Displaying 6 results from an estimated 6 matches for "mm_is_monitor".
2011 Oct 20
2
[Bug 1945] New: Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes
...rw------- 1 test users 416 Oct 20 14:03
/tmp/krb5cc_243_245
I have tested this on hpux but believe the same behaviour on other OS
as well.
Probable fix is to change the condition in
sshpam_cleanup(void)/auth-pam.c
< if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
---
> if (sshpam_handle == NULL && (use_privsep && !mm_is_monitor()))
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
2006 Feb 12
1
sshd double-logging
...24:03 -0000
@@ -231,6 +231,15 @@ auth_log(Authctxt *authctxt, int authent
void (*authlog) (const char *fmt,...) = verbose;
char *authmsg;
+#if 0
+ logit("authenticated %d method %s info '%s' postponed %d monitor %d",
+ authenticated, method, info, authctxt->postponed, mm_is_monitor());
+#endif
+ authlog = logit; /* XXX for testing only */
+
+ if (use_privsep && !mm_is_monitor() && !authctxt->postponed)
+ return;
+
/* Raise logging level */
if (authenticated == 1 ||
!authctxt->valid ||
Index: monitor.c
==========================================...
2013 Oct 31
9
[Bug 2167] New: Connection remains when fork() fails.
https://bugzilla.mindrot.org/show_bug.cgi?id=2167
Bug ID: 2167
Summary: Connection remains when fork() fails.
Product: Portable OpenSSH
Version: 5.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2020 Mar 11
6
[PATCH 0/1] *** SUBJECT HERE ***
Hi,
sifting through my system's logs, I noticed many break-in attempts by
rogue ssh clients trying long lists of common passwords. For some time
now I pondered different approaches to counter these, but could not come
up with a solution that really satisfied me.
I finally reached the conclusion that any countermeasures required
support in sshd itself, and created the attached patch. If
2011 Jun 02
2
preauth privsep logging via monitor
...ut_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4);
+ if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg),
+ buffer_len(&log_msg)) != buffer_len(&log_msg))
+ fatal("%s: write: %s", __func__, strerror(errno));
+ buffer_free(&log_msg);
+}
+
int
mm_is_monitor(void)
{
Index: monitor_wrap.h
===================================================================
RCS file: /var/cvs/openssh/monitor_wrap.h,v
retrieving revision 1.29
diff -u -p -r1.29 monitor_wrap.h
--- monitor_wrap.h 5 Mar 2009 13:58:22 -0000 1.29
+++ monitor_wrap.h 2 Jun 2011 03:58:14 -0000
@@...
2004 Jan 26
6
OpenSSH, OpenAFS, Heimdal Kerberos and MIT Kerberos
Rather then implementing kafs in MIT Kerberos, I would like to
suggest an alternative which has advantages to all parties.
The OpenSSH sshd needs to do two things:
(1) sets a PAG in the kernel,
(2) obtains an AFS token storing it in the kernel.
It can use the Kerberos credentials either obtained via GSSAPI
delegation, PAM or other kerberos login code in the sshd.
The above two