search for: use_login

...20 Jun 2002 23:05:55 -0000 1.58 +++ servconf.h 24 Jul 2002 16:55:26 -0000 @@ -97,6 +97,7 @@ int challenge_response_authentication; int permit_empty_passwd; /* If false, do not permit empty * passwords. */ + int permit_user_env; /* If true, read ~/.ssh/environment */ int use_login; /* If true, login(1) is used */ int compression; /* If true, compression is allowed */ int allow_tcp_forwarding; --- servconf.c 23 Jun 2002 09:46:51 -0000 1.112 +++ servconf.c 24 Jul 2002 16:55:26 -0000 @@ -87,6 +87,7 @@ options->kbd_interactive_authentication = -1; options->chal...

...ect: privsep in ssh Date: Fri, 19 Sep 2003 12:22 From: Russell Coker <russell at coker.com.au> To: SE Linux <selinux at tycho.nsa.gov> Cc: Colin Watson <cjwatson at debian.org> #ifdef DISABLE_FD_PASSING if (1) { #else if (authctxt->pw->pw_uid == 0 || options.use_login) { #endif /* File descriptor passing is broken or root login */ monitor_apply_keystate(pmonitor); use_privsep = 0; return; } When browsing the ssh source I noticed the above in sshd.c. It appears from a casual inspection tha...

...ed to this mail. I have to ask: why? ;-) ---------- My OLD message ---------- Hello, I have just discoverd that ssh -T does not work with servers which have UseLogin option enabled. This happends becouse /bin/login can not work if there is no tty. To correct this, it is necessary to add: options.use_login = 0; at the top of the "do_exec_no_pty" function from the "session.c" file. ---------- My OLD message ---------- Best regards, Krzysztof Oledzki

...tch. OpenSSH-2.1.1 is available from www.openssh.com. Appendix: 1. OpenSSH-1.2.2 --- sshd.c.orig Thu Jan 20 18:58:39 2000 +++ sshd.c Tue Jun 6 10:12:00 2000 @@ -2231,6 +2231,10 @@ struct stat st; char *argv[10]; + /* login(1) is only called if we execute the login shell */ + if (options.use_login && command != NULL) + options.use_login = 0; + f = fopen("/etc/nologin", "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ 2. OpenSSH-1.2.3 --- sshd.c.orig Mon Mar 6 22:11:17 2000 +++ sshd.c Tue Jun 6 10:14:07 2000 @@ -2250,6 +2250,10 @@...

...tch. OpenSSH-2.1.1 is available from www.openssh.com. Appendix: 1. OpenSSH-1.2.2 --- sshd.c.orig Thu Jan 20 18:58:39 2000 +++ sshd.c Tue Jun 6 10:12:00 2000 @@ -2231,6 +2231,10 @@ struct stat st; char *argv[10]; + /* login(1) is only called if we execute the login shell */ + if (options.use_login && command != NULL) + options.use_login = 0; + f = fopen("/etc/nologin", "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ 2. OpenSSH-1.2.3 --- sshd.c.orig Mon Mar 6 22:11:17 2000 +++ sshd.c Tue Jun 6 10:14:07 2000 @@ -2250,6 +2250,10 @@...

...ed1(Authctxt *authctxt); void do_authenticated2(Authctxt *authctxt); +int check_quietlogin(Session *s, const char *command); /* import */ extern ServerOptions options; @@ -633,8 +635,10 @@ close(ttyfd); /* record login, etc. similar to login(1) */ +#ifndef HAVE_OSF_SIA if (!(options.use_login && command == NULL)) do_login(s, command); +#endif /* Do common processing for the child, such as execing the command. */ do_child(s, command); @@ -681,7 +685,6 @@ void do_login(Session *s, const char *command) { - FILE *f; char *time_string; char buf[256]; char hostnam...

...L, cray_job_termination_handler); +#endif /* _CRAY */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -586,7 +595,12 @@ /* record login, etc. similar to login(1) */ #ifndef HAVE_OSF_SIA if (!(options.use_login && command == NULL)) + { +# ifdef _CRAY + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +# endif /* _CRAY */ do_login(s, command); + } # ifdef LOGIN_NEEDS_UTMPX else...

...openssh-2.5.1p1-1/servconf.c *** openssh-2.5.1p1/servconf.c Wed Feb 14 19:08:27 2001 --- openssh-2.5.1p1-1/servconf.c Thu Mar 1 15:45:03 2001 *************** *** 81,86 **** --- 81,87 ---- options->challenge_reponse_authentication = -1; options->permit_empty_passwd = -1; options->use_login = -1; + options->sys_environment_file = NULL; options->allow_tcp_forwarding = -1; options->num_allow_users = 0; options->num_deny_users = 0; *************** *** 210,216 **** sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sIgnoreRhosts...

