search for: ssh_cmsg_auth_password

...+ debug("PAM authentication for \"%.100s\" failed: %s", pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); return 0; } @@ -234,11 +289,34 @@ /* Start PAM authentication for specified account */ void start_pam(struct passwd *pw) { + start_pam2(pw, SSH_CMSG_AUTH_PASSWORD); +} + + +/* Start PAM authentication for specified account */ +static void start_pam2(struct passwd *pw, int auth_type) +{ int pam_retval; + const char *service=NULL; - debug("Starting up PAM with username \"%.200s\"", pw->pw_name); + switch (auth_type) { +...

...le: /cvs/openssh_cvs/auth1.c,v retrieving revision 1.46 diff -u -p -r1.46 auth1.c --- auth1.c 6 Dec 2001 17:55:26 -0000 1.46 +++ auth1.c 18 Dec 2001 19:07:12 -0000 @@ -313,9 +313,9 @@ do_authloop(Authctxt *authctxt) #ifdef HAVE_CYGWIN if (authenticated && - !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) { + !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { packet_disconnect("Authentication rejected for uid %d.", - (int)pw->pw_uid); + pw ? (int)pw->pw_uid : -1); authenticated = 0; } #else Index: auth2.c =======================================...

...under ~/.ssh/xxx ). How can this be achieved using openSSH ? I did not see in doc (may be I missed something..). Is it enough: In sshd_config: RSAAuthentication yes 1) On server, where should the user's public key be stored (~/.ssh/xxx)? 2) If RSA fails, does sshd automatically drop down to SSH_CMSG_AUTH_PASSWORD based ? Is this option configurable ? Thank you. Sunil.

...extern ServerOptions options; @@ -291,6 +294,16 @@ if (!authctxt->valid && authenticated) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); + +#ifdef _CRAY + if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated) { + cray_login_failure(authctxt->user, IA_UDBERR); + } + if (authenticated && cray_access_denied(authctxt->user)) { + authenticated = 0; + fatal("Access denied...

...=================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth1.c,v retrieving revision 1.79 diff -u -r1.79 auth1.c --- auth1.c 24 Feb 2003 00:59:27 -0000 1.79 +++ auth1.c 25 Feb 2003 09:45:10 -0000 @@ -311,8 +311,6 @@ authctxt->user); #ifdef _UNICOS - if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated) - cray_login_failure(authctxt->user, IA_UDBERR); if (authenticated && cray_access_denied(authctxt->user)) { authenticated = 0; fatal("Access denied for user %s.",authctxt->user); Index: auth2.c ======================================...

...=================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth1.c,v retrieving revision 1.79 diff -u -r1.79 auth1.c --- auth1.c 24 Feb 2003 00:59:27 -0000 1.79 +++ auth1.c 25 Feb 2003 09:45:10 -0000 @@ -311,8 +311,6 @@ authctxt->user); #ifdef _UNICOS - if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated) - cray_login_failure(authctxt->user, IA_UDBERR); if (authenticated && cray_access_denied(authctxt->user)) { authenticated = 0; fatal("Access denied for user %s.",authctxt->user); Index: auth2.c ======================================...

...=================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth1.c,v retrieving revision 1.78 diff -u -r1.78 auth1.c --- auth1.c 23 Jan 2003 06:41:20 -0000 1.78 +++ auth1.c 27 Jan 2003 10:51:39 -0000 @@ -311,8 +311,6 @@ authctxt->user); #ifdef _UNICOS - if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated) - cray_login_failure(authctxt->user, IA_UDBERR); if (authenticated && cray_access_denied(authctxt->user)) { authenticated = 0; fatal("Access denied for user %s.",authctxt->user); Index: auth2.c ======================================...

...auth1.c 2001/03/24 00:37:59 1.40 +++ auth1.c 2001/05/23 09:40:49 @@ -313,14 +313,7 @@ do_authloop(Authctxt *authctxt) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); -#ifdef HAVE_CYGWIN - if (authenticated && - !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) { - packet_disconnect("Authentication rejected for uid %d.", - (int)pw->pw_uid); - authenticated = 0; - } -#else +#ifndef HAVE_CYGWIN /* Special handling for root */ if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_a...

Hi. To compartmentalize things a bit (e.g., to help limit the damage should one of my machines be hacked and my private RSA keys stolen) I use different RSA key pairs on my different client machines. So it occurs to me that it would be nice if ssh could log which key was used when logging in to a particular account that has more than one entry in .ssh/authorized_keys. Right now it simply says

...1,11 +231,11 @@ } /* RSA authentication requested. */ n = BN_new(); packet_get_bignum(n, &nlen); packet_integrity_check(plen, nlen, type); - authenticated = auth_rsa(pw, n); + authenticated = auth_rsa(pw, n, info, sizeof(info)); BN_clear_free(n); break; case SSH_CMSG_AUTH_PASSWORD: if (!options.password_authentication) { diff -u5 openssh-3.0.2p1.orig/auth2.c openssh-3.0.2p1/auth2.c --- openssh-3.0.2p1.orig/auth2.c Tue Nov 13 13:46:19 2001 +++ openssh-3.0.2p1/auth2.c Tue Jan 29 15:21:58 2002 @@ -58,10 +58,14 @@ extern int session_id2_len; static Authctxt *x_authctxt =...

sorry, Darren. Long over due comments. [..] >+/* Record a failed login attempt. */ >+void >+record_failed_login(const char *user, const char *host, const char *ttyname) >+{ >+#ifdef WITH_AIXAUTHENTICATE >+ loginfailed(user, host, ttyname); >+#endif >+#ifdef _UNICOS >+ cray_login_failure((char *)user, IA_UDBERR); >+#endif /* _UNICOS */ >+} I like the

...assword = ssh_askpass(askpass, + "Permission denied, please try again:"); + else + password = ssh_askpass(askpass, prompt); + } else { + if (i != 0) + error("Permission denied, please try again."); + password = read_passphrase(prompt, 0); + } packet_start(SSH_CMSG_AUTH_PASSWORD); packet_put_string(password, strlen(password)); memset(password, 0, strlen(password)); diff -U 3 -N -r ORIG/openssh-2.2.0p1/sshconnect2.c openssh-2.2.0p1/sshconnect2.c --- ORIG/openssh-2.2.0p1/sshconnect2.c Tue Aug 22 20:46:25 2000 +++ openssh-2.2.0p1/sshconnect2.c Sat Sep 9 01:10:30 2000 @...

...d_passphrase(prompt, 0); + if (use_askpass) { + const char * askpass; + if ((askpass = getenv(SSH_ASKPASS_ENV))) + password = ssh_askpass(askpass, prompt); + else + password = ssh_askpass(SSH_ASKPASS_DEFAULT, prompt); + } else + password = read_passphrase(prompt, 0); packet_start(SSH_CMSG_AUTH_PASSWORD); packet_put_string(password, strlen(password)); memset(password, 0, strlen(password)); Cheers --[[text/plain]]

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

OpenBSD tree is heading into a lock and this includes OpenSSH. So we are winding up for a 3.5 release. If we can get people to test the current snapshots and report any problems that would improve the odds that your platform won't be broke for 3.5. Issues I know off of right now. 1. I can't test NeXT. So I TRULY need someone in that community to test for me. Last I heard there was