search for: logingracetim

Hello, This problem is regarding the configuration directive called 'LoginGraceTime'. Problem Description: Tests were done with OpenSSH -3.6.1p2 and 3.7.1p2 on HP-UX. sshd is started with LoginGraceTime as 1 minute.Three windows were used to initiate the ssh client.After launching two clients wait for a sometime without issuing the password so it exceeds the grace period fo...

Hello, We've found some undesirable behavior with respect to LoginGraceTime. A minor code change in session.c seems to clear it up, but now I'm asking for help in better understanding the problem and determining if there any unexpected side effects of the change. First, the code change: $ diff orig_session.c session.c 216c216,218 < alarm(0); --- >...

https://bugzilla.mindrot.org/show_bug.cgi?id=2615 Bug ID: 2615 Summary: LoginGraceTime bypass (DoS) Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter...

Hello, I am wondering if there is any way I can get ssh to timeout (return) if nothing is entered when prompted for a password? I understand there is a LoginGraceTime value that can be used in the sshd_config file, but that still doesn't make ssh return (exit) when no password is ever entered. The command just hangs until a <return> is pressed. Is there any way to make it return after the LoginGraceTime limit has expired? I am using ssh inside...

...Recently, we encountered one scenario like: 1) login by root from remote. 2) with default loglevel(INFO) of sshd, it will print one log to auth.log by syslog (got one lock here). 3) But there was some problem that blocked the print action in step-2 a long time, more than 90 seconds. 4) The timer of LoginGraceTime(default 90 seconds) fired, then tiggered one another log. 5) Sshd try to get the lock, as the same lock that has been stuck in step 2. 6) Then the dead lock happened on sshd 7) Also caused the zombie process of the other sshd. Please help confirm. And any thing could be done from sshd to avoid d...

http://bugzilla.mindrot.org/show_bug.cgi?id=1363 Summary: sshd gets stuck: select() in packet_read_seqnr waits indefinitely Product: Portable OpenSSH Version: 4.2p1 Platform: All URL: http://marc.info/?t=117394251600035 OS/Version: All Status: NEW Keywords: patch Severity: major

.../id_dsa @@ -397,7 +399,7 @@ Port $port_number #HostKey ${SYSCONFDIR}/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 3600 +#KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging @@ -407,7 +409,7 @@ Port $port_number # Authentication: -#LoginGraceTime 120 +#LoginGraceTime 2m #PermitRootLogin yes # The following setting overrides permission checks on host key files # and directories. For security reasons set this to "yes" when running @@ -418,10 +420,6 @@ StrictModes no #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/author...

...ed ssh on the box. However, now I'm using 3.7.1p2 with pam support I have the following problem: If a user (local or ldap) enters the correct password everything works fine. Entering a wrong password results in the sshd process becoming unresponsive, until it eventually times out as set by LoginGraceTime in sshd_config. Normally, sshd should prompt for a password a number of times before closing the connection. Running sshd in debug mode under truss shows it going into a sleep state. I've done some searching on this - I found http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=10674397...

...y /usr/local/etc/ssh_host_rsa_key HostKey /usr/local/etc/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 3600 #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging SyslogFacility AUTH #LogLevel INFO LogLevel DEBUG # Authentication: #LoginGraceTime 120 LoginGraceTime 300 #PermitRootLogin yes PermitRootLogin no #StrictModes yes #RSAAuthentication yes #RSAAuthentication no #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be used #RhostsAuthentication no # Don't read the user's...

...on required /lib/security/pam_pwdb.so session required /lib/security/pam_limits.so The contents of sshd_config are: Port 22 Protocol 2,1 HostKey /usr/local/etc/ssh/ssh_host_key HostKey /usr/local/etc/ssh/ssh_host_rsa_key HostKey /usr/local/etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin no IgnoreRhosts yes RhostsRSAAuthentication StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes PrintLastLog no SyslogFacility AUTH LogLevel INFO RhostsRSAAuthentication no HostbasedAuthentication no RSAAuthentication ye...

...n attack detector. debug1: Received encrypted confirmation. debug1: Doing password authentication. mr at tcm30's password: " # This is ssh server systemwide configuration file. " Port 22 ListenAddress 0.0.0.0 HostKey /etc/ssh_host_key RandomSeed /etc/ssh_random_seed ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 7200 PermitRootLogin yes IgnoreRhosts no StrictModes yes QuietMode no X11Forwarding yes X11DisplayOffset 10 FascistLogging no PrintMotd yes KeepAlive yes SyslogFacility DAEMON RhostsAuthentication yes RhostsRSAAuthentication yes RSAAuthentication no PasswordAuthenticati...

