search for: authmsg

...ed) patch should look like: ----------------- cut -------------------- % diff -u auth-passwd.c-original auth-passwd.c --- auth-passwd.c-original 2002-08-12 18:43:25.000000000 +0200 +++ auth-passwd.c 2002-08-12 19:02:43.000000000 +0200 @@ -114,6 +114,7 @@ #ifdef WITH_AIXAUTHENTICATE char *authmsg; char *loginmsg; + int rc; int reenter = 1; #endif @@ -145,7 +146,11 @@ } #endif #ifdef WITH_AIXAUTHENTICATE - return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + while (reenter) { + rc = authenticate (pw->pw_name,password,&reenter,&authmsg) + }...

...to be able to make the distinction in the logs. Currently ssh only logs > that a ROOT user has logged in, not which one. hm, i don't think uid sharing is a standard unix feature. however, i think that we should drop this: authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ", authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user, get_remote_ipaddr(), get_remote_port(), info); and not print ROOT in caps: authlog("%s...

...ns; -#ifdef WITH_AIXAUTHENTICATE -extern char *aixloginmsg; -#endif +extern Buffer loginmsg; /* * Tries to authenticate the user using password. Returns true if @@ -151,15 +152,28 @@ # endif # ifdef WITH_AIXAUTHENTICATE authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + aix_remove_embedded_newlines(authmsg); if (authsuccess) { + char *msg; + + debug3("AIX/authenticate succeeded for user %s: %.100s", + pw->pw_name, authmsg); + /* We don't have a pty yet, so just label the line as "ssh" */ if (loginsu...

...r login_message; +extern int password_change_required; #ifdef WITH_AIXAUTHENTICATE -extern char *aixloginmsg; +void aix_remove_embedded_newlines(char *); #endif /* @@ -149,13 +153,23 @@ #endif #ifdef WITH_AIXAUTHENTICATE authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + aix_remove_embedded_newlines(authmsg); - if (authsuccess) + if (authsuccess) { + char *msg; + + debug("authenticate() succeeded for user %s: %.100s", pw->pw_name, authmsg); /* We don't have a pty yet, so just label the line as "ssh" */ if...

Hi All. With one eye on the do_pam_chauthtok() stuff I've merged contributions by Pablo Sor and Mark Pitt into a patch against -current. I'm interested in testers and suggestions for improvements. The patch extends the loginrestrictions test to include expired accounts (but unlike Mark's patch, doesn't log accounts with expired passwords unless they're locked) and adds

...uld be immediately after the password-authentication. Bug-Fix: The following fix works for us: ------------------------------------------------------------------------ diff auth-passwd.c.orig auth-passwd.c 151c151,160 < return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); --- > { int iau; > iau = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); > debug("auth-passwd (FZJ-authenticate): rc: %d msg: %s", iau, authmsg); > if (iau) > return 1; > loginfailed(authctx...

...4.3.3 systems. Richard ------- *** openssh-2.9.9p2/auth-passwd.c.org Tue Jul 3 23:21:15 2001 --- openssh-2.9.9p2/auth-passwd.c Tue Oct 2 10:13:47 2001 *************** *** 147,153 **** } #endif #ifdef WITH_AIXAUTHENTICATE ! return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); #endif #ifdef KRB4 if (options.kerberos_authentication == 1) { --- 147,157 ---- } #endif #ifdef WITH_AIXAUTHENTICATE ! if (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0) ! return 1; ! loginfailed(authctxt->user, ! get_canonical_hostname(op...

...== INVALID_HANDLE_VALUE) - return 0; + if (hToken == INVALID_HANDLE_VALUE) { + retval=0 ; goto out; + } cygwin_set_impersonation_token(hToken); - return 1; + retval=1; + goto out; } #endif #ifdef WITH_AIXAUTHENTICATE - return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + retval=(authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + goto out; #endif #ifdef KRB4 if (options.kerberos_authentication == 1) { int ret = auth_krb4_password(authctxt, password); - if (ret == 1 || ret == 0) - return ret; + if (ret == 1 || ret == 0) { +...

