similar to: Password expiry related clarification in OpenSSH3.5p1

Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and

I am trying to use shfs to mount a remote root filesystem for a diskless workstation. The system downloads its kernel and initrd from a server. I have tried repeatedly to get a working installation of ssh on the initrd with no success. I finally got ssh to connect to the server. Normally when I use ssh the session goes as follows [arrummzen at localhost LFS-BOOK-6.0-HTML]$ ssh 192.168.11.10 -l

Hi Group, Here is some data. p <- runif(1000) # sample data groups <- rep(c(1,2),each=500) #conditioning variable mydata <- cbind(p,groups) n <- length(p) u <- (1:n)/(n + 1) # uniform distribution reference for qqplot logp <- -log(p,base=10) logu <- -log(u,base=10) qqplot(logp,logu) How can I make the above qqplot in lattice and/or ggplot2. The sample is uniform, and I take

Hello all... I am just starting to teach myself Bayesian methods, and am interested in learning how to use UMacs. I've read the documentation, but the single example is a bit over my head at the level I am at right now. I was wondering if anyone has any simple examples they'd like to share. I've successfully done a couple of simple gibbs examples, but have had a hard time

http://bugzilla.mindrot.org/show_bug.cgi?id=973 Summary: sshd behaves differently while doing syslog entries for tcpwrappers denied message, with -r and without -r option. Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: All Status: NEW Severity: normal

http://cvs-mirror.mozilla.org/webtools/bugzilla/show_bug.cgi?id=381 Summary: unable to access expired accounts using PAM with openssh-3.4P1 Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: sshd

Hi, I was doing some research on why new openssh-versions (3.4 and 3.5p1) doesnt ask you to change expired passwords (it just disconnects you) and found something curious. Line 259 of auth-pam.c has "#if 0" and then the code to set some vars (eg. password_change_required to true) followed by an "endif". Why is that? I'm not a C expert, but I think "if 0" is

Hi, Whenever i boot the machine, the sshd started using rc script is not accepting ssh connection from a normal user. However it connects as root user and also connects as a user when the sshd is restarted. The error message is "fatal: PAM session setup failed[6]: Permission denied" What would be the reason for this behaviour ? I am using Linux-2.6.5-1.358 (Fedora Core release 2) and

I'm seeing broken transfers when attempting large amounts of data. I have read the issues.html file about the transfer dying issues, which claims, " Sometimes fatal error messages from the remote machine can be lost on the way to the client; you should investigate on the server for something stopping the transmission. The most common cause is that the destination disk is full."

Hello, I have been doing some looking at openssl 0.9.7 and openssh3.5p1 and found a minor descrepancy. RAND_bytes() is called around line 69 of openbsd-compat/bsd-arc4random.c. It checks to see if the return is not zero. The RAND_bytes function can also return -1, too. All the code in openssl uses <=0 for the test rather than !. Best Regards, Steve Grubb

Hi, I'm using openssh3.1p1 and I'm having some problem with password aging with ssh protocol 2. Every time a password expires and I try to login I get the following message ssh username at hostname username at hostname's password: Warning: Your password has expired, please change it now Enter login password: removing root credentials would break the rpc services that use secure rpc

Platform: Irix 6.5.16 OpenSSH 3.5p1 built with MIT Kerb5 v. 1.2.6, OpenSSL 0.9.6g Everything (privsep, ticket forwarding, etc) so far works like a charm. You guys do great work. -- ******************************************************* Quellyn L. Snead CCN-2 Enterprise Software Management Team Los Alamos National Laboratory Schedule B (505) 667-4185

Our server is only opened 22 sshd port... We wants our server secuirty is more higher, so decide to password aging policy... Linux command is "chage" is very useful, but openssh3.3 higher version is not effected... [root at radius ~]# chage -l test Minimum: 0 Maximum: 2 Warning: 2 Inactive: 2 Last Change: May 09, 2003 Password Expires: May

http://bugzilla.mindrot.org/show_bug.cgi?id=980 Summary: sshd does not write the session leader pid to utmp when priv-separation is enabled Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd

Hi all, Given below ia the simple network diagram. I need to control uplink for the individual private network IPs as depicted in the diagram. Is this possible in a NATed environment using CBQ or HTB. I learnt that we can control only outgoing traffic. So if I control in the eth1 interface the source IP will be masqueraded, and it may not result in the desired behaviour. Is there a solution to

Hi, I would like to know the significance of trying `none` method during authentication sequence. Is there any way to avoid unnecessary trying of this none authentication method first. We are writing a patch to log bad login into btmp for all traditional authentication methods supported by SSH. The `none` method increments the authctx-failures and we are facing problems with this. -logu

Hi, Is there a fix available from openssh for the reported vulnerability when pam is enabled. http://www.securityfocus.com/bid/11781 thanks -logu

Hi, For each user connection when privilege separation is enabled, 3 processes are of interest for this topic. 1. sshd:[priv] - privileged user process. 2. sshd:user at pts/0 - user process. 3. shell - shell process. Openssh code writes the #2. sshd:user at pts/0 - user process to the utmp/wtmp file. Is this the correct behaviour.? Or should it write the #3. shell

Hi, In loginrec.c, the 'line' string utility function line_abbrevname() returns the last four characters of the terminal file path. This returned value is assigned to the utmp structure member ut_id[4]. Some sample ut_id values are shown below: /dev/pts/1 will have ut_id set to ts/1 /dev/pts/2 will have ut_id set to ts/2 . . /dev/pts/9 will have ut_id set to ts/9 /dev/pts/10

Hello All, I'm using OpenSSH 4.3p2. I'm getting few messages in my syslog and it is shown below, Aug 02 11:15:19 foo sshd[4381]: Received window adjust for non-open channel 0. I found that sshd received a SSH_MSG_CHANNEL_WINDOW_ADJUST and it executes the function channel_input_window_adjust() in channels.c. I like to know how this can happen for a non-open channel. Is anything