt<br class="">
>> cmdline: /Applications/Wireshark.app/Contents/MacOS/extcap/sshdump --capture \
--extcap-interface sshdump --fifo \
/var/folders/ht/pffb_rd133jd1x12w50hdzcr0000gn/T//wireshark_extcap_sshdump_20200730163607_gRRHD2 \
--remote-capture-command bash /sbin/tcpdump -i mirror0 -w - --debug-file \
/Users/jlixfeld/Desktop/wireshark-debug.txt --remote-host 192.168.57.108 \
--remote-port 22 --remote-password XXXXXXXXXX --remote-username jlixfeld --debug<br \
class=""> >> [ssh_connect] ssh_connect: libssh 0.9.0 (c) 2003-2019 Aris \
Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, \
please refer to COPYING file for information about your rights, using threading \
threads_pthread<br class=""> >> [ssh_socket_connect] ssh_socket_connect: \
Nonblocking connection socket: 5<br class=""> >> [ssh_connect] ssh_connect: \
Socket connecting, now waiting for the callbacks to work<br class=""> >> \
[socket_callback_connected] socket_callback_connected: Socket connection callback: 1 \
(0)<br class=""> >> [ssh_client_connection_callback] \
ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_7.8<br class=""> \
>> [ssh_analyze_banner] ssh_analyze_banner: Analyzing banner: \
SSH-2.0-OpenSSH_7.8<br class=""> >> [ssh_analyze_banner] ssh_analyze_banner: We \
are talking to an OpenSSH client version: 7.8 (70800)<br class=""> >> \
[ssh_known_hosts_read_entries] ssh_known_hosts_read_entries: Failed to open the \
known_hosts file '/etc/ssh/ssh_known_hosts': No such file or directory<br class=""> \
>> [ssh_kex_select_methods] ssh_kex_select_methods: Negotiated <a \
href="mailto:curve25519-sha256@libssh.org" target="_blank" \
class="">curve25519-sha256@libssh.org</a>,ecdsa-sha2-nistp521,<a \
href="mailto:aes256-gcm@openssh.com" target="_blank" \
class="">aes256-gcm@openssh.com</a>,<a href="mailto:aes256-gcm@openssh.com" \
target="_blank" class="">aes256-gcm@openssh.com</a>,<a \
href="mailto:hmac-sha2-256-etm@openssh.com" target="_blank" \
class="">hmac-sha2-256-etm@openssh.com</a>,<a \
href="mailto:hmac-sha2-256-etm@openssh.com" target="_blank" \
class="">hmac-sha2-256-etm@openssh.com</a>,none,none,,<br class=""> >> \
[ssh_init_rekey_state] ssh_init_rekey_state: Set rekey after 4294967296 blocks<br \
class=""> >> [ssh_init_rekey_state] ssh_init_rekey_state: Set rekey after \
4294967296 blocks<br class=""> >> [ssh_packet_client_curve25519_reply] \
ssh_packet_client_curve25519_reply: SSH_MSG_NEWKEYS sent<br class=""> >> \
[ssh_packet_newkeys] ssh_packet_newkeys: Received SSH_MSG_NEWKEYS<br class=""> \
>> [ssh_packet_newkeys] ssh_packet_newkeys: Signature verified and valid<br \
class=""> >> [ssh_agent_get_ident_count] ssh_agent_get_ident_count: Answer \
type: 12, expected answer: 12<br class=""> >> [ssh_pki_import_pubkey_file] \
ssh_pki_import_pubkey_file: Error opening /Users/jlixfeld/.ssh/id_ed25519.pub: No \
such file or directory<br class=""> >> [ssh_pki_import_privkey_file] \
ssh_pki_import_privkey_file: Error opening /Users/jlixfeld/.ssh/id_ed25519: No such \
file or directory<br class=""> >> [ssh_pki_import_pubkey_file] \
ssh_pki_import_pubkey_file: Error opening /Users/jlixfeld/.ssh/id_ecdsa.pub: No such \
file or directory<br class=""> >> [ssh_pki_import_privkey_file] \
ssh_pki_import_privkey_file: Error opening /Users/jlixfeld/.ssh/id_ecdsa: No such \
file or directory<br class=""> >> [ssh_packet_userauth_failure] \
ssh_packet_userauth_failure: Access denied for 'publickey'. Authentication that can \
continue: publickey,keyboard-interactive<br class=""> >> \
[ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access denied for \