Would anybody happen to have or know of a patch to make /etc/default/login PATH and SUPATH the default openssh path? We have customized paths for each school of engineering (each have their own customized site bin). This is easily controled with /etc/default/login. The --with-default-path option is too rigid. This is Solaris I am talking about. --mike

...quot;Warning: your account expires on %s", + ctime(&pw->pw_expire)); + } +#endif /* __FreeBSD__ */ + /* * If the user has logged in before, display the time of last * login. However, don't display anything extra if a command @@ -2203,10 +2291,9 @@ !options.use_login) { #ifdef LOGIN_CAP fname = login_getcapstr(lc, "welcome", NULL, NULL); - login_close(lc); if (fname == NULL || (f = fopen(fname, "r")) == NULL) f = fopen("/etc/motd", "r"); -#else /* LOGIN_CAP */ +#else /* !LOGIN_CAP */ f = fopen("/e...

...ng was working properly, I noticed that when I used PAM to authenticate, rather than /bin/login, sshd was not honoring /etc/nologin. I took a real quick look through the source code and found this at line 1022 of session.c: #ifndef USE_PAM /* pam_nologin handles this */ if (!options.use_login) { Now that seems like it's probably the right way to handle /etc/nologin under PAM authenticated linux systems, however there's one problem: Sun doesn't ship SunOS with a pam_nologin.so module. pam_unix.so authenticates the user, and since openssh is told not to look for /etc/nologi...

...root2.patch diff --ignore-space-change -u openssh-2.2.0p1/servconf.c openssh-2.2.0p1chroot/servconf.c --- openssh-2.2.0p1/servconf.c Fri Aug 18 05:59:06 2000 +++ openssh-2.2.0p1chroot/servconf.c Sun Oct 22 18:59:49 2000 @@ -68,6 +68,8 @@ #endif options->permit_empty_passwd = -1; options->use_login = -1; + options->use_chroot = -1; + options->chroot_group = -1; options->num_allow_users = 0; options->num_deny_users = 0; options->num_allow_groups = 0; @@ -158,6 +160,10 @@ options->permit_empty_passwd = 0; if (options->use_login == -1) options->use_login = 0...

Folks, I noticed that whenever I scp'ed a file to my test server (running OpenSSH 2.1.0p2, and then tested with p3) it was created owned by root. /home/me $ ls -al .profile -rwx------ 1 me group 1056 Jan 18 1999 .profile /home/me $ scp .profile me at server:test me at server's password: .profile 100%

...ions *, char *, u_short); @@ -102,6 +105,9 @@ options->challenge_response_authentication = -1; options->permit_empty_passwd = -1; options->permit_user_env = -1; + options->permit_tcp_listen = -1; + options->restricted_shell = NULL; + options->restrictions = -1; options->use_login = -1; options->compression = -1; options->allow_tcp_forwarding = -1; @@ -226,6 +232,10 @@ options->permit_empty_passwd = 0; if (options->permit_user_env == -1) options->permit_user_env = 0; + if (options->permit_tcp_listen == -1) + options->permit_tcp_listen = 1; +...

...******* *** 1554,1559 **** --- 1554,1583 ---- #endif } + #ifdef WITH_IRIX_CAP + /* Set the user's capabilities before running their RC files!! + Only if we won't use login(1), as login handles setting + capabilities itself */ + if (!options.use_login) { + if(child_get_env(env,"CAP") == NULL) + irix_set_cap("all="); + else + irix_set_cap(child_get_env(env,"CAP")); + } + #endif /* WITH_IRIX_CAP */ + + #ifdef WITH_IRIX_MAC +...

...21:23:21 stevesk Exp $"); @@ -173,6 +174,8 @@ # include <libutil.h> #endif +extern ServerOptions options; + /** ** prototypes for helper functions in this file **/ @@ -438,7 +441,8 @@ utmpx_write_entry(li); #endif #ifdef USE_WTMPX - wtmpx_write_entry(li); + if (!options.use_login) + wtmpx_write_entry(li); #endif return 0; } Index: session.c =================================================================== RCS file: /cvs/openssh_cvs/session.c,v retrieving revision 1.100 diff -u -r1.100 session.c --- session.c 2001/03/22 02:06:57 1.100 +++ session.c 2001/03/22 21:28:04...

...L, cray_job_termination_handler); +#endif /* _CRAY */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -517,7 +527,12 @@ /* record login, etc. similar to login(1) */ #ifndef HAVE_OSF_SIA if (!(options.use_login && command == NULL)) + { +# ifdef _CRAY + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +# endif /* _CRAY */ do_login(s, command); + } # ifdef LOGIN_NEEDS_UTMPX else...

Hi, As I understand the "ForceCommand" in the sshd_confing file is meant to ignore any command supplied by the client, but if user's home is shared by server and client machines over network (ex. NFS) then user can still put something else into ~/.ssh/rc file and overcome this limitation. Is it possible to disable execution of the ~/.ssh/rc file in such a case? Thaks, Mike

https://bugzilla.mindrot.org/show_bug.cgi?id=2060 Bug ID: 2060 Summary: sshd tries to use chdir to users home directory as root Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Sparc OS: Solaris Status: NEW Severity: normal Priority: P5

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in