similar to: [Bug 580] disable kbdint if host key mismatch

http://bugzilla.mindrot.org/show_bug.cgi?id=559 Summary: PAM fixes Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: fcusack at fcusack.com - start PAM

https://bugzilla.mindrot.org/show_bug.cgi?id=1438 Summary: Adds an out-of-band challenge (OBC) authentication method (via kbdint) Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: normal

http://bugzilla.mindrot.org/show_bug.cgi?id=568 Summary: Kerberos password auth/expiry kbdint patch Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P4 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=582 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Comment #2 from djm at mindrot.org 2005-11-06 03:46 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=117 ------- Additional Comments From fcusack at fcusack.com 2002-04-16 23:27 ------- sshd should definitely not be using 'NOUSER'. The correct thing is to use the username, regardless of whether (pw) exists. I can't understand why you would substitute the value 'NOUSER'. ------- You are receiving this mail because: -------

https://bugzilla.mindrot.org/show_bug.cgi?id=1439 Summary: Adds Virtual Token (VToken) authentication method to kbdint Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2

https://bugzilla.mindrot.org/show_bug.cgi?id=1439 Summary: Adds Virtual Token (VToken) authentication method to kbdint Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2

I took Markus Friedl's advice and set up a KbdintDevice for Kerberos password authentication/expiry. It took me a bit to wrap my head around privsep, but I think it's working properly (code stolen shamelessly from FBSD's PAM implementation :->). The hardest part was working out how to get the interaction between krb5_get_init_creds_password() (along with the prompter) to work

http://bugzilla.mindrot.org/show_bug.cgi?id=582 Summary: Add 'KbdintXORPasswordAuthentication' option. Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

Hello, I was chasing some unexpected behaviour from OpenSSH, and have come across an oddity in the source code which may or may not be a bug. In auth2-kbdint.c, the Authmethod struct declares options.kbd_interactive_authentication as the enabled flag for this method. However in the implementation function a few lines above, it checks options.challenge_response_authentication to decide whether to

Below is a patch against the current OpenBSD OpenSSH CVS to workaround a behavior I have observed when converting from SSH 1.2.27 to OpenSSH while using the same old RSA1 host key for protocol 1. In several cases I saw that old SSH sshd reported a host key size of 1024 bits when OpenSSH saw it as 1023 bits. Without the patch, when OpenSSH's ssh client connects to an old SSH sshd it warns

I need a way to make sshd require S/KEY authentication to succeed before allowing either password or public-key authentication. Currently, we can only have S/KEY+password, by using PAM for authentication, and configuring PAM accordingly. But PAM of course can't handle SSH public keys. I thought for a while that ideally we could actually use PAM to tell sshd what methods of authentication to

I am trying to install openssh on sco unix 7.1 and getting following error , please help I have installed zlib - zlib-1.2.3 Openssl openssl-0.9.8e Openssh openssh-4.6p1 # make if test ! -z "yes"; then \ /usr/bin/perl ./fixprogs ssh_prng_cmds ; \ fi (cd openbsd-compat && make) cc -o ssh

On Thu, Jun 07, 2018 at 06:14:42PM -0700, PGNet Dev wrote: > On 6/7/18 6:08 PM, Darren Tucker wrote: > > Well the intent is you should be able to set CC and LD to whatever you > > want as long as they work. In this case, the OSSH_CHECK_LDFLAG_LINK > > test invokes autoconf's AC_LINK_IFELSE with uses CC not LD. I'm not > > sure what to do about it yet though. I

https://bugzilla.mindrot.org/show_bug.cgi?id=2246 Bug ID: 2246 Summary: PAM enhancements for OpenSSH server Product: Portable OpenSSH Version: 6.6p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee: unassigned-bugs at

Hi. One thing that people seem to want to do with PAM is to deny a login immediately without interacting but return a message to the user. (Some platforms implement, eg, /etc/nologin via PAM this way.) Currently, sshd will just deny the login and the user will not be told why. Attached it a patch that return a keyboard-interactive packet with the message in the "instruction"

http://bugzilla.mindrot.org/show_bug.cgi?id=936 Summary: S/Key authentication fails if UsePAM=no Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: ulm at

I configure as follows: ./configure --with-zlib=/usr/local/include cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o

hello, little problem compiling openssh 4.6p1 on irix using mipspro 7.4.x. c99 -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o

Also what exact distro and version are you having the problem on and what version of ld does it have? Mine is $ ld --version GNU ld version 2.29.1-23.fc28 -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.