search for: userauth_finish

http://bugzilla.mindrot.org/show_bug.cgi?id=702 Summary: dont call userauth_finish after auth2_challenge_stop Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot...

https://bugzilla.mindrot.org/show_bug.cgi?id=983 --- Comment #51 from Petr Lautrbach <plautrba at redhat.com> 2012-03-28 02:35:54 EST --- Created attachment 2138 --> https://bugzilla.mindrot.org/attachment.cgi?id=2138 fixes of original patch (In reply to comment #46) > Created attachment 2096 [details] > Updated version of original patch. Fix missing braces around block in

http://bugzilla.mindrot.org/show_bug.cgi?id=559 Summary: PAM fixes Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: fcusack at fcusack.com - start PAM

Folks, During testing, we found a couple of issues with openssh3.0.2p1: 1. In userauth_finish() in auth2.c (as well as in do_authloop in auth1.c), the foll. check: if (authctxt->failures++ > AUTH_FAIL_MAX) is never satisfied and thus packet_disconnect() never gets called. I suspect the code just drops out of the dispatch_run function list instead. This should be an == instead of &...

...at.com Created attachment 2468 --> https://bugzilla.mindrot.org/attachment.cgi?id=2468&action=edit don't increment failures in case of partial success sshd logs auth failure even if there was no failed attempt in authenticationthat when using AuthenticationMethods, see logs: debug3: userauth_finish: failure partial=0 next methods="password" [preauth] debug1: userauth-request for user plautrba service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] ... debug3: userauth_finish: failure partial=1 next methods="publickey" [preauth] debug1: usera...

Hi, I'm in the position of having to support a fix for a bad interaction between sshd and winbind/Active Directory. It's solved by a small patch against openssh, but it would be nice to have the solution generally available. The problem has previously been described on this list by Andreas Schneider, see: https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-February/037556.html

...t); #endif xfree(devs); Index: auth2.c =================================================================== RCS file: /cvs/openssh/auth2.c,v retrieving revision 1.112 diff -u -p -r1.112 auth2.c --- auth2.c 24 Feb 2003 00:59:27 -0000 1.112 +++ auth2.c 1 Mar 2003 17:37:41 -0000 @@ -228,16 +228,7 @@ userauth_finish(Authctxt *authctxt, int if (authctxt->postponed) return; - /* XXX todo: check if multiple auth methods are needed */ - if (authenticated == 1) { - /* turn off userauth */ - dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); - packet_start(SSH2_MSG_USERAUTH_SUCCESS...

https://bugzilla.mindrot.org/show_bug.cgi?id=983 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1930 --- Comment #34 from Damien Miller <djm at mindrot.org> 2011-09-06 10:34:24 EST --- Retarget unresolved

...XAMPLE+user1 debug1: PAM: initializing for "EXAMPLE+user1" debug1: PAM: setting PAM_RHOST to "141.30.156.114" debug1: PAM: setting PAM_TTY to "ssh" debug2: input_userauth_request: try method none Failed none for EXAMPLE+user1 from 141.30.156.114 port 45018 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive" debug3: send packet: type 51 debug3: receive packet: type 50 debug1: userauth-request for user EXAMPLE+user1 service ssh-connection method gssapi-with-mic debug1: attempt 1 failures 0 debug2: i...

...connection method none debug1: attempt 0 failures 0 debug2: parse_server_config: config reprocess config len 506 debug2: input_userauth_request: setting up authctxt for SUPER.SUPER debug2: input_userauth_request: try method none Failed none for SUPER.SUPER from UNKNOWN port 65535 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" debug1: userauth-request for user SUPER.SUPER service ssh-connection method publickey debug1: attempt 1 failures 0 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are accep...

...initializing for "EXAMPLE+user1" > debug1: PAM: setting PAM_RHOST to "141.30.156.114" > debug1: PAM: setting PAM_TTY to "ssh" > debug2: input_userauth_request: try method none > Failed none for EXAMPLE+user1 from 141.30.156.114 port 45018 ssh2 > debug3: userauth_finish: failure partial=0 next > methods="publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive" > debug3: send packet: type 51 > debug3: receive packet: type 50 > debug1: userauth-request for user EXAMPLE+user1 service > ssh-connection > method gssapi-with-mic > de...