...${SYSCONFDIR}/ssh_host_rsa_key #HostKey ${SYSCONFDIR}/ssh_host_dsa_key -# Lifetime and size of ephemeral version 1 server ke +# Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 3600 #ServerKeyBits 768 @@ -405,7 +407,7 @@ Port $port_number # Authentication: -#LoginGraceTime 600 +#LoginGraceTime 120 #PermitRootLogin yes # The following setting overrides permission checks on host key files # and directories. For security reasons set this to "yes" when running @@ -414,11 +416,11 @@ StrictModes no #RSAAuthentication yes #PubkeyAuthentication yes -#Author...

...now always falls back to uncompressed sessions, if the server does not support compression. * The default behavior of sshd(8) with regard to user settable environ variables has changed: the new option PermitUserEnvironment is disabled by default, see sshd_config(5). * The default value for LoginGraceTime has been changed from 600 to 120 seconds, see sshd_config(5). * Removed erroneous SO_LINGER handling. Checksums: ========== - MD5 (openssh-3.5p1.tar.gz) = 42bd78508d208b55843c84dd54dea848 - MD5 (openssh-3.5.tgz) = 79fc225dbe0fe71ebb6910f449101d23 Reporting Bugs: =============== - please r...

...now always falls back to uncompressed sessions, if the server does not support compression. * The default behavior of sshd(8) with regard to user settable environ variables has changed: the new option PermitUserEnvironment is disabled by default, see sshd_config(5). * The default value for LoginGraceTime has been changed from 600 to 120 seconds, see sshd_config(5). * Removed erroneous SO_LINGER handling. Checksums: ========== - MD5 (openssh-3.5p1.tar.gz) = 42bd78508d208b55843c84dd54dea848 - MD5 (openssh-3.5.tgz) = 79fc225dbe0fe71ebb6910f449101d23 Reporting Bugs: =============== - please r...

...otocol version 2 HostKey /usr/local/etc/ssh_host_rsa_key HostKey /usr/local/etc/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging # Authentication: LoginGraceTime 600 PermitRootLogin yes StrictModes no RSAAuthentication no PubkeyAuthentication no AuthorizedKeysFile %h/.ssh/authorized_keys # rhosts authentication should not be used RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts no # For this to work yo...

...uzzball sshd[27946]: Cannot close PAM session: System error Apr 8 22:03:29 fuzzball sshd[27946]: Cannot delete credentials: Authentication # This is ssh server systemwide configuration file. Port 22 ListenAddress 0.0.0.0 #ListenAddress :: HostKey /usr/local/etc/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes Keep...

Hello! My Linux-server is every day attacked with brute-force password cracking attacks. I use openssh-3.9p1 (SuSE Linux 9.2) with standard setup (PAM, LoginGraceTime 2m, MaxAuthTries 6). Unfortunately, I see cracking attempts with very short delays (1 second): Jan 31 00:46:53 XXX sshd[10774]: Invalid user backup from ::ffff:66.98.176.50 Jan 31 00:46:54 XXX sshd[10776]: Invalid user server from ::ffff:66.98.176.50 Jan 31 00:46:55 XXX sshd[10778]: Invalid us...

...etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 3600 #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging SyslogFacility AUTH LogLevel INFO # Authentication: #LoginGraceTime 120 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be used #RhostsAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work...

.../ssh/ssh-host-rsa-key HostKey /opt/talisen/ssh/ssh-host-dsa-key # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging #SyslogFacility AUTH SyslogFacility LOCAL7 LogLevel DEBUG3 #obsoletes QuietMode and FascistLogging # Authentication: LoginGraceTime 600 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys2 # rhosts authentication should not be used #RhostsAuthentication no # Don''t read the user''s ~/.rhosts and ~/.shosts files IgnoreRhosts no # F...

...sion 0.9.5a (downloaded as Redhat RPMs, revision 3) PPP version 2.3.10 One exposed external IP address (for this list, assume to be 100.100.100.100) /etc/ssh/sshd_config: Port 22 Protocol 2,1 ListenAddress 0.0.0.0 HostKey /etc/ssh/ssh_host_key HostDSAKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin no IgnoreRhosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes /etc/ppp/options: lock local noauth proxyarp Client information: *Stock Redhat 6.2 machine running a 2.2.17pre20 kernel OpenSSH version 2.2.0p1 (d...