similar to: PermitRootLogin without-password functionality differs for UsePAM yes/no option

It works for the "yes" case but not for the "without-password" case. The function that checks (auth_root_allowed(auth_method) is special cased for "password". The Pam case sends "keyboard-interactive/pam" which like all other authentication methods except password succeeds. Here is a patch to make it work for me. Please feel free to criticize as

Hi , I have two problems when i went through a) the man page of sshd_config and b) the comments quoted in sshd_config file itself. They are given below. a) >From the man page of sshd_config: "If UsePAM is enabled, you will not be able to run sshd(8) as a non-privileged user." I changed the permission of the hostkeys to a non-privileged user and tried to run sshd alongwith

Greetings, I know that part of the following has been discussed here before but please bear with me. We are running on Solaris versions 2.6 - 9 with a NISplus name service. The permissions on the NISplus password map have been modified to limit read access to the encrypted password field of the passwd table to only the entry owner and the table administrators. See:

http://bugzilla.mindrot.org/show_bug.cgi?id=325 ------- Additional Comments From hlein at progressive-comp.com 2002-07-13 06:14 ------- Seeing this here too; it appears that when auth2.c:userauth_finish is called, forced_command has been cleared (or perhaps, never set in that forked sshd) so the call to auth_root_allowed(method) returns 0. The following patch makes forced-command logins as

https://bugzilla.mindrot.org/show_bug.cgi?id=2061 Bug ID: 2061 Summary: Request for PermitRootLogin to be enforced prior to credential check Classification: Unclassified Product: Portable OpenSSH Version: 6.1p1 Hardware: Other OS: OpenBSD Status: NEW Severity: enhancement

http://bugzilla.mindrot.org/show_bug.cgi?id=647 Summary: Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: SunOS Status: NEW Severity: minor Priority: P4 Component: sshd

Hello All, Im using OpenSSH 4.3p2 and tyring to scan a list of 40 machines in my network with ssh-keyscan utility. I used the following command, ssh-keyscan -t rsa -f hosts.txt The man page says that this utility displays the host keys irrespective of ssh or host is up/down and its working great. But in case if the scan stops at 30th host due to some protocol problems, the utility exits and

https://bugzilla.mindrot.org/show_bug.cgi?id=1410 Summary: Correct UsePAM comment in sshd_config on Mac OS X Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=1024 Summary: SSHD fails to connect when "UsePAM and UseLogin" is yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

An observation and a question on the new version of OpenSSH. With previous version of OpenSSH, using something like pam_ldap to authenticate users against an LDAP directory worked great, however with 3.8p1 this is no longer the case. If I try to log into a machine with an account under "LDAP's control", I always get password failures. However, using an account with a ssh key

I have "PermitRootLogin no" in my sshd_config, but under Tru64 and SIA, the root login attempts still get passed to the SIA system (so I get lots of warnings about failed root logins). On systems with a "max failed attempts" setting, the root account can be locked out this way. I started looking at the code, and I'm not sure I understand what I see. In auth-passwd.c,

http://bugzilla.mindrot.org/show_bug.cgi?id=936 Summary: S/Key authentication fails if UsePAM=no Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: ulm at

Hi All, I noticed that if I put: AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file, pub/priv key authentication no longer worked. I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010 on Archlinux. Sam ****************** Here is my WORKING config ****************** Port 22 ListenAddress 0.0.0.0 Protocol 2 PermitRootLogin no PubkeyAuthentication yes #AuthorizedKeysFile

hi, i don't understand how 3.6.1p2 breaks ssh1.... On Fri, Sep 12, 2003 at 10:27:15AM -0700, Mike Bethune wrote: > Hello, > the new way this works breaks windows ssh clients using v1 (I know, who cares :) > since when these options are enabled and you connect w/v1, the server asks: > Password: > Response: > and I guess these clients (tested putty, pscp, vandyke) expect

https://bugzilla.mindrot.org/show_bug.cgi?id=1497 Summary: sshd -T doesn't report UsePAM setting Classification: Unclassified Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P5 Component: sshd AssignedTo: unassigned-bugs at

Hello, We have a setup with OpenSSH server on HP-UX machine with windows SSH clients and the server system is in trusted mode. There are configuration settings in the trusted system to check the number of unsuccessful logins to the system and the account can be configured to lock if the real unsuccessful attempt is exceeding the allowable limit. Now, as SSH do not have any explicit code to check

https://bugzilla.mindrot.org/show_bug.cgi?id=3566 Bug ID: 3566 Summary: Password expiry warning is printed multiple times when UsePAM is set to yes Product: Portable OpenSSH Version: 8.8p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: PAM

Hi, I have an auth module for PAM that I wrote a few years ago called pam_vsd.so. The idea is that a user must have a certain privilege before they can successfully authenticate. Without the privilege the PAM module will return PAM_PERM_DENIED. However I find that in OpenSSH 3.7.1p2, I can easily subvert this check simply by hitting return 3 times on connection i.e. [nick at localhost

Hello everyone, We are setting up a server at work, and we have run into something that I am not sure how to resolve. We have set up sshd (OpenSSH server) on the machine. We have placed ssh keys into each user's home directory that needs to access the system (and they work). We want to disable everyone from logging in, using a password, utilizing ssh keys only to access the system. I have

Hi, I am not sure this is a bug in Openssh or not. I am running Openssh 4.1p1. with openssl 0.9.7g Scenario: Due to audit enabled on the system, I will need to set Uselogin to yes so that audit will track system call. But when try to login to system with a LDAP user. I get the following. eg: [n113839 at r3ent15pc ~]$ ssh tfstst1 -l ntesting1 ntesting1 at tfstst1's password: Login incorrect