Philip Hands
2000-Feb-09 01:03 UTC
[Colin Watson <cjw44@cam.ac.uk>] Bug#49902: [PATCH] Bug#49902: ssh and pam conspire to deny logins
Hi, Here's a helpful patch from one of our (Debian's) users. I'd guess that the similar if/xfree a few lines above in the #if PAM section could do with the same treatment. Cheers, Phil. --[[message/rfc822]] Date: Sat, 29 Jan 2000 11:11:32 +0000 From: Colin Watson <cjw44 at cam.ac.uk> To: 49902 at bugs.debian.org [Bug was that when sshing one's password is denied, apparently by PAM.] Firstly, moving (or linking) /etc/pam.d/ssh to /etc/pam.d/sshd as suggested doesn't help me; I still get: [cjw44 at quicksilver ~]$ ssh riva cjw44 at cjw44.trin.cam.ac.uk's password: [fx: types in correct password] Connection closed by 131.111.193.196 This bug has an interesting interaction with identities. I only experience this bug when sshing from an account with an identity file in ~/.ssh/identity to an account which is not set up to recognize that identity. A temporary workaround is to specify an identity file which isn't, as follows: [cjw44 at quicksilver ~]$ ssh -i /dev/null riva cjw44 at cjw44.trin.cam.ac.uk's password: [fx: types in correct password] Last login: Sat Jan 29 09:14:17 2000 from quicksilver.trin.cam.ac.uk [...] Running sshd in debugging mode reveals that it segfaults after receiving my password, but only if it had previously attempted to authenticate me based on an identity file. MALLOC_CHECK_ was my friend! A patch (whose purpose should be obvious) follows: --- sshd.c.orig Sat Jan 29 11:00:50 2000 +++ sshd.c Sat Jan 29 11:01:29 2000 @@ -1414,8 +1414,10 @@ return; } - if (client_user != NULL) + if (client_user != NULL) { xfree(client_user); + client_user = NULL; + } if (attempt > AUTH_FAIL_MAX) packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); This should close this bug and #54894 (which I don't believe would have posed security problems), and with a bit of luck might yield more clues to #51306 as well. HTH, -- Colin Watson [cjw44 at cam.ac.uk] --[[text/plain]]