similar to: Connection drops after entering password.

I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if

https://bugzilla.mindrot.org/show_bug.cgi?id=1567 Summary: Insufficient privileges to chroot() on AIX Product: Portable OpenSSH Version: 5.2p1 Platform: PPC OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: bana

Hi, (please CC me as I'm not subscribed to the list) If compiled with SELinux support, OpenSSH 4.8 current cvs fails for accounts where the new ChrootDirectory option is active : debug1: PAM: establishing credentials debug3: PAM: opening session debug2: User child is on pid 1695 debug3: mm_request_receive entering debug1: PAM: establishing credentials debug3: safely_chroot: checking

Hello, I installed OpenSSH_3.7p1 on 2 AIX 4.3.3 servers last week and had this problem on both of them. On the first server I finally re-installed the package and that fixed it. I tried re-installing it multiple times on the second server and still have the same issue. I have checked everything that I can think of and spent many hours looking for a solution. Both servers have the same csh.cshrc

The way this was last supplied to this list (2002-07-13) has the chroot after the call to 'setpcred'. In AIX 4.3.3 the call to setpcred changes the uid and eff. uid to the user attempting to logon. Then the call to chroot( new_home ) fails because AIX requires that any user issuing the chroot subroutine be at root authority. Net result: attempting to do a chroot after the call to

http://bugzilla.mindrot.org/show_bug.cgi?id=969 Summary: early setpcred() stomps on PAM Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: dleonard at

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here's the output from running sshd in debug mode: debug1: sshd version OpenSSH_3.7p1 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: setgroups() failed:

http://bugzilla.mindrot.org/show_bug.cgi?id=1249 Summary: pam_open_session called with dropped privs Product: Portable OpenSSH Version: 4.4p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at

http://bugzilla.mindrot.org/show_bug.cgi?id=261 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|other |AIX ------- Additional Comments From dtucker at zip.com.au 2002-06-06 21:22 ------- I finally got a chance to try this. I got compile

There are a couple of bugs in the openssh-3.7.1p2. The aix_setauthdb function does not work with other types of authentication such as AFS/DFS. The loginfailed test in configure is not correct. Also, AIX can use the wtmp logging which I added in configure. Attached is the patch. Thanks, Matt Richards -------------- next part -------------- *** openssh-3.7.1p2/openbsd-compat/port-aix.c Mon Jul 14

Hi All. First the questions: Is there anything objectionable in this patch? Is AUDIT_FAIL_AUTH appropriate for the "Reason" field? Now the details: attached is a patch that changes some of the #includes for AIX. It moves the AIX-specific includes to port-aix.h and adds includes that contain the prototypes for many of the authentication functions. The idea isto fix some warnings.

I am attempting to run openssh 3.7.1p2 with privsep on AIX 5.2 ML2 (with the december 2003 critical patches also). This was compiled on the host machine with the IBM Visual Age C compiler (C for AIX Compiler, Version 5). I did not have any trouble compiling. My configure was ./configure --with-tcp-wrappers, and I have the freeware tcp wrappers (freeware.tcp_wrappers.rte 7.6.1.5), and a compiled

Return-path: <xxxxxx-xxxxxxxx-xxxxxxxxx-xxxxxxx-xxxxxxx-xxx at xxxxxx.xxxxxxxxx.xx.xxx> Envelope-to: xxxxx at xxxxxxxxx Delivery-date: xxx, xx xxx xxxx xx:xx:xx +xxxx Received: xxxx [xxx.x.x.x] (xxxx=xxxxxxxxx) xx xxxxxxxxx.xxxxxxxxxxxx.xx xxxx xxxxx (xxxx x.xx) (xxxxxxxx-xxxx <xxxxxx-xxxxxxxx-xxxxxxxxx-xxxxxxx-xxxxxxx-xxx at xxxxxx.xxxxxxxxx.xx.xxx>) xx xxxxxx-xxxxxx-xx xxx xxxxx

leanneHi OpenSSH team, I am still able to reproduce this problem with openssh50 code both on hpux. Seems like OpenSSH didn't fix this problem completely. how to reproduce: 1. root at sshpa4# uname -aHP-UX sshpa4 B.11.23 U 9000/800 3267743753 unlimited-user license 2. sshd_config X11Forwarding yesX11DisplayOffset 10X11UseLocalhost no // must not use "yes" to bind

I noticed the following: Suppose that we have a server called "SMALLSERVER" working as a PDC for "SMALLDOMAIN**". When I enter "net getlocalsid" I get the following output: SID for domain SMALLSERVER is: S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxx But when I enter "net getdomainsid" I get: SID for local machine SMALLSERVER is:

Hi, we're in the process of setting up large-page support on IBM regattas, but for large-page support the users have to have a set of extra capabilities (CAP_BYPASS_RAC_VMM,CAP_PROPAGATE). This are configured on a per user basis by listing which capability each user have in /etc/security/user. Unfortunately they don't get set when the users log in via OpenSSH (3.1p1). Does anybody know

Hi, Try: ?vec1<-c(1,1,1,1,1,1,1,1,1) if(all(vec1==1)) "xxxxxxxxx" else? "yyyyyyyyyyy" #[1] "xxxxxxxxx" ?vec2<-c(rep(1,4),2) ?if(all(vec2==1)) "xxxxxxxxx" else? "yyyyyyyyyyy" #[1] "yyyyyyyyyyy" #or if(length(unique(vec1))==1) "xxxxxxxxx" else? "yyyyyyyyyyy" #[1] "xxxxxxxxx" ? if(length(unique(vec2))==1)

Client - secureCRT 3.3 outside the firewall (Checkpoint) Server - openssh v3.7 on an aix51 rs6k inside the fw The firewall lets in the first packet but blocks the second with the message: ssh 1.x not allowed. The connection gets reset. Here is the trace from the client: [SSH LOCAL ONLY] : Connect: 12.x.x.x:22 [direct] [SSH LOCAL ONLY] : StateChange:

I'm seeing this: 1 UID FETCH 31734 (ENVELOPE) * 23 FETCH (UID 31734 ENVELOPE ("Fri, 2 Mar 2012 19:05:24 -0500 (EST)" "XXXXXX" (({22} XXXXX \"X-XX\" XXXXXX NIL "XXXXXXX" "XXXXXXXXX.XXX")) (({22} XXXXX \"X-XX\" XXXXXX NIL "XXXXXXX" "XXXXXXXXX.XXXXXX.XXX")) ((NIL NIL "XXXXXXX"