similar to: Bug report against openssh-2.3.0p1

Hello, appended is a patch that makes it possible to use PAM both for password authentication and TIS (i.e. s/key or opie or any other interactive challenge/response scheme). I have developed this starting from the patch at http://www.debian.org/Bugs/db/61/61906.html on Debian with openssh-2.1.1p4-3. After configuring ssh with --with-pam-tis, there are two PAM services, "sshd" and

http://bugzilla.mindrot.org/show_bug.cgi?id=118 Summary: Implement TIS (protocol 1) via PAM Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: fcusack at

is this ok? symptom is: debug1: Starting up PAM with username "stevesk" debug1: Trying to reverse map address 127.0.0.1. debug1: PAM setting rhost to "localhost" debug1: Attempting authentication for stevesk. debug1: PAM Password authentication for "stevesk" failed[9]: Authentication failed Failed rsa for stevesk from 127.0.0.1 port 49568 Index: auth1.c

A while back, I sent in a patch that added Digital Unix SIA authentication to OpenSSH. Well, I just figured out that it didn't handle everything correctly (locked accounts could still log in). I thought I had checked that, but I guess I missed it. Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator

Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /*

Dear list, since the order of authentication and AFS token/KRB TGT forwarding changed (around 3.0), we have had problems with users accidentally overwriting their credentials from a "password" login with forwarded credentials. E.g. user A logs in as user B, but stays with the AFS permissions of user A. A workaround is to use "-k" on these sessions, but "it worked without

BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's authentication library. However, BSDI's patches have several problems: 1. They don't run the approval phase, so they can allow users to login who aren't supposed to be able to. 2. They don't patch configure to automatically detect the BSDI auth system, so they're not ready to use in a general portable

The following are patches against openssh 2.1.1p4 to add support for the BSD_AUTH authentication mechanisms. It allows the use of non-challenge/response style mechanisms (which styles are allowed my be limited by appropriate auth-ssh entries in login.conf). The patches also add support for calling setusercontext for the appropriate class when called with a command (so that the PATH, limits,

For every (successful) ssh-connection we got an additional annoying entry in /var/log/messages like the following: Jun 19 09:06:57 LIN3135 pam_afs[5913]: AFS Won't use illegal password for user usenbinz The OpenAFS PAM module posts this message when it is called for authentication with an (disallowed) empty password. The simple patch below checks PermitEmptyPasswords in sshd_config before

Hi, We've encountered a bug with OpenSSH 3.8.1p1 on Linux. With an account that has an empty password and with PAM and Privilege Separation turned on through the SSH1 protocol, the login fails with: fatal: mm_request_receive_expect: read: rtype 24 != type 46 I believe the problem is a missing do_pam_account() call. The patch below to auth1.c fixes the problem. If this is correct, can

Hi, I have a problem with my printing setup of a windows XP client with a samba server. The windows driver seems to use different ways of smb/printer communication for printing in normal/duplex mode and for printing brochures. The latter failes silently. normal/duplex printing uses: SMB Open Print File Request brochure printing starts with: SPOOLSS OpenPrinterEx request I recorded the network

L.S We have a problem compiling the latest ssh (openssh2.1.1p2) on TRU64 Unix 4.0D we got the following error message ... auth1.c:507: `saved_argv' undeclared (first use in this function) .... auth1.c:509: warning: passing arg 4 of `sia_validate_user' discards qualifiers from pointer target type *** Exit 1 where line 509 ===> (sia_validate_user(NULL, saved_argc, saved_argv,

Hi, after installing 3.6.1p2 I noticed spurious PAM login failures even with PermitEmptyPasswords set to "no": sshd(pam_unix)[1740]: authentication failure; logname=XXX uid=0 euid=0 tty=NODEVssh ruser= rhost=localhost user=XXX After looking at the code I noticed the following in the portability p2 patch: +++ openssh-3.6.1p2/auth-passwd.c 2003-04-29 19:12:08.000000000 +1000

http://bugzilla.mindrot.org/show_bug.cgi?id=192 ------- Additional Comments From mouring at eviladmin.org 2002-03-28 04:04 ------- If I understand the PAM code (none of the PRIVSEP code has been made to work with it right now) one should never called auth_password() they should be calling auth_pam_password().. So in mm_answer_authpassword() function it should look something like this

Hi, Summary of my problem: Remote X forwarding is apperently randomly impossible for different display numbers. At the end of this mail you will find a recipe for how to reproduce this behaviour easily. I use SuSE 10.2 with the following openssh version: OpenSSH_4.4p1, OpenSSL 0.9.8d 28 Sep 2006 Clients (Linux and Windows (Cygwin)) connect to the server with X-Forwarding enabled

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

Hi, the following patch removes some of the Cygwin specific code from OpenSSH. Since Cygwin is able to change the user context on NT/W2K even without a password since the new Cygwin version 1.3.2, there's no need anymore to allow changing the user context only if the sshd user is the same user as the one which logs in or when a password is given. For that reason the whole function

Hi, the following patch fixes a potential security hole in the Cygwin version of sshd. If you're logging in to a Cygwin sshd with version 2 protocol using an arbitrary user name which is not in /etc/passwd, the forked sshd which is handling this connection crashes with a segmentation violation. The client side encounters an immediate disconnect ("Connection reset by peer").

Hello. I have a linux-based system that acts as a cvs-server on an NT-domain. The cvs-repository is reached whith ssh. My comments are for version 1.2.2 (debian distribution 1.2.2-1). I made a pam-module for adding users automatically when they have been authorized by the pam_smb_auth. Problem is that sshd checks if the user exists in passwd before going to pam for authorization. I made a

Hi, I would like to report a bug in OpenSSH-1.2.2 (release) under Linux. Under certain conditions the sshd client process segfaults while doing the password authentification. I have observed the behaviour with glibc 2.0.7 (non-PAM), glibc 2.1.1 (PAM) and glibc 2.1.2 (PAM), when 'RhostsRSAAuthentication yes' is chosen in sshd_config. It appears to happen regardless whether PAM is used or