similar to: Debian bug #236814: sshd+PAM: MOTD isn't printed when privsep=no

http://bugzilla.mindrot.org/show_bug.cgi?id=354 Summary: sshd with privsep doesn't do pam session setup properly Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

Hello Darren! Hello OpenSSH (portable) users! After updating from OpenSSH 3.8.1p1 to OpenSSH 3.9p1 on my Fedora Core 2 Linux box, the "sshd" no longer respects "~/.hushlogin" to get a quiet and silent login. Now I get the noisy "Last login: somedate from somehost" line. I really loved that feature. ;-) The problem is related to a change in "session.c",

Hi All. Attached is a patch that converts pam_chauthtok_conv into a generic pam_tty_conv, which is used rather than null_conv for do_pam_session. This allows, for example, display of messages from PAM session modules. The accumulation of PAM messages into loginmsg won't help until there is a way to collect loginmsg from the monitor (see, eg, the patches for bug #463). This is because the

I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if

For root sessions pam_open_session is called, but not pam_close_session. sshd behavior is broken for root logins because if pam session is run from the child, close is never called due to exec: on open since use_privsep is not set, parent calls do_exec_pty(), which does not open session. then, it skips calling do_setusercontext(), so it does not open session. child calls

Hello, I'm trying to implement setting of user limits (ulimit) in sshd. I'm not using PAM so I need it in the sshd itself. The task is very simple - just to put one line calling setup_limits(pw); and link with -lshadow. But the problem is, where to put this line. I did it in session.c, in do_child(), like this: #ifdef HAVE_OSF_SIA session_setup_sia(pw, s->ttyfd == -1 ? NULL

Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

Hello I've got a problem with pam-script and ssh. pam-script is a module for PAM that enables execution of given script while pam session opens and/or closes. I try to use it with ssh while logging in and out: it is kind of login and logout scripts. PAM session creation is done in function do_pam_session which is invoked by do_setusercontext which is invoked by do_child. do_child function is

Hello, We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a non-root user with PAM [pam-kerberos] then I get the following error. debug3: PAM: opening session debug1: PAM: reinitializing credentials PAM: pam_setcred(): Failure setting user credentials This is particularly for non-root users with PrivSep YES. When I connect to a root user with PrivSep YES or to a non-root

Hi- Under privsep, I experimented with moving the session_setup_sia() out of do_child() and into do_setusercontext(), which is where the uids/gids are set to the final execution user. The call is made with a NULL tty, and this is functional provided that any later pty allocation uses grantpty() to set the device permissions. Logging in with this method shows that a utmp entry does get made for

Hi, I am running FreeBSD 4.7 and openssh 3.7.1p1. I have enabled PAM usage and indeed, I can use PAM for authentication purposes. Since configure does login_cap.h, the preprocessor is side stepping do_pam_session() altogether in session.c:do_setusercontext(). Here is my patch for session.c. My understanding about portability issues is rather limited. I would very much appreciate if you

http://bugzilla.mindrot.org/show_bug.cgi?id=270 Summary: PrivSep breaks sshd on AIX for non-root users Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=544 Summary: sshd w/privsep fails on Linux 2.0, mm_receive_fd: expected type 1 got 1074276337 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd

http://bugzilla.mindrot.org/show_bug.cgi?id=419 Summary: HP-UX PAM problems with 3.5p1 Product: Portable OpenSSH Version: -current Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=270 ------- Additional Comments From dtucker at zip.com.au 2002-06-09 19:59 ------- Created an attachment (id=111) sshd output on AIX w/PrivSep ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

https://bugzilla.mindrot.org/show_bug.cgi?id=2263 Bug ID: 2263 Summary: sshd privsep monitor process doesn't handle SIGXFSZ signal Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

Subject: HPUX and privsep Anyone solved or see the same connection I do with these two issues on HPUX if Privilege Separation is turned off ? Logname not found (3.7.1p2, 3.8.1p1) Login prematurely quits during session setup (mm_send_fd: sendmsg(3): Bad file number | mm_receive_fd: recvmsg: expected received 1 got 0) (3.8.1p1) Seems the mm_xxxx_() functions arent called when PrivSep is off.

Dear all, I've been looking into hacking with some PAM modules, and thought I could learn from the OpenSSH source (it's probably the closest thing to a canonical cross-platform consumer of the API). One thing I've noticed I don't understand though is how OpenSSH's invocation of do_pam_session/setcred can work (in main of the process forked in sshd.c). Ignoring privsep for the

http://bugzilla.mindrot.org/show_bug.cgi?id=918 Summary: ssh_gssapi_storecreds called to late to be usable by PAM in sesion.c Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: