similar to: pam_tally question

recently we upgraded a bunch of systems to OpenSSH-3.6.1p2. alot of our systems have automated logins for backups or systems checks with ssh-keys, but (i think) as a result of the Openwall/Solar Designer patch, pam_tally is incrementing off the scales. pam_tally is tallying failed logins for keyed-only accounts: attempts are made to authenticate those accounts via password authentication before

Hi I am trying to lock users after 3 attempts and then set the timeout before they can log in again. I thought i could achieve this with auth required pam_tally.so deny=3 unlock_time=600 in /etc/pam.d/system-auth but it seems to not be the case - I cant find a working config for this anywhere and i wonder if anyone has one they can share? thanks

http://bugzilla.mindrot.org/show_bug.cgi?id=1237 Summary: Behaviour of openssh with pam_tally is very buggy Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: bitbucket at mindrot.org

Hi all CentOS users, I looked /var/log/messages log file and i realize something in "messages" files like below; --- Oct 24 04:02:42 cube2 kernel: Buffer I/O error on device sdc, logical block 1545 --- "sdc" is my storage and i switched off storage at 6 PM. and when i checked messages log file,I saw faillog under /var/log directory like below: -rw------- 1 root root

Greetings, I know that part of the following has been discussed here before but please bear with me. We are running on Solaris versions 2.6 - 9 with a NISplus name service. The permissions on the NISplus password map have been modified to limit read access to the encrypted password field of the passwd table to only the entry owner and the table administrators. See:

http://bugzilla.mindrot.org/show_bug.cgi?id=647 Summary: Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: SunOS Status: NEW Severity: minor Priority: P4 Component: sshd

It works for the "yes" case but not for the "without-password" case. The function that checks (auth_root_allowed(auth_method) is special cased for "password". The Pam case sends "keyboard-interactive/pam" which like all other authentication methods except password succeeds. Here is a patch to make it work for me. Please feel free to criticize as

Hello, I have recently compiled and installed release 3.8.1p1. This was done on a Solaris 8 system using LDAP as its naming service. The new release, however, will not let me log in (as a regular user). I repeatedly get "Permission denied, please try again" messages. The root user, though, can log in okay. The same thing happened with the 3.7.1p2 release. The 3.6.1p1 release

An observation and a question on the new version of OpenSSH. With previous version of OpenSSH, using something like pam_ldap to authenticate users against an LDAP directory worked great, however with 3.8p1 this is no longer the case. If I try to log into a machine with an account under "LDAP's control", I always get password failures. However, using an account with a ssh key

Hi, I am using OpenSSH 3.9p1. For " UsePAM yes/no " option with " PermitRootLogin without-password", the server functionality differs. For " UsePAM yes ", the server allows authentication thru password, meanwhile " UsePAM no " does not. I have fixed that problem and the patch is given below.

http://bugzilla.mindrot.org/show_bug.cgi?id=843 Summary: sshd_config.5: add warning to PasswordAuthentication Product: Portable OpenSSH Version: 3.8p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org

This happened a few times now, I (soft) reboot and do the fsck thing and all is fine until it happens again. Any ideas? [root at test-dhcp ~]# yum remove bluez-libs bluez-utils Loaded plugins: fastestmirror Setting up Remove Process Resolving Dependencies <snip/> Finished Transaction Test Transaction Test Succeeded Running Transaction Erasing : bluez-utils 1/3 Erasing :

Hi , I have two problems when i went through a) the man page of sshd_config and b) the comments quoted in sshd_config file itself. They are given below. a) >From the man page of sshd_config: "If UsePAM is enabled, you will not be able to run sshd(8) as a non-privileged user." I changed the permission of the hostkeys to a non-privileged user and tried to run sshd alongwith

Hi, I have an auth module for PAM that I wrote a few years ago called pam_vsd.so. The idea is that a user must have a certain privilege before they can successfully authenticate. Without the privilege the PAM module will return PAM_PERM_DENIED. However I find that in OpenSSH 3.7.1p2, I can easily subvert this check simply by hitting return 3 times on connection i.e. [nick at localhost

Last week I re-installed Kubuntu Hardy because I felt the psu was marginal and I was getting flakey behavior. The new install was done in another similiar machine with a psu believed to be good. Last night I did the first rsync backup and got error in some /var/log files. Errors listed below. When I cat /var/log/dpkg.log it stops and aborts in the middle before getting to the last parts

https://bugzilla.mindrot.org/show_bug.cgi?id=1410 Summary: Correct UsePAM comment in sshd_config on Mac OS X Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=1237 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WORKSFORME CC|

http://bugzilla.mindrot.org/show_bug.cgi?id=1024 Summary: SSHD fails to connect when "UsePAM and UseLogin" is yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

Hi All, Is there a difference in 3.6 and 3.7 implemetaion of ChallengeResponse authentication? Also, what is the impact of setting UsePAM yes and no with respect to this authentication method and expiry passwords. Thanks, Kumaresh --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.576 / Virus Database: 365 - Release Date:

Hello list, on a CentOS 6.4 machine I'm creating accounts with empty passwords. Each user's public key is located in <user's home>/.ssh/authorized_keys. When trying to ssh into that machine, following error message is displayed: Permission denied (publickey). In /etc/ssh/sshd_config I've set: PasswordAuthentication no UsePAM no If I set a password for the users, the