> It is a real issue. Your servers might not see the issue depending on > what options have been set for sshd_config.
Some operating systems have extremely fast passwd checks, others have slow ones. FreeBSD seems to be the worst affected because their PAM integration does not terminate the loop itself; it think it has no limit. Pay close attention and you will see you are replying to others who actually tested it on other systems. The issue is being overplayed by a fair bit. Yes, on some systems with careless authentication systems, many passwd checks can happen in one pre-auth session. However, even with this fixed, someone can do many, many sequential pre-auth sessions with less setup, and approach the same speeds. Only downside is they may be exposed by the extra logging. The issue comes to the fore *because* each passwd check is so cheap. In 1999, OpenBSD made moves to improve things, you may have heard of something called bcrypt... 16 years later, FreeBSD is now on their second successive generation of passwd crypt algorithm, having ignored the lessons. These layers fit together. One specific system had zero mitigations. > My freebsd boxes do *not* have the problem, but that's because I have > set 'ChallengeResponseAuthentication no'. > I don't even remember why I set that on my freebsd boxes. I change very > few settings, but for some reason I decided to change that one. So try it on some other system without that setting. We'll wait. Then come come back and report whether your observations are identical or subtly different. This issue does not have the same scale of impact on all operating systems. One operating system is affected far more than the others. > I can reproduce the problem on my Macs, because they are setup with > 'ChallengeResponseAuthentication yes', and I do not turn it off. That has effectively the same authentication system as FreeBSD, same fast password check, etc. > I'm also told that there is a patch for the oversight in OpenSSH's code, > and that can be seen at: > > https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59ebab It was an oversight, and on most systems it has limited impact, because repeated session connects can still be used by people to run the passwd check ciphers at full speed. It affects some operating systems to a much larger degree. Your statements sound like advocacy. I'll throw some back at you for fun. It seems too easy for FreeBSD folk to throw accusations at OpenSSH and the greater OpenBSD dev community, when the rich commercial sphere surrounding FreeBSD has never given a penny and gets all this for free. Why does FreeBSD PAM not have a counter in it to prevent this by itself? Why does it have super-fast passwd checks? Are those not oversights as well?
