bugzilla-daemon at mindrot.org
2006-Sep-13 11:55 UTC
[Bug 1226] sftp-server does not respect rlogin = false
http://bugzilla.mindrot.org/show_bug.cgi?id=1226
Summary: sftp-server does not respect rlogin = false
Product: Portable OpenSSH
Version: 4.3p2
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sftp-server
AssignedTo: bitbucket at mindrot.org
ReportedBy: cris at beebgames.com
using the packages from http://sf.net/projects/openssh-aix
have set a user 'appa' to be rlogin=false in /etc/security/users
when I 'ssh appa at gromit':
appa at gromit's password:
Received disconnect from 158.234.7.207: 2: Remote login for account
appa is not
allowed.
when i 'scp *.txt appa at gromit:~':
appa at gromit's password:
Received disconnect from 158.234.7.207: 2: Remote login for account
appa is not
allowed.
lost connection
so all good so far, but when I 'sftp appa at gromit':
Connecting to gromit...
appa at gromit's password:
sftp>
i am allowed to log in!!!!! this happens only on AIX5.3. On AIX5.2
(same user setup) I get:
Connecting to fenris...
appa at fenris's password:
Permission denied, please try again.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Sep-13 12:16 UTC
[Bug 1226] sftp-server does not respect rlogin = false
http://bugzilla.mindrot.org/show_bug.cgi?id=1226 ------- Comment #1 from dtucker at zip.com.au 2006-09-13 22:16 ------- (In reply to comment #0)> using the packages from http://sf.net/projects/openssh-aixWe can't help you, you'll have to follow this up with them. Last time I checked those packages a) contained modifications b) to which there's no source and c) are version 4.1p1 (not 4.3p1, which is what this bug is against). If you are able to reproduce this with the vanilla source from openssh.com then we may be able to help you (but the rlogin check is in allowed_user() which is always called, so I doubt you'll see it). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Sep-13 12:18 UTC
[Bug 1226] sftp-server does not respect rlogin = false
http://bugzilla.mindrot.org/show_bug.cgi?id=1226 ------- Comment #2 from dtucker at zip.com.au 2006-09-13 22:18 ------- *** Bug 1227 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Oct-03 09:09 UTC
[Bug 1226] sftp-server does not respect rlogin = false
http://bugzilla.mindrot.org/show_bug.cgi?id=1226
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Comment #3 from dtucker at zip.com.au 2006-10-03 19:09 -------
One other thing: the disconnect message if charateristic of what PAM
sends so you may be seeing a difference between AIX 5.2 and 5.3 because
of the UsePAM setting in sshd_config and/or the sshd PAM configuration.
Anyway, as I said we are not able to help you with anyone else's
binaries so I'm closing this bug. Please feel free to reopen if you
can reproduce it with the software from openssh.com.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Oct-07 01:45 UTC
[Bug 1226] sftp-server does not respect rlogin = false
http://bugzilla.mindrot.org/show_bug.cgi?id=1226
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
------- Comment #4 from dtucker at zip.com.au 2006-10-07 11:45 -------
Change all RESOLVED bug to CLOSED with the exception of the ones fixed
post-4.4.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.