'publickey'. Authentication that can continue: publickey,keyboard-interactive<br \
class=""> >> [ssh_pki_import_pubkey_file] ssh_pki_import_pubkey_file: Error \
opening /Users/jlixfeld/.ssh/id_dsa.pub: No such file or directory<br class=""> \
>> [ssh_pki_import_privkey_file] ssh_pki_import_privkey_file: Error opening \
/Users/jlixfeld/.ssh/id_dsa: No such file or directory<br class=""> >> \
[ssh_userauth_publickey_auto] ssh_userauth_publickey_auto: Tried every public key, \
none matched<br class=""> >> [ssh_packet_userauth_failure] \
ssh_packet_userauth_failure: Access denied for 'password'. Authentication that can \
continue: publickey,keyboard-interactive<br class=""> >> \
[ssh_packet_userauth_failure] ssh_packet_userauth_failure: Access denied for \
'password'. Authentication that can continue: publickey,keyboard-interactive<br \
class=""> >> jlixfeld@BlackBox Desktop %<br class="">
>> <br class="">
>> Is there some magic required to use special characters in passwords?<br \
class=""> >> <br class="">
>> macOS Catalina<br class="">
>> Wireshark 3.0.12<br class="">
>> <br class="">
>> Thanks in advance!<br class="">
> <br class="">
> ___________________________________________________________________________<br \
class=""> > Sent via: Wireshark-users mailing list <<a \
href="mailto:wireshark-users@wireshark.org" target="_blank" \
class="">wireshark-users@wireshark.org</a>><br class=""> > Archives: \
<a href="https://www.wireshark.org/lists/wireshark-users" rel="noreferrer" \
target="_blank" class="">https://www.wireshark.org/lists/wireshark-users</a><br \
class=""> > Unsubscribe: <a \
href="https://www.wireshark.org/mailman/options/wireshark-users" rel="noreferrer" \
target="_blank" class="">https://www.wireshark.org/mailman/options/wireshark-users</a><br \
class=""> > mailto:<a \
href="mailto:wireshark-users-request@wireshark.org" target="_blank" \
class="">wireshark-users-request@wireshark.org</a>?subject=unsubscribe<br class=""> \
<br class=""> ___________________________________________________________________________<br \
class=""> Sent via: Wireshark-users mailing list <<a \
href="mailto:wireshark-users@wireshark.org" target="_blank" \
class="">wireshark-users@wireshark.org</a>><br class=""> Archives: <a \
href="https://www.wireshark.org/lists/wireshark-users" rel="noreferrer" \
target="_blank" class="">https://www.wireshark.org/lists/wireshark-users</a><br \
class="">
Unsubscribe: <a href="https://www.wireshark.org/mailman/options/wireshark-users" \
rel="noreferrer" target="_blank" \
class="">https://www.wireshark.org/mailman/options/wireshark-users</a><br class=""> \
mailto:<a \
href="mailto:wireshark-users-request@wireshark.org" target="_blank" \
class="">wireshark-users-request@wireshark.org</a>?subject=unsubscribe</blockquote></div></div>
___________________________________________________________________________<br \
class="">Sent via: Wireshark-users mailing list <<a \
href="mailto:wireshark-users@wireshark.org" \
class="">wireshark-users@wireshark.org</a>><br class="">Archives: \
<a href="https://www.wireshark.org/lists/wireshark-users" \
class="">https://www.wireshark.org/lists/wireshark-users</a><br class="">Unsubscribe: \
<a href="https://www.wireshark.org/mailman/options/wireshark-users" \
class="">https://www.wireshark.org/mailman/options/wireshark-users</a><br class=""> \
<a \
href="mailto:wireshark-users-request@wireshark.org?subject=unsubscribe" \
class="">mailto:wireshark-users-request@wireshark.org?subject=unsubscribe</a></div></blockquote></div><br \
class=""></div></body></html>
[Attachment #6 (text/plain)]
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic