search for: hushlogin

I have tried this with openssh-2.5.2p2 and openssh-SNAP-20010501. I have noticed that with a .hushlogin file in my home directory I still get messages. With the .hushlogin file I get these messages: Last successful login for ricardo: Tue May 1 08:06:00 2001 from blah.mnsu.edu Last unsuccessful login for ricardo: Tue May 1 08:05:21 2001 from blah.mnsu.edu Without the .hushlogin file I get the s...

Hello Darren! Hello OpenSSH (portable) users! After updating from OpenSSH 3.8.1p1 to OpenSSH 3.9p1 on my Fedora Core 2 Linux box, the "sshd" no longer respects "~/.hushlogin" to get a quiet and silent login. Now I get the noisy "Last login: somedate from somehost" line. I really loved that feature. ;-) The problem is related to a change in "session.c", function do_child(). In line 1426, the following code has been added to the portable versio...

http://bugzilla.mindrot.org/show_bug.cgi?id=927 Summary: Last login displayed even when .hushlogin exists Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: trivial Priority: P2 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org Reporte...

.../* Do common processing for the child, such as execing the command. */ do_child(s, command); @@ -681,7 +685,6 @@ void do_login(Session *s, const char *command) { - FILE *f; char *time_string; char buf[256]; char hostname[MAXHOSTNAMELEN]; @@ -729,15 +732,8 @@ } #endif - /* Done if .hushlogin exists or a command given. */ - if (command != NULL) - return; - snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); -#ifdef HAVE_LOGIN_CAP - if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) -#else - if (stat(buf, &st) >= 0) -#endif + /...

http://bugzilla.mindrot.org/show_bug.cgi?id=927 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #5 from dtucker at zip.com.au 2006-10-07 11:37 ------- Change all RESOLVED bug to CLOSED with the exception

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, We have `some` problems related to the samba daemon, or possibly with the Linux kernel CIFS filesystem. We have 2 server (for this example): - - Storage Server, running Samba 3.0.28a on Ubuntu Linux (Samba version 3.0.28a-1ubuntu4.4) with ldap authentication. - - Client, running Linux 2.6.24 as a XEN domU. This server mounts on demand user

.../ +#ifdef __FreeBSD__ +#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ + struct timeval tv; + time_t warntime = DEFAULT_WARN; +#endif /* __FreeBSD__ */ /* Get remote host name. */ hostname = get_canonical_hostname(); @@ -2157,6 +2201,50 @@ quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); #endif /* LOGIN_CAP */ +#ifdef __FreeBSD__ + if (pw->pw_change || pw->pw_expire) + (void)gettimeofday(&tv, NULL); +#ifdef LOGIN_CAP + warntime = login_getcaptime(lc, "warnpassword", + DEFAULT_WARN, DEFAULT_WARN); +#endif /* LOGIN_CAP */ + /*...

...nicely except when you login using SSH and authenticate using password. The problem is that sshd is trying to access the file system before it has a valid Kerberos ticket and therefore it fails to mount the home folder. After some debug, we find sshd calls check_quietlogin() which will stat $HOME/.hushlogin before calling do_pam_setcred(). Is there any workaround to bypass quietlogin checking? I cannot find any. Or please add an option for this purpose. Thanks a lot. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You a...

...ily from a single compromised user account against its owner. If the OpenSSH daemon on the half-compromised host is configured to permit RSA-based host authentication via ".shosts" and ".ssh/known_hosts" files, the attacker can modify a few dotfiles (including creating a ".hushlogin" file) to very effectively prompt for and store a user's plaintext passphrase without any indication that something is seriously wrong. There's one simple solution, of course. Have the client alert the user when authentication completes: any authentication-related prompts following t...

...entropy list fixes from Larry Jones <larry.jones at sdrc.com> - (djm) Fix for SuSE spec file from Takashi YOSHIDA <tyoshida at gemini.rc.kyushu-u.ac.jp> - (djm) Merge OpenBSD changes: - markus at cvs.openbsd.org 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - markus at cvs.openbsd.org 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - markus at cvs.openbsd.org 2000/09/05 13:20:49 [sftp-server.c] cleanup - markus at cvs.openbsd.org 2000/09/06 03:46:41 [authfile.h] prototype - deraad...

...*/ #ifndef HAVE_OSF_SIA if (!(options.use_login && command == NULL)) { @@ -746,16 +760,6 @@ options.verify_reverse_mapping), (struct sockaddr *)&from, fromlen); -#ifdef USE_PAM - /* - * If password change is needed, do it now. - * This needs to occur before the ~/.hushlogin check. - */ - if (is_pam_password_change_required()) { - print_pam_messages(); - do_pam_chauthtok(); - } -#endif if (check_quietlogin(s, command)) return; @@ -1238,6 +1242,12 @@ * Reestablish them here. */ do_pam_setcred(0); + + /* + * We need to open the session here becaus...

...passwd * pw = s->pw; + int password_changed = 0; pid_t pid = getpid(); /* @@ -746,16 +749,23 @@ options.verify_reverse_mapping), (struct sockaddr *)&from, fromlen); -#ifdef USE_PAM /* * If password change is needed, do it now. * This needs to occur before the ~/.hushlogin check. */ +#ifdef USE_PAM if (is_pam_password_change_required()) { print_pam_messages(); - do_pam_chauthtok(); + if (!use_privsep) + do_pam_chauthtok(); } #endif + buffer_append(&expire_message, "\0", 1); + if (password_change_required) { + printf("%s", (char...

Hi list, I do not known, if this is really an issue but i noticed that when connecting to a remote ssh host with the standard linux openssh client using a private key, that there is no line of text indicating when the local key-passwd process was completed and the connection session was established. On a compromised host, the login shell could write the line 'Enter passphrase for key

...1)-release' COLUMNS=80 CVSROOT=:ext:mike@localhost:/cvstrees/crossover CVS_RSH=ssh CXOFFICE_DRIVE_TYPE_HACK=hd DIRSTACK=() DISPLAY=:0.0 EUID=1000 GDK_USE_XFT=1 GROUPS=() HISTFILE=/home/mike/.bash_history HISTFILESIZE=500 HISTSIZE=500 HOME=/home/mike HOSTNAME=kimchi.codeweavers.com HOSTTYPE=i486 HUSHLOGIN=FALSE HZ=100 IFS=$' \t\n' INPUTRC=/etc/inputrc JAVA_HOME=/usr/lib/java LANG=C LD_LIBRARY_PATH=:/home/mike/codeweavers/office/wine/libs/unicode:/home/mike/code weavers/office/wine/dlls:/home/mike/codeweavers/office/wine/tsx11:/home/mike/cod eweavers/office/wine/libs/wine:/home/mike/codeweave...