similar to: [Bug 1207] sshd does not clear unsuccessful login count on non-interactive logins

http://bugzilla.mindrot.org/show_bug.cgi?id=1207 Summary: unsuccessful_login_count gets incremented by scp Product: Portable OpenSSH Version: 4.3p1 Platform: PPC OS/Version: AIX Status: NEW Severity: major Priority: P1 Component: scp AssignedTo: bitbucket at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=355 ------- Additional Comments From dtucker at zip.com.au 2002-08-25 18:10 ------- It looks like the call to loginsuccess() fails because it's done as a non-privileged user. This is bad because in addition to generating the message it also clears the failed login counter that leads to account lockout. The following patch fixes it for me

On AIX 4.3.3 and AIX 5.1, the last successful and unsuccessful logins are no longer printer prior to the motd with either the stock openssh-3.7.1p2 or Darren's openssh-3.7.1p2-pwexp24.patch. In both cases it appears that the loginsuccess() call (auth-passwd.c stock or auth.c Darren's patch) is returning -1 and msg is not appended to loginmsg. /etc/security/lastlog is updated despite

Hi, using PAM, how can I configure how many attempts a user can make to connect, and if exceeding a certain number, block him for a specified amount of time? Any idea what the defaults are?

Folks, During testing, we found a couple of issues with openssh3.0.2p1: 1. In userauth_finish() in auth2.c (as well as in do_authloop in auth1.c), the foll. check: if (authctxt->failures++ > AUTH_FAIL_MAX) is never satisfied and thus packet_disconnect() never gets called. I suspect the code just drops out of the dispatch_run function list instead. This should be an == instead of >.

http://bugzilla.mindrot.org/show_bug.cgi?id=543 Summary: sshd does not use AIX's setauthdb Product: Portable OpenSSH Version: 3.6p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: cawlfiel at

Here are some patches to re-enable support for AIX's authenticate routines. With them, ssh will honor locked & unlocked accounts, record successful and unsuccessful logins, and deny accounts that are prohibited to log in via the network. Tested with AIX 4.3. It also includes a fix for handling SIGCHLD that may be needed for other platforms (HP-UX 10.20, for example). If I get the time

http://bugzilla.mindrot.org/show_bug.cgi?id=145 ------- Additional Comments From dtucker at zip.com.au 2002-06-21 23:43 ------- Created an attachment (id=116) Merge all previous patches and diff against -cvs ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=463 ------- Additional Comments From dtucker at zip.com.au 2003-01-07 23:43 ------- Generate the message earlier in the login process and store for display after session startup? Rather than another variable for this (eg aixloginmsg, maybe __pam_msg), what about using a single Buffer for storing all of the messages to be displayed after login?

http://bugzilla.mindrot.org/show_bug.cgi?id=463 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #235 is|0 |1 obsolete| | Attachment #288 is|0 |1 obsolete|

There are a couple of bugs in the openssh-3.7.1p2. The aix_setauthdb function does not work with other types of authentication such as AFS/DFS. The loginfailed test in configure is not correct. Also, AIX can use the wtmp logging which I added in configure. Attached is the patch. Thanks, Matt Richards -------------- next part -------------- *** openssh-3.7.1p2/openbsd-compat/port-aix.c Mon Jul 14

http://bugzilla.mindrot.org/show_bug.cgi?id=475 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From dtucker at zip.com.au 2003-01-26

http://bugzilla.mindrot.org/show_bug.cgi?id=442 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #183 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-02-23 22:53 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=463 m4gw4s at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|FIXED | ------- Comment #17 from m4gw4s at gmail.com 2006-10-27 23:31 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=442 Summary: sshd allows login via public-key when account locked Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=442 ------- Additional Comments From dtucker at zip.com.au 2002-11-24 14:25 ------- Created an attachment (id=181) --> (http://bugzilla.mindrot.org/attachment.cgi?id=181&action=view) Test for locked account in allowed_user() Tested on Redhat 8 and Solaris 8. ------- You are receiving this mail because: ------- You are the assignee for

http://bugzilla.mindrot.org/show_bug.cgi?id=442 ------- Additional Comments From dtucker at zip.com.au 2003-05-11 12:07 ------- Further info: it appears that in later patch sets, Solaris 8 and 9 now check the password string against *LK* in PAM and deny access even for non-password authentications (eg rhosts).

Hi. Some people have reported that login messages reported by sshd have extra newlines. It looks like there are 2 causes of this: a) some PAM modules like to return messages of "", which sshd dutifully appends a newline to and stores for later display. b) display_loginmsg appends a newline too (I think this dates back to before PAM supplied its own newlines). The attached

http://bugzilla.mindrot.org/show_bug.cgi?id=643 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|sshd bus faults on 64-bit |sshd bus faults (64bit) or |SPARCs when reading |segfaults (32bit) when |/etc/default/login

http://bugzilla.mindrot.org/show_bug.cgi?id=1150 Summary: sshd records incorrect login times Product: Portable OpenSSH Version: 4.3p1 Platform: Other URL: http://marc.theaimsgroup.com/?l=openssh-unix- dev&m=113890107022083&w=2 OS/Version: Solaris Status: NEW Severity: major