thr3ads.net - openssh unix dev - X11 forwarding when pw is aged [Jul 2003]

If this information is useful, please help other people find it:
Share via:

Andreas Gidom

2003-Jul-01 07:58 UTC

X11 forwarding when pw is aged

Hi All,

1st Simple question: bug or feature ?

sshd version OpenSSH_3.6.1p2-pwexp20 on solaris sparc
X11 forwarding works fine
Set pw to aged (3rd entry in /etc/shadow to 0)

login as: steffenb
Sent username "steffenb"
steffenb at saturn's password:
Warning: Your password has expired, please change it now.
passwd:  Changing password for steffenb
Enter login password:
New password:
Re-enter new password:
passwd (SYSTEM): passwd successfully changed for steffenb
Last login: Mon Jun 30 14:56:01 2003 from hclberagi.munic
Sun Microsystems Inc.   SunOS 5.6       Generic August 1997
steffenb at saturn:~ > /usr/X11R6/bin/xterm
/usr/X11R6/bin/xterm Xt error: Can't open display:
steffenb at saturn:~ > set
BASH=/bin/bash
BASH_VERSINFO=([0]="2" [1]="02" [2]="0"
[3]="1" [4]="release"
[5]="sparc-sun-solaris2.6")
BASH_VERSION='2.02.0(1)-release'
COLUMNS=80
DIRSTACK=()
EUID=504
----- break ---

logfile:
2003-06-30 14:54:36	Looking up host "saturn"
2003-06-30 14:54:36	Connecting to 10.131.36.1 port 22
2003-06-30 14:54:36	Server version: SSH-1.99-OpenSSH_3.6.1p2-pwexp20
2003-06-30 14:54:36	We claim version: SSH-1.5-PuTTY-Release-0.53b
2003-06-30 14:54:36	Using SSH protocol version 1
2003-06-30 14:54:36	Received public keys
2003-06-30 14:54:36	Host key fingerprint is:
2003-06-30 14:54:36	      1024
a1:b6:b3:ee:2b:3f:60:50:aa:f6:1b:87:ba:d9:09:51
2003-06-30 14:54:37	Encrypted session key
2003-06-30 14:54:37	AES not supported in SSH1, skipping
2003-06-30 14:54:37	Using Blowfish encryption
2003-06-30 14:54:37	Trying to enable encryption...
2003-06-30 14:54:37	Initialised Blowfish encryption
2003-06-30 14:54:37	Installing CRC compensation attack detector
2003-06-30 14:54:37	Successfully started encryption
2003-06-30 14:54:42	Sent username "steffenb"
2003-06-30 14:54:48	Sending password with camouflage packets
2003-06-30 14:54:48	Sent password
2003-06-30 14:54:48	Authentication successful
2003-06-30 14:54:48	Requesting X11 forwarding
2003-06-30 14:54:49	Remote dX11 forwarding disabled in user
configuration file.
2003-06-30 14:54:49	X11 forwarding refused
2003-06-30 14:54:49	Allocated pty
2003-06-30 14:54:49	Started session

Normal session:

login as: steffenb
Sent username "steffenb"
steffenb at saturn's password:
Last login: Mon Jun 30 14:58:35 2003 from hclberagi.munic
Sun Microsystems Inc.   SunOS 5.6       Generic August 1997
steffenb at saturn:~ > /usr/X11R6/bin/xterm
^Z
[1]+  Stopped                 /usr/X11R6/bin/xterm
steffenb at saturn:~ > bg
[1]+ /usr/X11R6/bin/xterm &
steffenb at saturn:~ > set
BASH=/bin/bash
BASH_VERSINFO=([0]="2" [1]="02" [2]="0"
[3]="1" [4]="release"
[5]="sparc-sun-solaris2.6")
BASH_VERSION='2.02.0(1)-release'
COLUMNS=80
DIRSTACK=()
DISPLAY=localhost:11.0
EUID=504
----break----

Logfile:
2003-06-30 14:55:42	Looking up host "saturn"
2003-06-30 14:55:42	Connecting to 10.131.36.1 port 22
2003-06-30 14:55:42	Server version: SSH-1.99-OpenSSH_3.6.1p2-pwexp20
2003-06-30 14:55:42	We claim version: SSH-1.5-PuTTY-Release-0.53b
2003-06-30 14:55:42	Using SSH protocol version 1
2003-06-30 14:55:42	Received public keys
2003-06-30 14:55:42	Host key fingerprint is:
2003-06-30 14:55:42	      1024
a1:b6:b3:ee:2b:3f:60:50:aa:f6:1b:87:ba:d9:09:51
2003-06-30 14:55:42	Encrypted session key
2003-06-30 14:55:42	AES not supported in SSH1, skipping
2003-06-30 14:55:42	Using Blowfish encryption
2003-06-30 14:55:42	Trying to enable encryption...
2003-06-30 14:55:42	Initialised Blowfish encryption
2003-06-30 14:55:43	Installing CRC compensation attack detector
2003-06-30 14:55:43	Successfully started encryption
2003-06-30 14:55:51	Sent username "steffenb"
2003-06-30 14:55:56	Sending password with camouflage packets
2003-06-30 14:55:56	Sent password
2003-06-30 14:55:56	Authentication successful
2003-06-30 14:55:56	Requesting X11 forwarding
2003-06-30 14:55:56	X11 forwarding enabled
2003-06-30 14:55:57	Allocated pty
2003-06-30 14:55:57	Started session
2003-06-30 14:56:04	Received X11 connect request
2003-06-30 14:56:04	opening X11 forward connection succeeded
2003-06-30 14:56:04	Opened X11 forward channel
2003-06-30 15:11:58	Forwarded X11 connection terminated

Mit freundlichen Gr??en / Best Regards
Andreas Gidom

Darren Tucker

2003-Jul-01 08:34 UTC

head link

X11 forwarding when pw is aged

Andreas Gidom wrote:> 1st Simple question: bug or feature ?
It's a Security Feature.  All forwarding is disabled when the password is
expired, otherwise you could request forwards with an expired password.

The problem with re-enabling it afterwards is that your password is
changed in the process that becomes the shell, but the forwarding flags
are checked in the ssh daemon (the slave if privsep is in use) and there's
no easy way to report a successful change.

At one point I tried using a signal to reset the flags but that wasn't
popular.

It might be possible to make it work by checking if the password is still
expired when a forwarding request arrives.  I'm not sure how hard that is
(it's likely to be difficult with PAM for example).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Reasonably Related Threads

Search for more seemingly similar threads

openssh unix dev - Jul 2003 - X11 forwarding when pw is aged

X11 forwarding when pw is aged

X11 forwarding when pw is aged

Reasonably Related Threads