search for: utmp_len

...(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) diff -urN openssh-3.1p1.old/canohost.c openssh-3.1p1/canohost.c --- openssh-3.1p1.old/canohost.c Mon Mar 4 20:31:29 2002 +++ openssh-3.1p1/canohost.c Tue Apr 9 21:05:15 2002 @@ -284,9 +284,11 @@ get_remote_name_or_ip(u_int utmp_len, int verify_reverse_mapping) { static const char *remote = ""; - if (utmp_len > 0) + /* Assume that if utmp_len = -1 then there is no limit on the + hostname length */ + if (utmp_len > 0 || utmp_len == -1) remote = get_canonical_hostname(verify_reverse_mapping); - if (utmp_len...

In sshd.c: /* record remote hostname or ip */ u_int utmp_len = MAXHOSTNAMELEN; However, HOSTNAMELEN is almost certainly too long. Is there a reason not to use UT_HOSTSIZE instead, as below? Index: sshd.c =================================================================== --- sshd.c (revision 182719) +++ sshd.c (working copy) @@ -72,6 +72,7 @@...

...switch (opt) { diff -Nur openssh-2.2.0p1-/sshd.c openssh-2.2.0p1/sshd.c --- openssh-2.2.0p1-/sshd.c Tue Aug 29 02:05:50 2000 +++ openssh-2.2.0p1/sshd.c Sun Oct 29 16:44:50 2000 @@ -140,7 +140,7 @@ int session_id2_len = 0; /* record remote hostname or ip */ -unsigned int utmp_len = MAXHOSTNAMELEN; +unsigned int utmp_len = 256; /* bigger than LI_HOSTSIZE makes no sense */ /* Prototypes for various functions defined later in this file. */ void do_ssh1_kex(); -- Debian Developer and Quality Assurance Team Member 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC...

...ct sockaddr *) & from, &fromlen) < 0) { + debug("getpeername: %.100s", strerror(errno)); + fatal_cleanup(); + } + } + + record_utmp_only(pid, s->tty, s->pw->pw_name, + get_remote_name_or_ip(utmp_len, options.reverse_mapping_check), + (struct sockaddr *)&from); +} +#endif + /* * This is called to fork and execute a command when we have no tty. This * will call do_child from the child, and server_loop from the parent after @@ -621,34 +649,6 @@ /* server_loop _...

..._ttyok(lc, s->tty)) { (void)printf("Permission denied.\n"); log( "LOGIN %.200s REFUSED (TTY) FROM %.200s ON TTY %.200s", pw->pw_name, get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), s->tty); exit(254); } #endif /* HAVE_LOGIN_CAP */

http://bugzilla.mindrot.org/show_bug.cgi?id=549 Summary: Login Delay / Remove unwanted reverse map check Product: Portable OpenSSH Version: 3.5p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

...itor.c~ 2005-07-17 08:53:31.000000000 +0100 +++ openssh-4.2p1/monitor.c 2006-01-07 18:40:42.000000000 +0000 @@ -69,6 +69,8 @@ RCSID("$OpenBSD: monitor.c,v 1.63 2005/0 static Gssctxt *gsscontext = NULL; #endif +#ifdef USE_PRIVSEP + /* Imports */ extern ServerOptions options; extern u_int utmp_len; @@ -1916,3 +1918,5 @@ mm_answer_gss_userok(int sock, Buffer *m return (authenticated); } #endif /* GSSAPI */ + +#endif /* USE_PRIVSEP */ --- openssh-4.2p1/monitor_mm.c~ 2004-10-06 14:15:44.000000000 +0100 +++ openssh-4.2p1/monitor_mm.c 2006-01-07 18:39:36.000000000 +0000 @@ -35,6 +35,8 @@ RCSI...

...oid do_exec_pty(Session *, const char *); +#ifdef LOGIN_NEEDS_UTMPX +static void do_pre_login(Session *s); +#endif void do_exec_no_pty(Session *, const char *); void do_exec(Session *, const char *); void do_login(Session *, const char *); @@ -147,6 +150,7 @@ extern int debug_flag; extern u_int utmp_len; extern int startup_pipe; extern void destroy_sensitive_data(void); +extern void record_utmp_only(pid_t, const char *, const char *, const char *, struct sockaddr *); /* original command from peer. */ const char *original_command = NULL;

..._time = get_last_login_time(pw->pw_uid, pw->pw_name, - hostname, sizeof(hostname)); - } - /* Record that there was a login on that tty from the remote host. */ record_login(pid, s->tty, pw->pw_name, pw->pw_uid, get_remote_name_or_ip(utmp_len, options.reverse_mapping_check), @@ -741,14 +738,14 @@ printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ - if (options.print_lastlog && last_login_time != 0) { - time_string = ctime(&last_login_time); + if (options.prin...

...====== RCS file: /cvs/openssh/auth-pam.c,v retrieving revision 1.54 diff -u -w -u -w -b -p -r1.54 auth-pam.c --- auth-pam.c 28 Jul 2002 20:24:08 -0000 1.54 +++ auth-pam.c 24 Nov 2002 18:43:41 -0000 @@ -378,10 +378,13 @@ void start_pam(const char *user) extern ServerOptions options; extern u_int utmp_len; const char *rhost; + char buf[1024]; debug("Starting up PAM with username \"%.200s\"", user); - pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &__pamh); + strlcpy(buf, SSHD_PAM_SERVICE, sizeof(buf)); + strlcat(buf, options.pam_service_name_append, sizeof(...

