Displaying 20 results from an estimated 1000 matches similar to: "[Bug 325] PermitRootLogin forced-commands-only & privsep - not working together"
2005 Apr 07
1
PermitRootLogin and Tru64 SIA
I have "PermitRootLogin no" in my sshd_config, but under Tru64 and SIA,
the root login attempts still get passed to the SIA system (so I get
lots of warnings about failed root logins). On systems with a "max
failed attempts" setting, the root account can be locked out this way.
I started looking at the code, and I'm not sure I understand what I see.
In auth-passwd.c,
2002 Jun 29
0
[Bug 325] New: PermitRootLogin forced-commands-only & privsep - not working together
http://bugzilla.mindrot.org/show_bug.cgi?id=325
Summary: PermitRootLogin forced-commands-only & privsep - not
working together
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo:
2002 Aug 21
0
[Bug 325] PermitRootLogin forced-commands-only & privsep - not working together
http://bugzilla.mindrot.org/show_bug.cgi?id=325
markus at openbsd.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |DUPLICATE
------- Additional Comments From markus at openbsd.org 2002-08-22
2003 Nov 18
4
3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwor ds
It works for the "yes" case but not for the "without-password" case.
The function that checks (auth_root_allowed(auth_method) is special
cased for "password". The Pam case sends "keyboard-interactive/pam"
which like all other authentication methods except password succeeds.
Here is a patch to make it work for me. Please feel free to criticize
as
2013 Jan 14
3
[Bug 2061] New: Request for PermitRootLogin to be enforced prior to credential check
https://bugzilla.mindrot.org/show_bug.cgi?id=2061
Bug ID: 2061
Summary: Request for PermitRootLogin to be enforced prior to
credential check
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.1p1
Hardware: Other
OS: OpenBSD
Status: NEW
Severity: enhancement
2001 Jun 25
1
Apparent SSH-1.2.27 Rootkit
Hello,
I found this lurking around the web, and thought people who are
running SSH-1.2.27 might be interested.
--
Kevin Sindhu <kevin at tgivan dot com>
Systems Engineer
TGI Technologies Inc. Tel: (604) 872-6676 Ext 321
107 E 3rd Avenue Fax: (604) 872-6601
Vancouver,BC V5T 1C7
Canada.
-------------- next part --------------
Welcome Root Kit SSH distribution v5.0 (by Zelea)
This
2003 Sep 22
4
[Bug 701] With 'PermitRootPassword without-password' set, root w/pass can still log in with a using 'keyboard-int/pam'
http://bugzilla.mindrot.org/show_bug.cgi?id=701
Summary: With 'PermitRootPassword without-password' set, root
w/pass can still log in with a using 'keyboard-int/pam'
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority:
2003 Jan 29
2
PermitRootLogin=yes no longer lets root login
Hi All,
While testing another patch, I found that I could not longer log in as
root, even if PermitRootLogin was yes. It seems to be the following
code in auth_password:
$ cvs diff -r1.48 -r1.49 auth-passwd.c
[snip]
#ifndef HAVE_CYGWIN
- if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+ if (pw->pw_uid == 0 && options.permit_root_login !=
2006 Sep 14
3
[PATCH] PermitRootLogin woes
Hi all,
among other things, we provide shell access to various unix based
platforms for our students and university staff. Recently, there has been
increasing number of root login attacks on one particular Tru64 machine
running OpenSSH.
The host is configured with "PermitRootLogin no" but every once in a while
SIA auth with TCB enhanced security locks the root account.
I suppose
2005 Jan 20
1
PermitRootLogin without-password functionality differs for UsePAM yes/no option
Hi,
I am using OpenSSH 3.9p1. For " UsePAM yes/no " option with "
PermitRootLogin without-password", the server functionality differs.
For " UsePAM yes ", the server allows authentication thru password,
meanwhile " UsePAM no " does not. I have fixed that problem and the
patch is given below.
2001 Jun 18
2
Patch for changing expired passwords
The primary purpose of the attached patches is for portable OpenSSH to
support changing expired passwords as specified in shadow password files.
To support that, I did a couple enhancements to the base OpenBSD OpenSSH
code. They are:
1. Consolidated the handling of "forced_command" into a do_exec()
function in session.c. These were being handled inconsistently and
allocated
2008 Feb 07
1
"PermitRootLogin no" fails
I'm running version 4.7p1 of OpenSSH on a Linux system (it was
originally a RedHat system, but I've changed almost everything.) When
I originally built OpenSSH I used the config option --without-pam, and
installed the software in /usr/local. I explicitly forbade root login
with sshd (by setting the PermitRootLogin to "no" in the sshd_config
file), but found that I could login as
2015 Sep 02
3
[Bug 2456] New: gssapi-keyex blocked by PermitRootLogin=without-password
https://bugzilla.mindrot.org/show_bug.cgi?id=2456
Bug ID: 2456
Summary: gssapi-keyex blocked by
PermitRootLogin=without-password
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
2000 May 24
0
'command' option in authorized_keys
I am a recent convert to openssh. I am very pleased with it, and find it
superior to ssh-1.2.27 in many ways (thanks for the good work).
I recently found one piece missing from the current release. I have used
the 'command' option in the authorized_keys file to restrict access. Using
ssh-1.2.27 the original command was placed in the SSH_ORIGINAL_COMMAND
envrionment variable. If
2000 Sep 04
1
trivial patch to post overridden command into env
I am not 100% positive of the security implications of this, but I
really can't see any potential for harm.
If this patch is applied (I coded it against the now-current
openssh-2.2.0p1), then if (a) the authorized_keys entry has
command="whatever" to force a specific command, and also (b) the
invoker specified some command on their ssh cmdline, then the
invoked command will be
2006 Mar 08
4
[Bug 1172] [PATCH] Restrict public key authentication to scp access only
http://bugzilla.mindrot.org/show_bug.cgi?id=1172
Summary: [PATCH] Restrict public key authentication to scp access
only
Product: Portable OpenSSH
Version: 4.3p2
Platform: All
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: enhancement
Priority: P2
Component: scp
2003 Sep 22
9
[Bug 702] dont call userauth_finish after auth2_challenge_stop
http://bugzilla.mindrot.org/show_bug.cgi?id=702
Summary: dont call userauth_finish after auth2_challenge_stop
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
2008 Aug 19
1
fixed: [patch] fix to ForceCommand to support additional arguments to internal-sftp
The previous version broke the case of internal-sftp without arguments. This
is a fixed version.
--- /var/tmp/session.c 2008-08-18 21:07:10.000000000 -0700
+++ session.c 2008-08-19 11:28:29.000000000 -0700
@@ -781,7 +781,7 @@
if (options.adm_forced_command) {
original_command = command;
command = options.adm_forced_command;
- if
2008 Aug 19
1
[patch] fix to ForceCommand to support additional arguments to internal-sftp
Hi,
This patch makes things like ForceCommand internal-sftp -l INFO work
(current code in 5.1 would just end the session). Please consider for
inclusion into mainline.
Michael.
--- /var/tmp/session.c 2008-08-18 21:07:10.000000000 -0700
+++ session.c 2008-08-18 21:12:51.000000000 -0700
@@ -781,7 +781,7 @@
if (options.adm_forced_command) {
original_command = command;
2013 Feb 27
0
[Bug 1585] Allow an `Include' option which reads another config file in place and does not error out when `Include' file not readable
https://bugzilla.mindrot.org/show_bug.cgi?id=1585
hlein at korelogic.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hlein at korelogic.com
--
You are receiving this mail because:
You are watching the assignee of the bug.