bugzilla-daemon at mindrot.org
2023-Apr-24 10:57 UTC
[Bug 3566] New: Password expiry warning is printed multiple times when UsePAM is set to yes
https://bugzilla.mindrot.org/show_bug.cgi?id=3566
Bug ID: 3566
Summary: Password expiry warning is printed multiple times when
UsePAM is set to yes
Product: Portable OpenSSH
Version: 8.8p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at mindrot.org
Reporter: sshedi at vmware.com
Created attachment 3692
--> https://bugzilla.mindrot.org/attachment.cgi?id=3692&action=edit
Show pam messages only on failure
When UsePAM is set to yes in sshd_config and if a user password is
about to expire, it gets printed two times while doing ssh login.
Sample output:
```
root at ph4dev:~ # sshpass -p changeme ssh root at localhost
Warning: your password will expire in 2 days.
Warning: your password will expire in 2 days.
Last login: Mon Apr 24 15:47:41 2023 from 127.0.0.1
15:48:55 up 1:32, 2 users, load average: 0.00, 0.00, 0.00
root at ph4dev:~ #
```
I reproduced this with "openssh-8.8p1" and I believe this affects all
versions >= 8.4p1
Following commit is the cause of the issue.
https://github.com/openssh/openssh-portable/commit/ed6bef77f5bb5b8f9ca2914478949e29f2f0a780
This whole pam message echoing portion looks redundant because it is
already done at
https://github.com/openssh/openssh-portable/blob/master/auth-pam.c#L529
I am attaching a patch to fix this issue as well but not sure if it is
correct.
Please let me know if I need to raise a PR in github.
-
Shedi
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Aug-05 10:42 UTC
[Bug 3566] Password expiry warning is printed multiple times when UsePAM is set to yes
https://bugzilla.mindrot.org/show_bug.cgi?id=3566
Shreenidhi Shedi <sshedi at vmware.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Aug-05 10:43 UTC
[Bug 3566] Password expiry warning is printed multiple times when UsePAM is set to yes
https://bugzilla.mindrot.org/show_bug.cgi?id=3566
Shreenidhi Shedi <sshedi at vmware.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Aug-05 10:45 UTC
[Bug 3566] Password expiry warning is printed multiple times when UsePAM is set to yes
https://bugzilla.mindrot.org/show_bug.cgi?id=3566 --- Comment #1 from Shreenidhi Shedi <sshedi at vmware.com> --- Probably the attached patch is incorrect, if you think this is a valid issue; I'll try to come up with a better solution and inputs welcome. -- Shedi -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Apparently Analagous Threads
- [Bug 3599] New: How to scan for keys when sshd server has fips enabled?
- [Bug 3603] New: ssh clients can't communicate with server with default cipher when fips is enabled at server end
- rsync segfaults when openssl fips is enabled
- PermitRootLogin without-password functionality differs for UsePAM yes/no option
- [Bug 1024] SSHD fails to connect when "UsePAM and UseLogin" is yes