Displaying 20 results from an estimated 2000 matches similar to: "Problem with OpenSSH with UseLogin.. AGAIN!!!"
2000 Jun 09
2
OpenSSH's UseLogin option allows remote access with root privilege.
OpenSSH's UseLogin option allows remote access with root privilege.
1. Systems affected:
The default installation of OpenSSH is not vulnerable, since
UseLogin defaults to 'no'. However, if UseLogin is enabled,
all versions of OpenSSH prior to 2.1.1 are affected.
2. Description:
If the UseLogin option is enabled the OpenSSH server (sshd)
2002 Jul 25
3
[PATCH] prevent users from changing their environment
We have a system on which users are given a very restricted environment
(their shell is a menu) where they should not be able to run arbitrary
commands. However, because their shell is not statically linked, ld.so
provides a nice clutch of holes for them to exploit. The patch below
adds a new configuration option to sshd which quashes their attempts
to set LD_PRELOAD etc. using ~/.ssh/environment
2000 Jun 02
6
scp creating root files
Folks,
I noticed that whenever I scp'ed a file to my test server (running OpenSSH
2.1.0p2, and then tested with p3) it was created owned by root.
/home/me $ ls -al .profile
-rwx------ 1 me group 1056 Jan 18 1999 .profile
/home/me $ scp .profile me at server:test
me at server's password:
.profile 100%
2000 Dec 17
2
Portable OpenSSH Solaris UseLogin Issue
Greetings,
In order to use solaris's BSM (Basic security module) also called c2 audit,
which logs specific kernel calls depending on your audit_control,
I would need to use login(1) to log users exec calls and whatnot because
Portable OpenSSH does not have <bsm/audit.h> support, now that would mean I
would have to enable Uselogin in sshd_config in order for that to work.
I am running
2001 Apr 29
2
PATCH: UseLogin fix for 2.9p1 (w/improved last-login time)
Attached is the latest version of my UseLogin patch that makes
"UseLogin true" work on Solaris and UNICOS. As usual, I have provided
configure.in changes that set the appropriate defines for Solaris, but
I have not provided the configure.in changes for UNICOS (since they
would be incomplete, and Wendy is working on this).
This version fixes a problem with the last-login time always
2001 Apr 04
1
Solaris UseLogin problems
I'm using openssh 2.5.2p2 on Solaris-x86 2.6. I ran into a couple
problems when I set UseLogin to "yes":
The big one seems to have been reported before: login refuses to run
without a utmpx entry. This problem appears to have been caused by
the changes in revision 1.24 of session.c. Before this revision, the
record_login() function was always called, no matter how UseLogin was
2001 Mar 14
1
/etc/default/login patch?
Would anybody happen to have or know of a patch to make /etc/default/login
PATH and SUPATH the default openssh path? We have customized paths for each
school of engineering (each have their own customized site bin). This is
easily controled with /etc/default/login. The --with-default-path option
is too rigid. This is Solaris I am talking about.
--mike
2000 Jun 09
0
OpenSSH's UseLogin option allows remote access with root privilege. (fwd)
--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
---------- Forwarded message ----------
Date: Fri, 9 Jun 2000 17:06:30 +0200
From: Markus Friedl <markus.friedl at informatik.uni-erlangen.de>
To: BUGTRAQ at SECURITYFOCUS.COM, misc at openbsd.org,
2001 Feb 19
2
Bug in 2.3.0p1 when using UseLogin
Hello,
I tried UseLogin, because ssh does not seem to propagate the tty
controlling characters from the local to the remote tty and the login(1)
on my system offers a config file to set them. Unfortunately, when using
UseLogin, sshd does not run xauth. I can only guess that it does so,
because it would have to drop privileges for doing so, but that makes
UseLogin about useless.
I am not
2002 Jul 23
2
Irix UseLogin wtmp/utmp bug
I am using the "UseLogin yes" configuration parameter to call the
/usr/bin/login program on SGI Irix, (we are using Irix version
6.5.13). I do this because the SGI login program is AFS awhere and
checks out a token for you and I do not want to compile the Kerberos
version of sshd, (it is to messy for me to support).
