similar to: PrivSep and AIX 4.3.2

Can we do this? Or should we drop the whole char *tty; ? There will be no way of setting the TTY= correctly while using privsep (Mainly for multiple streams over single session). The only thing we really could do is do: In do_setusercontext() if (use_privsep) aix_usrinfo(pw, NULL); and back in the old spot put: if (!use_privsep) aix_usrinfo(pw, s->ttyfd == -1 ? NULL : s->tty);

Recently we made somemajor changes to do_child() in OpenSSH -current. Those changes included splitting it up into smaller chunks to help with readability and also to extract out IRIX and AIX specific code to reduce the number of lines in our diffs against the OpenSSH tree. I need people to do some testing on different platforms to ensure that all the right #ifdef/#endif bits got put back in

IRIX has a compatibility mechanism that lets you test for optional symbols (like jlimit_start) at run-time. I think these patches will let all all IRIX 6.5 systems build images that will test for job limit support dynamically: --- ./configure.ac Wed Feb 27 01:12:35 2002 +++ ../openssh-3.1p1/./configure.ac Thu Mar 7 15:50:21 2002 @@ -115,7 +115,7 @@ AC_DEFINE(WITH_IRIX_ARRAY)

Hello, I'm not sure if this has already been addressed, I looked through the archives and can't seem to find anything. I also did some Usenet searching and only found one article mentioning this, and it was in French. Anyway, the problem is that it appears as though when using privsep opensshd doesn't execute pam_session as root, and this causes pam_mkhomedir to fail.

--- openbsd-compat/port-irix.c.orig 2002-04-07 03:58:33.000000000 +0900 +++ openbsd-compat/port-irix.c 2003-05-27 02:11:07.620000380 +0900 @@ -7,6 +7,12 @@ #endif /* WITH_IRIX_PROJECT */ #ifdef WITH_IRIX_JOBS #include <sys/resource.h> +#include <optional_sym.h> +# if !defined(JLIMIT_CPU) +typedef __int64_t jid_t; +extern jid_t jlimit_startjob(char *, uid_t, char *); +# pragma

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

Hi Darren/Damien, Sorry for responding so late. Still hope we can get this sorted out. Yes I am indeed using PAM for ssh authentication and disabling priv seperation is a no-go for us since it opens up a security loophole. From what I can see in ptree and auth logs, when the child passwd process returns with SIGCHLD, the parent sshd process terminates. Sshd logs are as follows as requested at

I have just uploaded a new snapshot to: http://www.mindrot.org/misc/openssh/openssh-SNAP-20001114.tar.gz This snapshot includes Markus Friedl's new SSH2 RSA authentication work and -R portforwarding for SSH2. Please give these a good test. The new RSA authentications works similar to the current SSH2 DSA keys, but requires a little modification to config files. Currently RSA key cannot be

sorry, Darren. Long over due comments. [..] >+/* Record a failed login attempt. */ >+void >+record_failed_login(const char *user, const char *host, const char *ttyname) >+{ >+#ifdef WITH_AIXAUTHENTICATE >+ loginfailed(user, host, ttyname); >+#endif >+#ifdef _UNICOS >+ cray_login_failure((char *)user, IA_UDBERR); >+#endif /* _UNICOS */ >+} I like the

I am attempting to run openssh 3.7.1p2 with privsep on AIX 5.2 ML2 (with the december 2003 critical patches also). This was compiled on the host machine with the IBM Visual Age C compiler (C for AIX Compiler, Version 5). I did not have any trouble compiling. My configure was ./configure --with-tcp-wrappers, and I have the freeware tcp wrappers (freeware.tcp_wrappers.rte 7.6.1.5), and a compiled

Hi. There should be a checklist of everything that can go wrong with making an ssh connection. Here's one entry for the list, which I didn't know before, and * I couldn't see the problem from the -ddd and -vvv output, and * there were no /var/log/* file entries to give hints. Here's what I did sudo kill <pid-of-sshd> /usr/sbin/sshd No good. Usually I did kill

Hi. This was added just before 3.4p1 for passing to aix_usrinfo and is now unused. -Daz. Index: session.c =================================================================== RCS file: /cvs/openssh/session.c,v retrieving revision 1.210 diff -u -r1.210 session.c --- session.c 4 Jul 2002 03:08:41 -0000 1.210 +++ session.c 15 Jul 2002 11:50:14 -0000 @@ -1159,8 +1159,6 @@ void

Hello All, I've updated the AIX package builder (contrib/aix/buildbff.sh). The changes are below. Please review and commit if OK. First, a question: Does anyone want SRC (System Resource Controller) support in the packages? I don't use it but I've been sent an example of how do do it without modifying sshd itself. Onto the changes: * Supports PrivSep. Postinstall will create

... who are nervous because: (a) it seems that there will be a widely-known vulnerability and/exploit for OpenSSH available in the coming days, and (b) the advertised fix for the problem, privilege separation, doesn't seem to be working on AIX as of the latest release version of OpenSSH (based on the comments I've read; I haven't tried it yet) ... ... what should we do? I've

http://bugzilla.mindrot.org/show_bug.cgi?id=283 ------- Additional Comments From janfrode at parallab.uib.no 2002-06-22 09:00 ------- hmm, I lost part of a sentence there.. I meant to say that commenting out: if (usrinfo(SETUINFO, cp, i) == -1) fatal("Couldn't set usrinfo: %s", strerror(errno)); from openbsd-compat/port-aix.c makes sshd function with

Hi All. There are still build errors for scp on AIX 4.2.1 due to lack of nanosleep (which you can see them live and in colour at [1]). The attached patch fixes this by using the equivalent nsleep function on AIX if it exists and nanosleep doesn't. The patch is mostly the same as the AIX portion of the previous patch for the nanosleep issue, the major difference being that the #define is in

http://bugzilla.mindrot.org/show_bug.cgi?id=296 ------- Additional Comments From bugzilla-openssh at thewrittenword.com 2002-06-26 01:20 ------- Are you sure? I have 3.3p1 running on 4.0D and 5.1 and I can connect as non-root. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=333 ------- Additional Comments From stevesk at pobox.com 2002-07-04 05:41 ------- i will guess configure did not find an xauth when it was built ($PATH is irrelevant here). please verify. see $HOME/.ssh/rc example in sshd.8 which can be used as a workaround in this case. djm: autoconf-2.53 exposes a bug for xauth path detection. ------- You

Hi All. The recent changes to scp caused build failures on Solaris and AIX 4.2 which showed up on the tinderbox[1]. I mentioned the first to djm in email yesterday but I'm posting after finding the second, in case anyone else has seen similar problems. Solaris' nanosleep is in librt (or libposix4 in older versions) which is not linked. Adding them to configure works fine, however ldd

Hi Openssh developers, Attached please find patch to support long passwords (> 8-char) on UnixWare 7. Thanks, Ahsan -- Ahsan Rashid Escalations Research Group arms at sco.com The SCO Group Inc., Murray Hill, NJ 908 790 2279 -------------- next part -------------- --- openssh/CREDITS.old 2004-05-26 16:59:31.000000000 -0700 +++ openssh/CREDITS 2005-08-25 13:53:08.602447006 -0700 @@ -3,6 +3,7