similar to: [Bug 325] PermitRootLogin forced-commands-only & privsep - not working together

http://bugzilla.mindrot.org/show_bug.cgi?id=325 ------- Additional Comments From hlein at progressive-comp.com 2002-07-13 06:14 ------- Seeing this here too; it appears that when auth2.c:userauth_finish is called, forced_command has been cleared (or perhaps, never set in that forked sshd) so the call to auth_root_allowed(method) returns 0. The following patch makes forced-command logins as

http://bugzilla.mindrot.org/show_bug.cgi?id=325 Summary: PermitRootLogin forced-commands-only & privsep - not working together Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=387 ------- Additional Comments From markus at openbsd.org 2002-08-22 06:27 ------- hm, the logoutput from the server would be more helpfull. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=387 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Additional Comments From markus at openbsd.org 2003-02-07 08:16

Using openssh-3.4p1 on Linux I noticed that PermitRootLogin=forced-commands-only does not work if UsePrivilegeSeparation is enabled; but it does work if privsep is disabled. Here are excerpts of debug from the server. -----------UsePrivilegeSeparation DISABLED------- ... Found matching DSA key: 56:9d:72:b0:4f:67:2e:ed:06:e7:41:03:e2:86:52:0d^M debug1: restore_uid^M debug1: ssh_dss_verify:

http://bugzilla.mindrot.org/show_bug.cgi?id=486 ------- Additional Comments From markus at openbsd.org 2003-02-07 07:51 ------- are you using PAM? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=289 Summary: mmap error when trying to use 3.3p1 with privsep Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=516 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|RhostsAuthentication failing|RhostsAuthentication failing |under AIX 4.3.3 |with privsep ------- Additional Comments From markus at

http://bugzilla.mindrot.org/show_bug.cgi?id=463 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #235 is|0 |1 obsolete| | Attachment #288 is|0 |1 obsolete|

subscribe openssh-unix-dev at mindrot.org > Send openssh-unix-dev mailing list submissions to > openssh-unix-dev at mindrot.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev > or, via email, send a message with subject or body 'help' to > openssh-unix-dev-request at mindrot.org >

I've been trying to cut down the size of openssh so I can run it on my Nokia 770. One thing which helps a fair amount (and will help even more when I get '-ffunction-sections -fdata-sections --gc-sections' working) is to have the option of compiling out privilege separation... Is it worth me tidying this up and trying to make it apply properly to the OpenBSD version? Does the openbsd

http://bugzilla.mindrot.org/show_bug.cgi?id=476 ------- Additional Comments From maf at appgate.com 2003-01-27 20:30 ------- Created an attachment (id=209) --> (http://bugzilla.mindrot.org/attachment.cgi?id=209&action=view) Improves the error message ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=463 ------- Additional Comments From dtucker at zip.com.au 2003-05-10 12:59 ------- I've had a look at the OpenBSD source and I don't think OpenBSD *needs* a "Buffer loginmsg" right now. PrintLastLog can be easily fixed by updating s->last_login_time before the privsep split. So, is there another reason OpenBSD needs (or

http://bugzilla.mindrot.org/show_bug.cgi?id=441 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From markus at openbsd.org 2002-11-22

Hello, I'm running OpenBSD 2.9 (-rOPENBSD_2_9) on i386. Remote port forwarding doesn't work. Attached are 2 logs of ssh -v -R2828:localhost:22 localhost and sshd -p 2222 -d Note that server tries to forward to Connection to port 2828 forwarding to 0.0.0.0 port 0 requested. instead of localhost port 22 as it should. what ssh, what sshd and /etc/sshd_config are also attached. Thanks

http://bugzilla.mindrot.org/show_bug.cgi?id=186 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From markus at openbsd.org 2002-03-27

http://bugzilla.mindrot.org/show_bug.cgi?id=198 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From markus at openbsd.org 2002-04-02

http://bugzilla.mindrot.org/show_bug.cgi?id=486 Summary: "PermitRootLogin no" can implicitly reveal root password Product: Portable OpenSSH Version: 3.5p1 Platform: All OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at

Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and

https://bugzilla.mindrot.org/show_bug.cgi?id=2061 Bug ID: 2061 Summary: Request for PermitRootLogin to be enforced prior to credential check Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Other OS: OpenBSD Status: NEW Severity: enhancement