Everything seems to work fine accept the wtmp(x) and utmp(x) files do
2000 Jul 19
1
UseLogin yes and 'w': IP address used
Hello all,
I just noticed that if I enable UseLogin, IP address will be shown in 'w'
when logging on. If UseLogin is disabled, the hostname will be used.
I tested this on 2.1.1p2 and p4, on home-grown Redhat Linux 6.2.
Anyone else notice this? Is this an issue with OpenSSH or login?
--
Pekka Savola "Tell me of difficulties surmounted,
Pekka.Savola at
2001 Apr 16
1
UseLogin portability
Back on April 4th I sent a patch that makes UseLogin work on Solaris.
This change also made UseLogin work with Unicos (both of which require
a valid utmpx entry before /usr/bin/login will run). I have not heard
back from any of the ssh developers about this issue, and the current
snapshot doesn't appear to deal with this problem at all.
So, is there some issue here we still need to deal
2005 Apr 21
3
[Bug 1024] SSHD fails to connect when "UsePAM and UseLogin" is yes
http://bugzilla.mindrot.org/show_bug.cgi?id=1024
Summary: SSHD fails to connect when "UsePAM and UseLogin" is yes
Product: Portable OpenSSH
Version: 4.0p1
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
2001 Mar 22
0
Solaris UseLogin problem
I was having problems getting the UseLogin option to work
on Solaris.
I would recieve this error:
No utmpx entry. You must exec "login" from the lowest level "shell".
This led me to believe that Solaris login wants a utmpx entry in
order to function. I put together a patch that calls record_login
on Solaris when using the system login. I also noticed that writing
a wtmpx
2005 May 05
4
[Bug 1030] sshd writes twice to wtmp when "UseLogin" is yes
http://bugzilla.mindrot.org/show_bug.cgi?id=1030
Summary: sshd writes twice to wtmp when "UseLogin" is yes
Product: Portable OpenSSH
Version: 4.0p1
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
2005 May 06
7
[Bug 1032] PrintLastLog is not working with UseLogin yes
http://bugzilla.mindrot.org/show_bug.cgi?id=1032
Summary: PrintLastLog is not working with UseLogin yes
Product: Portable OpenSSH
Version: 4.0p1
Platform: All
OS/Version: HP-UX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2006 Jun 20
1
unable to login with LDAP when set Uselogin to yes
Hi,
I am not sure this is a bug in Openssh or not.
I am running Openssh 4.1p1. with openssl 0.9.7g
Scenario:
Due to audit enabled on the system, I will need to set Uselogin to yes so
that audit will track system call.
But when try to login to system with a LDAP user. I get the following.
eg:
[n113839 at r3ent15pc ~]$ ssh tfstst1 -l ntesting1
ntesting1 at tfstst1's password:
Login incorrect
2015 Apr 17
0
[Bug 378] sshd does not update utmp/utmpx records correctly when "UseLogin" feature on
https://bugzilla.mindrot.org/show_bug.cgi?id=378
--- Comment #3 from Darren Tucker <dtucker at zip.com.au> ---
Comment on attachment 2590
--> https://bugzilla.mindrot.org/attachment.cgi?id=2590
skip record_login in privsep when UseLogin is active
>+ if (!options.use_login)
>+ return;
>+
Err, that's going to skip the login recording when UseLogin is
INactive.
--
You
2000 Aug 05
1
Making UseLogin yes requires a valid reverse DNS enty
Hi, I am using openssh 2.1.1pl4 on a Linux 2.2.16 box [RH 6.1
distribution], I was confused as to why when I telnet into that box, I
get /usr/local/bin in my PATH but when I ssh into my box, /usr/local/bin
is not in my PATH
I modified /etc/ssh/sshd_config to have UseLogin yes and then when I try
to ssh into that box, I couldn't. ssh -v showed the following
debug: Requesting shell.
debug:
2001 Jun 06
1
One more UseLogin tweak
One other thing I noticed in the record_utmp_only() function is that
it wasn't setting the timestamp in the logininfo structure. The
following patch takes care of this:
--- old/loginrec.c Wed Jun 6 11:12:14 2001
+++ loginrec.c Wed Jun 6 11:13:42 2001
@@ -448,6 +448,8 @@
login_utmp_only(struct logininfo *li)
{
li->type = LTYPE_LOGIN;
+ /* set the timestamp */
+