bugzilla-daemon at mindrot.org
2023-Apr-24 10:57 UTC
[Bug 3566] New: Password expiry warning is printed multiple times when UsePAM is set to yes
https://bugzilla.mindrot.org/show_bug.cgi?id=3566 Bug ID: 3566 Summary: Password expiry warning is printed multiple times when UsePAM is set to yes Product: Portable OpenSSH Version: 8.8p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: PAM support Assignee: unassigned-bugs at mindrot.org Reporter: sshedi at vmware.com Created attachment 3692 --> https://bugzilla.mindrot.org/attachment.cgi?id=3692&action=edit Show pam messages only on failure When UsePAM is set to yes in sshd_config and if a user password is about to expire, it gets printed two times while doing ssh login. Sample output: ``` root at ph4dev:~ # sshpass -p changeme ssh root at localhost Warning: your password will expire in 2 days. Warning: your password will expire in 2 days. Last login: Mon Apr 24 15:47:41 2023 from 127.0.0.1 15:48:55 up 1:32, 2 users, load average: 0.00, 0.00, 0.00 root at ph4dev:~ # ``` I reproduced this with "openssh-8.8p1" and I believe this affects all versions >= 8.4p1 Following commit is the cause of the issue. https://github.com/openssh/openssh-portable/commit/ed6bef77f5bb5b8f9ca2914478949e29f2f0a780 This whole pam message echoing portion looks redundant because it is already done at https://github.com/openssh/openssh-portable/blob/master/auth-pam.c#L529 I am attaching a patch to fix this issue as well but not sure if it is correct. Please let me know if I need to raise a PR in github. - Shedi -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Aug-05 10:42 UTC
[Bug 3566] Password expiry warning is printed multiple times when UsePAM is set to yes
https://bugzilla.mindrot.org/show_bug.cgi?id=3566 Shreenidhi Shedi <sshedi at vmware.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at dtucker.net -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Aug-05 10:43 UTC
[Bug 3566] Password expiry warning is printed multiple times when UsePAM is set to yes
https://bugzilla.mindrot.org/show_bug.cgi?id=3566 Shreenidhi Shedi <sshedi at vmware.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Aug-05 10:45 UTC
[Bug 3566] Password expiry warning is printed multiple times when UsePAM is set to yes
https://bugzilla.mindrot.org/show_bug.cgi?id=3566 --- Comment #1 from Shreenidhi Shedi <sshedi at vmware.com> --- Probably the attached patch is incorrect, if you think this is a valid issue; I'll try to come up with a better solution and inputs welcome. -- Shedi -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Seemingly Similar Threads
- [Bug 3599] New: How to scan for keys when sshd server has fips enabled?
- [Bug 3603] New: ssh clients can't communicate with server with default cipher when fips is enabled at server end
- rsync segfaults when openssl fips is enabled
- PermitRootLogin without-password functionality differs for UsePAM yes/no option
- [Bug 1024] SSHD fails to connect when "UsePAM and UseLogin" is yes