I have passwords turned off, and require keys to match. The zombie armies swarming outside are trying brute force attacks that in part involve guessing login NAMES. If they guess the wrong NAME, this is logged in syslog. If they guess a working user name, then the attack has PARTIALLY SUCCEEDED, but this information is IGNORED. That is, it is not logged. If the zombie army has tell when it

Attached is a patch which adds a log= directive to authorized_keys. The text in the log="text" directive is appended to the log line, so you can easily tell which key is matched. For instance the line: log="hello world!",no-agent-forwarding,command="/bin/true",no-pty, no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:7" ssh-rsa AAAAB3Nza....xcgaK9xXoU=

...;crypt.h> # endif -# ifdef WITH_AIXAUTHENTICATE -# include <login.h> -# endif # ifdef __hpux # include <hpsecurity.h> # include <prot.h> @@ -150,7 +148,7 @@ } # endif # ifdef WITH_AIXAUTHENTICATE - authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + authsuccess = (authenticate((char *)pw->pw_name,password,&reenter,&authmsg) == 0); if (authsuccess) { /* We don't have a pty yet, so just label the line as "ssh" */ Index: configure.ac =================================================================...

We have come across a problem with OpenSSH 2.3.0p1 (and still in 2.5.1p1) which affect authentication on an AIX 4.3 system. The code in auth-passwd.c at line 168 reads: #ifdef WITH_AIXAUTHENTICATE return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); #endif however, the AIX manual page for "authenticate" states: "The authenticate subroutine maintains requirements users must satisfy to be authenticated to the system. It is a recallable interface that prompts for the user's name and password. The user must supply a c...

auth.c:auth_log contains the following code: authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ", ---> authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user, get_remote_ipaddr(), get_remote_port(), info); I...

OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the

...,&aixloginmsg) < 0) + aixloginmsg = NULL; #endif /* WITH_AIXAUTHENTICATE */ packet_start(SSH_SMSG_SUCCESS); packet_send(); --- auth2.c.orig Thu May 11 14:31:01 2000 +++ auth2.c Thu May 11 15:16:21 2000 @@ -154,9 +154,9 @@ int authenticated = 0; char *raw, *user, *service, *method, *authmsg = NULL; struct passwd *pw; - - if (++attempt == AUTH_FAIL_MAX) - packet_disconnect("too many failed userauth_requests"); +#ifdef WITH_AIXAUTHENTICATE + extern char *aixloginmsg; +#endif /* WITH_AIXAUTHENTICATE */ raw = packet_get_raw(&rlen); if (plen != rlen) @@ -164,6 +164,1...

Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a

...fined(HAVE_MD5_CRYPT) # include "md5crypt.h" #endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ @@ -46,6 +51,9 @@ #ifdef HAVE_SHADOW_H struct spwd *spw; #endif +#ifdef HAVE_GETPWANAM + struct passwd_adjunct *spw; +#endif #ifdef WITH_AIXAUTHENTICATE char *authmsg; char *loginmsg; @@ -99,6 +107,16 @@ pw_password = spw->sp_pwdp; } #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ +#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) + if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) + { + /* Che...

...rc/security/openssh/cvs/openssh_cvs/auth.c,v retrieving revision 1.101 diff -u -p -r1.101 auth.c --- auth.c 31 Aug 2005 16:59:49 -0000 1.101 +++ auth.c 12 Feb 2006 00:24:03 -0000 @@ -231,6 +231,15 @@ auth_log(Authctxt *authctxt, int authent void (*authlog) (const char *fmt,...) = verbose; char *authmsg; +#if 0 + logit("authenticated %d method %s info '%s' postponed %d monitor %d", + authenticated, method, info, authctxt->postponed, mm_is_monitor()); +#endif + authlog = logit; /* XXX for testing only */ + + if (use_privsep && !mm_is_monitor() && !authctxt...

..._LOGINFAILED_4ARG loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); # else *** openssh-3.7.1p2/auth-passwd.c Fri Sep 12 20:41:56 2003 --- openssh-3.7.1p2.patched/auth-passwd.c Mon Sep 22 12:24:15 2003 *************** *** 110,116 **** --- 110,118 ---- pw->pw_name, authmsg); /* No pty yet, so just label the line as "ssh" */ + #if 0 aix_setauthdb(authctxt->user); + #endif if (loginsuccess(authctxt->user, host, "ssh", &msg) == 0) { if (msg != NULL) { *** openssh-3.7.1p2/configure Tue Sep 23 0...

...ervconf.h" #include "xmalloc.h" + #ifdef WITH_AIXAUTHENTICATE + #include <login.h> + #endif + #ifdef HAVE_SHADOW_H # include <shadow.h> #endif *************** *** 40,45 **** --- 44,55 ---- struct spwd *spw; #endif + #ifdef WITH_AIXAUTHENTICATE + char *authmsg; + char *loginmsg; + int reenter = 1; + #endif + /* deny if no user. */ if (pw == NULL) return 0; *************** *** 55,60 **** --- 65,79 ---- return ret; /* Fall back to ordinary passwd authentication. */ } + #endif + #ifdef WITH_AIXAUTHENTICATE + + if ( (authenticate(p...