search for: sshauthopt

...keys options API and") dropped the 'allowed pty' option when the password has expired. By adding this hack here, I got it back to the old behavior: --- a/auth-passwd.c +++ b/auth-passwd.c @@ -62,6 +62,7 @@ extern ServerOptions options; extern login_cap_t *lc; #endif +extern struct sshauthopt *auth_opts; #define DAY (24L * 60 * 60) /* 1 day in seconds */ #define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ @@ -122,8 +123,11 @@ auth_password(struct ssh *ssh, const char *password) } #endif result = sys_auth_passwd(ssh, password); - if (authctxt->force_pwchange) + if (auth...

https://bugzilla.mindrot.org/show_bug.cgi?id=3723 Bug ID: 3723 Summary: sshd failed to close session when client specifies no remote command Product: Portable OpenSSH Version: 8.0p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: PAM

...M_AUTHTOK, buffer) == -1) { sshbuf_free(buffer); - return (-1); + return KbdintResultFailure; } sshbuf_free(buffer); - return (1); + return KbdintResultAgain; } static void diff --git a/auth.h b/auth.h index 98bb23d4c..aba6e775d 100644 --- a/auth.h +++ b/auth.h @@ -51,6 +51,7 @@ struct sshauthopt; typedef struct Authctxt Authctxt; typedef struct Authmethod Authmethod; typedef struct KbdintDevice KbdintDevice; +typedef int KbdintResult; struct Authctxt { sig_atomic_t success; @@ -115,6 +116,10 @@ struct Authmethod { int (*userauth)(struct ssh *, const char *); }; +#define Kbdin...

From: "Marco Trevisan" <marco at ubuntu.com> This serie of patches have been already submitted via [1], but i'm sending them again to the ML, to see if they can get some more traction. The patches are already part of Ubuntu openssh since 24.04, and they basically allow proper immediate instruction reporting to clients using PAM (as per RFC4256). This follows the approach