similar to: PAMAuthenticationViaKbdInt and KeyAuth

If I set it to "no", should I still be able to login with a typed-in password? I get messages such as these: --- Jul 2 12:23:39 remedy.udel.edu sshd[6811]: [ID 800047 local4.debug] debug1: userauth-request for user ed service ssh-connection method password Jul 2 12:23:39 remedy.udel.edu sshd[6811]: [ID 800047 local4.debug] debug1: attempt 1 failures 1 Jul 2 12:23:39 remedy.udel.edu

http://bugzilla.mindrot.org/show_bug.cgi?id=256 Summary: Expired password unchangeable again with pam support Product: Portable OpenSSH Version: -current Platform: All OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=188 stevesk at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |smueller at atsec.com ------- Additional Comments From stevesk at pobox.com 2002-07-18 15:46 ------- *** Bug 256 has been marked as a

When using PAM to do password authenticaion the attempt/failure counter appears to be getting confused. This is using a rh62 system with the openssh-2.9p2-1 rpms... On the client side... [matthewm at toadhall (7) matthewm]$ grep Auth /etc/ssh/ssh_config RhostsAuthentication no RhostsRSAAuthentication no HostbasedAuthentication no RSAAuthentication no PubkeyAuthentication yes

Hello, I'm trying to use ntlm_auth and winbindd to authenticate users against a Windows 2003 AD server. Despite having "disable netbios yes", winbindd insists on doing one NetBIOS exchange on UDP port 138 on startup. If I block this port "wbinfo -t", "wbinfo -a username", and ntlm_auth request fail with: error code was NT_STATUS_INVALID_COMPUTER_NAME

I created snapshot for my whole zpool (zfs version 3): zfs snapshot -r tank@`date +%F_%T` then trid to send it to the remote host: zfs send tank at 2008-07-25_09:31:03 | ssh user at 10.0.1.14 -i identitykey ''zfs receive tank/tankbackup'' but got the error "zfs: command not found" since user is not superuser, even though it is in the root group. I found

This is the 2nd revision of the Advisory. 1. Versions affected: Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. All versions between 2.3.1 and 3.3 contain a bug in the PAMAuthenticationViaKbdInt code. All versions between 2.9.9 and 3.3

Hi, Initially when we do ssh from Cisco IOS Router to my linux machine, we use to see only one password prompt , even though we configured number of password prompts in Linux machine to 3. So, to overcome this issue , someone changed the values in sshd_config file in openssh-3.5pl. Before Fix #ChallengeResponseAuthentication yes #PAMAuthenticationViaKbdInt no After Fix

http://bugzilla.mindrot.org/show_bug.cgi?id=629 Summary: sshd_config & PAM backwards compatibility Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P5 Component: PAM support AssignedTo: openssh-bugs at mindrot.org

Hi there, is there any reason why the code for supporting expired PAM accounts in auth-pam.c:do_pam_account is commented out? Ie. it is not possible to log in to an expired account. When you enable this, the login procedure asks for a new password - all of this seems to work fine. This was enabled in version 3.1 or so, but now? Thanks Stephan -- Stephan M?ller

On Mon Feb 09 2015 at 1:23:37 PM Petr Lautrbach <plautrba at redhat.com> wrote: > It seems to be the same problem as described and discussed in this > [1] thread. MTU 1400 is not enough for packet sent by > openssh-6.6.1p1-11.1.fc21 with default settings. The size of one > of initial packets could be even 1968. Your VPN probably makes > a fragmentation but doesn't do the

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of

Hi, I am working with large numbers and identified that R looses precision for such high numbers. The precision is lost exactly when the number is equal or larger than 53 bits. See the following output which shows that the numbers below 53 bit have proper precision: > 2^53 [1] 9007199254740992 > 2^53-1 [1] 9007199254740991 > 2^53-2 [1] 9007199254740990 Now, see the numbers above 53

http://bugzilla.mindrot.org/show_bug.cgi?id=774 Summary: banner is displaying twice (/etc/issue) Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Solaris Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Hi: I Read these security advisory. http://lab.mediaservice.net/advisory/2003-01-openssh.txt Is my FreeBSD 5.0 afected? What other versions are afected? Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url :

PasswordAuthentication seems to be accepted regardless when DSA authentication is not available. Client and server are Linux - openssh-2.5.2p2-1.7.2 Server config is: Port 22 ListenAddress 0.0.0.0 HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_dsa_key KeyRegenerationInterval 3600 LoginGraceTime 600 ServerKeyBits 768 IgnoreRhosts yes PasswordAuthentication no

https://bugzilla.mindrot.org/show_bug.cgi?id=2024 Priority: P5 Bug ID: 2024 Assignee: unassigned-bugs at mindrot.org Summary: Allow to ssh client say to ssh-agent which key should be used. Severity: enhancement Classification: Unclassified OS: Linux Reporter: pub at mnu.pp.ru Hardware:

1. Versions affected: All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. OpenSSH 3.4 and later are not affected. OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled in sshd_config. OpenSSH 3.3 enables

A non-text attachment was scrubbed... Name: openssh.diff Type: text/x-patch Size: 49208 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020626/8f94fb5b/attachment.bin

Is there a way for a PAM module to force a client (and the server) to use kbd-interactive? As far as I can tell, when in the INITIAL_LOGIN phase, all communication with the client returns a PAM_CONV_ERR. I am trying to write a PAM module that will prompt a user for a second username and a second password in order for the module to succeed so that proper authentication relies on the ability