...uot;EXAMPLE+user1" >> debug1: PAM: setting PAM_RHOST to "141.30.156.114" >> debug1: PAM: setting PAM_TTY to "ssh" >> debug2: input_userauth_request: try method none >> Failed none for EXAMPLE+user1 from 141.30.156.114 port 45018 ssh2 >> debug3: userauth_finish: failure partial=0 next >> methods="publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive" >> debug3: send packet: type 51 >> debug3: receive packet: type 50 >> debug1: userauth-request for user EXAMPLE+user1 service >> ssh-connection >> method gs...

http://bugzilla.mindrot.org/show_bug.cgi?id=325 ------- Additional Comments From hlein at progressive-comp.com 2002-07-13 06:14 ------- Seeing this here too; it appears that when auth2.c:userauth_finish is called, forced_command has been cleared (or perhaps, never set in that forked sshd) so the call to auth_root_allowed(method) returns 0. The following patch makes forced-command logins as root work again, but I doubt this is the right fix. In fact the below may have serious problems; no warrant...

...key + * This problem is only with SSH2 though on Unixware 7.1.1, + * OpenServer 5.0.X and SCO 3.2v4.2. + * Linux (RedHat 7.X) is fine + */ + + authenticated = 0; + } } userauth_finish(authctxt, authenticated, method); uw7: /usr/udd1/dev # I have also tried 3.5p1 and the same situation exists. OpenSSH was compiled as follows: gcc --> 2.95.2 perl --> 5.004_04 ./configure --sysconf=/etc/ssh OpenSSH has been configured with the following options: User...

https://bugzilla.mindrot.org/show_bug.cgi?id=2061 Bug ID: 2061 Summary: Request for PermitRootLogin to be enforced prior to credential check Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Other OS: OpenBSD Status: NEW Severity: enhancement

...: mm_request_send entering: type 25 ROOT LOGIN REFUSED FROM 127.0.0.1 Failed publickey for root from 127.0.0.1 port 36951 ssh2: RSA SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa [preauth] ROOT LOGIN REFUSED FROM 127.0.0.1 [preauth] debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] FAIL: ssh connect with protocol 2 failed Connection closed by 127.0.0.1 [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug3: mm_request_receive entering debug1: do_c...

...n() function in sshlogin.c to go along with record_login(). This new function holds the platform-specific code. At the moment, this is AIX and UNICOS, but it will provide an obvious place for any other platforms that support this type of thing. auth_log() is called from do_authloop (proto 1) or userauth_finish (proto 2) and calls record_failed_login() for each failed password authentication. The next question is should this function get called for public-key authentications and, if so, under what circumstances? My best guess is that it should be called once if one or more public-key authentications wa...

On Tue, 23 Dec 2014, Dmt Ops wrote: > testing goole-authenticator's standalone functionality, it > > > cd google-authenticator/libpam/ > > ./demo > Verification code: 123456 > Login failed > Invalid verification code > > > > fails with an INVALID code, and > > > ./demo > Verification code:

...p_expire -1 days left -3 debug3: account expiration disabled debug2: input_userauth_request: setting up authctxt for admin debug2: input_userauth_request: try method none debug3: auth_shadow_pwexpired: today 2 sp_lstchg -1 sp_max 99999 Failed none for admin from 192.168.0.65 port 59719 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,password" debug1: userauth-request for user admin service ssh-connection method password debug1: attempt 1 failures 0 debug2: input_userauth_request: try method password Accepted password for admin from 192.168.0.65 port 59719 ssh2 debug1: Enteri...

...entering: type 9 debug2: monitor_read: 8 used once, disabling now debug2: input_userauth_request: setting up authctxt for cpdp [preauth] debug3: mm_inform_authserv entering [preauth] debug3: mm_request_send entering: type 4 [preauth] debug2: input_userauth_request: try method none [preauth] debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 4 used once, disabling now debug1: userauth-re...