search for: mm_is_monitor

...rw------- 1 test users 416 Oct 20 14:03 /tmp/krb5cc_243_245 I have tested this on hpux but believe the same behaviour on other OS as well. Probable fix is to change the condition in sshpam_cleanup(void)/auth-pam.c < if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor())) --- > if (sshpam_handle == NULL && (use_privsep && !mm_is_monitor())) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

...24:03 -0000 @@ -231,6 +231,15 @@ auth_log(Authctxt *authctxt, int authent void (*authlog) (const char *fmt,...) = verbose; char *authmsg; +#if 0 + logit("authenticated %d method %s info '%s' postponed %d monitor %d", + authenticated, method, info, authctxt->postponed, mm_is_monitor()); +#endif + authlog = logit; /* XXX for testing only */ + + if (use_privsep && !mm_is_monitor() && !authctxt->postponed) + return; + /* Raise logging level */ if (authenticated == 1 || !authctxt->valid || Index: monitor.c ==========================================...

https://bugzilla.mindrot.org/show_bug.cgi?id=2167 Bug ID: 2167 Summary: Connection remains when fork() fails. Product: Portable OpenSSH Version: 5.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hi, sifting through my system's logs, I noticed many break-in attempts by rogue ssh clients trying long lists of common passwords. For some time now I pondered different approaches to counter these, but could not come up with a solution that really satisfied me. I finally reached the conclusion that any countermeasures required support in sshd itself, and created the attached patch. If

...ut_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4); + if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg), + buffer_len(&log_msg)) != buffer_len(&log_msg)) + fatal("%s: write: %s", __func__, strerror(errno)); + buffer_free(&log_msg); +} + int mm_is_monitor(void) { Index: monitor_wrap.h =================================================================== RCS file: /var/cvs/openssh/monitor_wrap.h,v retrieving revision 1.29 diff -u -p -r1.29 monitor_wrap.h --- monitor_wrap.h 5 Mar 2009 13:58:22 -0000 1.29 +++ monitor_wrap.h 2 Jun 2011 03:58:14 -0000 @@...

Rather then implementing kafs in MIT Kerberos, I would like to suggest an alternative which has advantages to all parties. The OpenSSH sshd needs to do two things: (1) sets a PAG in the kernel, (2) obtains an AFS token storing it in the kernel. It can use the Kerberos credentials either obtained via GSSAPI delegation, PAM or other kerberos login code in the sshd. The above two