search for: m_pid

...hd reported the change of pid with LogLevel set to verbose instead of debug2. Is it possible to have it changed? Regards Claes Leufv?n Here is a patch for it: --- sshd.c_orig 2005-11-21 10:51:08.000000000 +0100 +++ sshd.c 2005-11-21 10:51:11.000000000 +0100 @@ -652,7 +652,7 @@ if (pmonitor->m_pid == -1) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { - debug2("User child is on pid %ld", (long)pmonitor->m_pid); + verbose("User child is on pid %ld", (long)pmonitor->m_pid); close(pmonitor->m_recvfd); buffer_cle...

...nge this or would it violate the privacy of the users? Regards Claes Leufv?n Here is a patch for the latest(20051208) snapshot of OpenSSH portable: --- sshd.c-orig 2005-12-08 14:35:03.000000000 +0100 +++ sshd.c 2005-12-08 14:35:11.000000000 +0100 @@ -651,7 +651,7 @@ if (pmonitor->m_pid == -1) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { - debug2("User child is on pid %ld", (long)pmonitor->m_pid); + verbose("User child is on pid %ld", (long)pmonitor->m_pid);...

https://bugzilla.mindrot.org/show_bug.cgi?id=2167 Bug ID: 2167 Summary: Connection remains when fork() fails. Product: Portable OpenSSH Version: 5.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

...recvfd); + pmonitor->m_sendfd = pmonitor->m_log_recvfd = -1; } static void @@ -431,6 +454,9 @@ monitor_child_handler(int sig) void monitor_child_postauth(struct monitor *pmonitor) { + close(pmonitor->m_recvfd); + pmonitor->m_recvfd = -1; + monitor_set_child_handler(pmonitor->m_pid); signal(SIGHUP, &monitor_child_handler); signal(SIGTERM, &monitor_child_handler); @@ -454,6 +480,9 @@ monitor_child_postauth(struct monitor *p for (;;) monitor_read(pmonitor, mon_dispatch, NULL); + + close(pmonitor->m_sendfd); + pmonitor->m_sendfd = -1; } void @@ -465,...

Hi, sifting through my system's logs, I noticed many break-in attempts by rogue ssh clients trying long lists of common passwords. For some time now I pondered different approaches to counter these, but could not come up with a solution that really satisfied me. I finally reached the conclusion that any countermeasures required support in sshd itself, and created the attached patch. If

...t monitor *pmonitor = NULL; +#endif /* global authentication context */ Authctxt *the_authctxt = NULL; @@ -308,9 +310,10 @@ grace_alarm_handler(int sig) { /* XXX no idea how fix this signal handler */ +#ifdef USE_PRIVSEP if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) kill(pmonitor->m_pid, SIGALRM); - +#endif /* Log error and exit. */ fatal("Timeout before authentication for %s", get_remote_ipaddr()); } @@ -536,6 +539,7 @@ demote_sensitive_data(void) /* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */ } +#ifdef US...

...t; https://bugzilla.mindrot.org/attachment.cgi?id=2424&action=edit possible fix. sshd crashes with the core dump when used in high scale environment. The program crashes inside the function "cleanup_exit" at line if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) It is always assumed here that pmonitor is always not NULL. However pmonitor can be null, in the execution sequence below: #0 0x0804e214 in cleanup_exit (i=255) at ../../../../../../src/crypto/openssh/sshd.c:2415 #1 0x080ae7bf in fatal (fmt=0x80b8ea6 "%s: socketpair: %s") at...

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

...@ -649,7 +697,21 @@ /* New socket pair */ monitor_reinit(pmonitor); +#if #system(bs2000) + { + char *upper; + /* BS2000(PSD/POSIX) ufork needs the user name in UPPER case */ + upper = xstrdup(authctxt->pw->pw_name); + strupper(upper, NULL); + if ((pmonitor->m_pid = ufork(upper)) == -1 && errno == EPERM) { + log("Hint: Is the POSIX-RLOGIN-DEFAULT set for user %s ?", + authctxt->pw->pw_name); + } + free(upper); + } +#else pmonitor->m_pid = fork(); +#endif if (pmonitor->m_pid == -1) fatal("fork of unpr...

...tes; /* all public host certificates */ int have_ssh1_key; int have_ssh2_key; @@ -652,11 +657,18 @@ privsep_preauth(Authctxt *authctxt) } else if (pid != 0) { debug2("Network child is on pid %ld", (long)pid); + auth_conn = ssh_get_authentication_connection(); + pmonitor->m_pid = pid; if (box != NULL) ssh_sandbox_parent_preauth(box, pid); monitor_child_preauth(authctxt, pmonitor); + if (auth_conn) { + ssh_close_authentication_connection(auth_conn); + auth_conn = NULL; + } + /* Sync memory */ monitor_sync(pmonitor); @@ -704,10 +716,11 @@ privsep_p...

...P_SANDBOX) + box = ssh_sandbox_init(); pid = fork(); if (pid == -1) { fatal("fork of unprivileged child failed"); } else if (pid != 0) { debug2("Network child is on pid %ld", (long)pid); + if (box != NULL) + ssh_sandbox_parent_preauth(box, pid); pmonitor->m_pid = pid; monitor_child_preauth(authctxt, pmonitor); @@ -643,10 +649,21 @@ privsep_preauth(Authctxt *authctxt) monitor_sync(pmonitor); /* Wait for the child's exit status */ - while (waitpid(pid, &status, 0) < 0) + while (waitpid(pid, &status, 0) < 0) { if (errno !...