similar to: [Bug 609] empty password accounts can login with random password

http://bugzilla.mindrot.org/show_bug.cgi?id=611 Summary: Unnecessary authentication attempt in auth2-none.c creates delay Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1468 Summary: sshd does not log failed attempts using key-based authentication only Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: security Priority: P2

I was trying to use rsync to send files to a fileserver using an rssh restricted server. It refuses, saying that trying to override the shell with -e is forbidden. I didn't type "-e". When I look at the source, I see /* Checking the pre-negotiated value allows --protocol=29 override. */ if (protocol_version >= 30) { /* We make use of the -e

Hi folks, thanks for the useful code! I've added some functionality to PHP Markdown Extra and PHP SmartyPants. Diffs attached. For PHP Markdown Extra: *A new config option, MARKDOWN_HEADER_BASE, which sets the largest header level that Markdown can generate and defaults to 1; useful if you use <h1> for site-wide elements and want Markdown-generated headers to start at

https://bugzilla.mindrot.org/show_bug.cgi?id=3193 Bug ID: 3193 Summary: Add separate section in sshd_config man page on Access Control Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

(apologies for the length - there are questions at the end...) I've been running Linux for 20 years, and done a lot of dual-boots. I know that's old-school now, but I run Linux 95% of the time yet don't want to lose a Windows system I've paid for - but I've never tried removing it from a system and reinstalling the same licenced copy inside a virtual machine. I bought a

Hello all, I have made SecurID authentication for OpenSSH 3.6.1p2. This patch was totaly rewritten, so please test it before use. Kbd-int authentication is now integrated into challenge response auth. Privsep is now fully suported. PS: What do you think of selective access to the individual authentications, similar to AllowGroups/DenyGroups or maybe AllowUsers/DenyUsers ? Vaclav Tomec

Hi, after installing 3.6.1p2 I noticed spurious PAM login failures even with PermitEmptyPasswords set to "no": sshd(pam_unix)[1740]: authentication failure; logname=XXX uid=0 euid=0 tty=NODEVssh ruser= rhost=localhost user=XXX After looking at the code I noticed the following in the portability p2 patch: +++ openssh-3.6.1p2/auth-passwd.c 2003-04-29 19:12:08.000000000 +1000

Greetings, I recently discovered a problem with OpenSSH 3.6.1p2 and UnixWare 7.1.1 (as well as OpenServer 5.0.X and SCO 3.2v4.2) When I set up sshd_config as follows: PasswordAuthentication no PermitEmptyPasswords yes and try to connect to a password less account ( I know its a F*up, but that's the application ID10Ts .... ) I can get in using the SSH2 version without a valid key, the

http://bugzilla.mindrot.org/show_bug.cgi?id=652 Summary: PermitEmptyPasswords option silently ignored Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Greetings, Problem : Openssh3.6.1p2 on UnixWare 7.1.1 allows access to passwordless account without a valid key when sshd_config has PasswordAuthentication no + PermitEmptyPasswords yes Attempts: Installed maintence pack3 and recompiled both OpenSSH and OpenSSL (0.9.7b) with native c compiler. Recompiled both OpenSSH and OpenSSL (0.9.7b) with gcc (2.95.2). Still the same problem. Looking at

I want to set up a machine which has an account with no password that can only be used locally, i.e. you cannot login over the network. The machine is in a room which is normally locked. It needs access to the network for videoconferencing, and this seemed a reasonable way to do things rather than putting passwords on post-it notes or Web pages. This is on a PC running RedHat Linux (7.0) I

Hey everyone, After discussing the AllowGroups I think I've discovered a bug. The system is a solaris 8 system and the problem is that when I use AllowGroups with no AllowUsers args, the proper actions happen. Same with AllowUsers and no AllowGroups. When I try to combine the two, none of the Allow directives seem to take. Is it just me or maybe a bug? -James

http://bugzilla.mindrot.org/show_bug.cgi?id=755 Summary: PermitEmptyPasswords ignored Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's

Hi, I hope this is the right place for a feature request. I'd like to have more flexible AllowUsers/DenyUsers synax. I am in a situation, where I have machines connected to three networks (a private, high speed, a public, and a private vpn) and I'd like to enable root logins only on the private networks. Currently I see no way of doing this, because there is no way to specify a

I need to start running a dual head on one of my machines. Eventual target is CentOS 5.x. Decided to test first on my 4.6 setup (eventually it will achieve 5.x). Both machines are fully up to date. The test machine is 4.6, 2 radeon video cards. Searched the web, CentOS site, even bugzilla. This bugzilla entry from a 4.2 system), http://bugs.centos.org/view.php?id=1875 had only a WFM response.

Hi, I wrote you to ask whether this patch is OK for you. I extracted from the current debian openssh patch set. The problem is that in a openssh 3.6.1p2 installation compiled with pam support when one is doing an ssh connection to a 3.6.1p2 ssh server there is a slight delay of around 3-4 seconds before one gets the login, and even before you type the login name and password you get this

https://bugzilla.mindrot.org/show_bug.cgi?id=1646 Summary: Match directive does not override default settings Product: Portable OpenSSH Version: 5.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

>From my secure log: Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user aaron Sep 19 01:16:45 lin12