...ic (possibly) and update state */ + if (!sshpam_handle_lock_count && sshpam_handle_lock_ready) { + sshpam_handle_lock_ready = 0; + pthread_mutexattr_destroy(&lock_attr); + pthread_mutex_destroy(&sshpam_handle_lock); + } +#endif } static int @@ -296,30 +370,53 @@ extern u_int utmp_len; extern char *__progname; const char *pam_rhost, *pam_user; + pam_handle_t *sshpam_handle_holder; + +#ifdef USE_POSIX_THREADS + /* (Re)initialize our pthread structures if it's safe to do so. Only + * free them if they were previously initialized and they aren't + * currently in use....

...=========================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v retrieving revision 1.238 diff -u -r1.238 session.c --- session.c 3 Jun 2003 00:25:48 -0000 1.238 +++ session.c 5 Jul 2003 02:21:49 -0000 @@ -95,6 +95,7 @@ extern u_int utmp_len; extern int startup_pipe; extern void destroy_sensitive_data(void); +extern Buffer loginmsg; /* original command from peer. */ const char *original_command = NULL; @@ -103,10 +104,6 @@ #define MAX_SESSIONS 10 Session sessions[MAX_SESSIONS]; -#ifdef WITH_AIXAUTHENTICATE -char *aixloginmsg;...

Hi. One thing that people seem to want to do with PAM is to deny a login immediately without interacting but return a message to the user. (Some platforms implement, eg, /etc/nologin via PAM this way.) Currently, sshd will just deny the login and the user will not be told why. Attached it a patch that return a keyboard-interactive packet with the message in the "instruction"

...eof(from); + if (getpeername(packet_get_connection_in(), + (struct sockaddr *) & from, &fromlen) < 0) { + debug("getpeername: %.100s", strerror(errno)); + fatal_cleanup(); + } + } + + record_utmp_only(pid, s->tty, s->pw->pw_name, + get_remote_name_or_ip(utmp_len, options.reverse_mapping_check), + (struct sockaddr *)&from); +} +#endif + /* administrative, login(1)-like work */ void do_login(Session *s, const char *command) @@ -1511,6 +1546,9 @@ /* Launch login(1). */ execl(LOGIN_PROGRAM, "login", "-h", hostname, +#if...

...=========================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v retrieving revision 1.241 diff -u -r1.241 session.c --- session.c 8 Jul 2003 12:59:59 -0000 1.241 +++ session.c 9 Jul 2003 02:02:53 -0000 @@ -95,7 +95,9 @@ extern u_int utmp_len; extern int startup_pipe; extern void destroy_sensitive_data(void); +extern int password_change_required; extern Buffer loginmsg; +extern Buffer expiremsg; /* original command from peer. */ const char *original_command = NULL; @@ -461,6 +463,9 @@ "TTY available"); } #end...

...=========================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v retrieving revision 1.241 diff -u -r1.241 session.c --- session.c 8 Jul 2003 12:59:59 -0000 1.241 +++ session.c 9 Jul 2003 02:02:53 -0000 @@ -95,7 +95,9 @@ extern u_int utmp_len; extern int startup_pipe; extern void destroy_sensitive_data(void); +extern int password_change_required; extern Buffer loginmsg; +extern Buffer expiremsg; /* original command from peer. */ const char *original_command = NULL; @@ -461,6 +463,9 @@ "TTY available"); } #end...

...session.c Sat Oct 4 23:36:50 2003 @@ -692,7 +692,9 @@ } /* Record that there was a login on that tty from the remote host. */ +#ifndef DISABLE_PRIVSEP if (!use_privsep) +#endif /* DISABLE_PRIVSEP */ record_login(pid, s->tty, pw->pw_name, pw->pw_uid, get_remote_name_or_ip(utmp_len, options.use_dns), @@ -1668,7 +1670,9 @@ * time in case we call fatal() (e.g., the connection gets closed). */ fatal_add_cleanup(session_pty_cleanup, (void *)s); +#ifndef DISABLE_PRIVSEP if (!use_privsep) +#endif /* DISABLE_PRIVSEP */ pty_setowner(s->pw, s->tty); /* Se...

Numerous how-tos all over the Internet show how one would set up a tunnel using ssh, e.g.: ssh -f -o Tunnel=ethernet <server_ip> true I was wondering if there's a way to subsequently acquire the names of the local and remote tun/tap interfaces (e.g., using the default "-w any:any") for subsequent automatic tunnel configuration, e.g.: ip link set $TapDev up ip link set

...command, const char *realname) { char *time_string; char hostname[MAXHOSTNAMELEN]; @@ -690,7 +690,7 @@ /* Record that there was a login on that tty from the remote host. */ record_login(pid, s->tty, pw->pw_name, pw->pw_uid, get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), - - (struct sockaddr *)&from); + (struct sockaddr *)&from, realname); #ifdef USE_PAM /* @@ -1509,7 +1509,7 @@ } static int - -session_subsystem_req(Session *s) +session_subsystem_req(Session *s, const char *realname) {...

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the