Displaying 20 results from an estimated 2000 matches similar to: "patch: openssh empty password fail with pam/sshv1"
2001 Mar 01
1
Bug report against openssh-2.3.0p1
I am writing to report a bug in openssh-2.3.0p1, and to suggest
a fix.
I have OpenSSH installed on a Solaris 8 box. The output of
uname -a is:
> SunOS dipper.csi.cam.ac.uk 5.8 Generic_108528-06 sun4u sparc SUNW,Ultra-5_10
OpenSSH was configured with the following options:
> ./configure --prefix=/jackdaw --with-default-path=/jackdaw/bin:/usr/bin
On this OS, with this configuration, it
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's
authentication library. However, BSDI's patches have several
problems:
1. They don't run the approval phase, so they can allow users to login
who aren't supposed to be able to.
2. They don't patch configure to automatically detect the BSDI auth
system, so they're not ready to use in a general portable
2002 Feb 15
0
[Bug 118] New: Implement TIS (protocol 1) via PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=118
Summary: Implement TIS (protocol 1) via PAM
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: fcusack at
2001 Nov 13
1
Kerberos / PAM bug in OpenSSH CVS
In do_authloop() in auth1.c(), the Kerberos 4 and 5 code both allocate, then
xfree() the client_user string. The call to do_pam_account() later in the
function then tries to use this string, resulting in a corrupt remote user.
Finally, before exiting, the function frees client_user again, resulting in a
double free and much mess.
Patch attached.
Cheers,
Simon.
--
Simon Wilkinson
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
Hello,
appended is a patch that makes it possible to use PAM both for
password authentication and TIS (i.e. s/key or opie or any other
interactive challenge/response scheme). I have developed this starting
from the patch at http://www.debian.org/Bugs/db/61/61906.html on
Debian with openssh-2.1.1p4-3. After configuring ssh with
--with-pam-tis, there are two PAM services, "sshd" and
2001 Feb 12
1
pam protocol 1 fix
is this ok?
symptom is:
debug1: Starting up PAM with username "stevesk"
debug1: Trying to reverse map address 127.0.0.1.
debug1: PAM setting rhost to "localhost"
debug1: Attempting authentication for stevesk.
debug1: PAM Password authentication for "stevesk" failed[9]: Authentication failed
Failed rsa for stevesk from 127.0.0.1 port 49568
Index: auth1.c
2000 Oct 15
1
Patch for Digital Unix SIA authentication
A while back, I sent in a patch that added Digital Unix SIA
authentication to OpenSSH. Well, I just figured out that it didn't
handle everything correctly (locked accounts could still log in). I
thought I had checked that, but I guess I missed it.
Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator
2006 May 03
8
[Bug 1188] keyboard-interactive should not allow retry after pam_acct_mgmt fails
http://bugzilla.mindrot.org/show_bug.cgi?id=1188
Summary: keyboard-interactive should not allow retry after
pam_acct_mgmt fails
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
2001 Dec 18
2
[PATCH]: Fix potential security hole in Cygwin version
Hi,
the following patch fixes a potential security hole in the Cygwin
version of sshd.
If you're logging in to a Cygwin sshd with version 2 protocol using an
arbitrary user name which is not in /etc/passwd, the forked sshd which
is handling this connection crashes with a segmentation violation. The
client side encounters an immediate disconnect ("Connection reset by
peer").
2015 Feb 28
2
SAP-2015-3-1 issues
On Sun, Mar 01, 2015 at 03:23:04AM +1100, Damien Miller wrote:
>
>
> On Sat, 28 Feb 2015, The Doctor wrote:
>
> > BSD/OS issues
> >
> > with 1.0.2a dev
>
> Thanks for testing.
>
You are welcome.
> > make tests
> >
> > regress/netcat.c:656: `on' undeclared (first use in this function)
> > regress/netcat.c:656: (Each
2023 Jun 30
1
Subsystem sftp invoked even though forced command created
On 30/06/2023 09:56, Damien Miller wrote:
> It's very hard to figure out what is happening here without a debug log.
>
> You can get one by stopping the listening sshd and running it manually
> in debug mode, e.g. "/usr/sbin/sshd -ddd"
Or starting one in debug mode on a different port, e.g. "-p99 -ddd"
2009 Jun 05
2
ssh trouble checklist
Hi.
There should be a checklist of everything that can go wrong with
making an ssh connection.
Here's one entry for the list, which I didn't know before, and
* I couldn't see the problem from the -ddd and -vvv output, and
* there were no /var/log/* file entries to give hints.
Here's what I did
sudo kill <pid-of-sshd>
/usr/sbin/sshd
No good.
Usually I did kill
2003 Jul 18
0
PAM_RUSER never set under ssh2?
Everyone,
First my apologies if this has been discussed before on this list, I was
unable to
find reference to it in the archives. I have a pam module that requires
PAM_RUSER
to be set however Ive found that if I connect to the remote server (where
the pam
module is installed) via ssh the PAM_RUSER variable is never set.
The PAM_RUSER variable is set within auth-pam.c (line 239 in 3.6p1) as
2001 Jun 19
0
Empty password patch
For every (successful) ssh-connection we got an additional annoying entry
in /var/log/messages like the following:
Jun 19 09:06:57 LIN3135 pam_afs[5913]: AFS Won't use illegal password for
user usenbinz
The OpenAFS PAM module posts this message when it is called for
authentication with an (disallowed) empty password. The simple patch below
checks PermitEmptyPasswords in sshd_config before
2012 Nov 01
5
[Bug 983] Required authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=983
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|pgsery at swcp.com |djm at mindrot.org
--- Comment #58 from Damien Miller
2001 Feb 04
1
minor aix patch to auth1.c
--- auth1.c.orig Sat Feb 3 18:17:53 2001
Bringa AIX modes in line with latest changes to auth1.c
+++ auth1.c Sat Feb 3 18:19:15 2001
@@ -347,7 +347,7 @@
if (authctxt->failures++ > AUTH_FAIL_MAX) {
#ifdef WITH_AIXAUTHENTICATE
- loginfailed(user,get_canonical_hostname(),"ssh");
+
2001 Feb 12
2
OSF_SIA bug in 2.3.0p1
Is anyone maintaining the OSF_SIA support in openssh? This seems to be an
obvious bug triggered if you try to connect as a non-existant user.
>From auth1.c line 459
#elif defined(HAVE_OSF_SIA)
(sia_validate_user(NULL, saved_argc, saved_argv,
get_canonical_hostname(), pw->pw_name, NULL, 0,
NULL, "") == SIASUCCESS)) {
#else /*
2004 May 27
1
Solaris/PAM/AFS: can't make it work
Greetings,
I know this has been discussed (pretty much since 3.7.1) and I have
been going through the archives trying to make sense of it but I am
still having problems getting 3.8.1p1 to work with PAM and AFS on
Solaris 8.
The problem (for those who may have missed it):
When I try and log in as an AFS user to a Solaris 8 box running
3.8.1p1, I can authenticate to the machine but do not
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All.
This patch calls pam_chauthtok() to change an expired password via PAM
during keyboard-interactive authentication (SSHv2 only). It is tested on
Redhat 8 and Solaris 8.
In theory, it should have simply been a matter of calling pam_chauthtok
with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is
if it's expired, right? From the Solaris pam_chauthtok man page:
2007 Aug 14
2
OpenSSH public key problem with Solaris 10 and LDAP users?
Hello.
I've got a problem logging in to a Sparc Solaris 10 machine with
public key authentication. I searched, and found a similar problem
report at <http://thread.gmane.org/gmane.network.openssh.devel/12694>.
For that guy, the problem had to do with LDAP.
My user accounts are also stored in LDAP, an OpenLDAP server, to be
exact. That server runs on the same machine as the machine