Displaying 20 results from an estimated 300 matches similar to: ""User child pid" logging"
2005 Dec 08
0
"User child is on pid"-logging
Hi!
I sent a mail a while ago wondering if it was possible to change the
loglevel for the "User child is on pid"-message from debug2 to
verbose. It would make it easier to trace a connection in the logs
when privilege separation is used and sshd uses the user child pid to
report that the connection is closing . Is it possible to change this
or would it violate the privacy of the users?
2011 Jun 02
2
preauth privsep logging via monitor
Hi,
This diff (for portable) makes the chrooted preauth privsep process
log via the monitor using a shared socketpair. It removes the need
for /dev/log inside /var/empty and makes mandatory sandboxing of the
privsep child easier down the road (no more socket() syscall required).
Please test.
-d
Index: log.c
===================================================================
RCS file:
2014 Apr 12
4
[Bug 2225] New: sshd core dumps when used in high scaled environments.
https://bugzilla.mindrot.org/show_bug.cgi?id=2225
Bug ID: 2225
Summary: sshd core dumps when used in high scaled environments.
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2006 Jan 08
3
Allow --without-privsep build.
I've been trying to cut down the size of openssh so I can run it on my
Nokia 770. One thing which helps a fair amount (and will help even more
when I get '-ffunction-sections -fdata-sections --gc-sections' working)
is to have the option of compiling out privilege separation...
Is it worth me tidying this up and trying to make it apply properly to
the OpenBSD version? Does the openbsd
2003 May 22
1
sshd crashing on IRIX (3.6.1p1)
Occasionally, we're noticing that sshd is core dumping on our IRIX
6.5.18f machine.
The only time we've really noticed it is when users are logging in with
putty from offsite (although I'm not really sure it's a client issue).
The user manages to log in, sshd apparently core dumps, but the user is
not logged out, the privilege separated user is still running their own
2003 Oct 08
4
OS/390 openssh
Hello Steve, Hello OpenSSH-portable developers,
I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe
operating system, and I noticed you do the same for OS/390.
Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2
or some such), I thought it was fair enough to help with a little
co-operation; we might come up with a unified EBCDIC patch which could
be contributed to
2013 Jun 25
1
RFC: encrypted hostkeys patch
Hi,
About a year and a half ago I brought up the topic of encrypted hostkeys
and posted a patch
(http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2), and while the
general reaction seemed receptive to the idea, a few problems were pointed
out with the implementation (UI issues, ssh-keysign breakage).
I've finally had some spare time in which to get back to this, and I've
2011 Jun 22
3
sandbox pre-auth privsep child
Hi,
This patch (relative to -HEAD) defines an API to allow sandboxing of the
pre-auth privsep child and a couple of sandbox implementations.
The idea here is to heavily restrict what the network-face pre-auth
process can do. This was the original intent behind dropping to a
dedicated uid and chrooting to an empty directory, but even this still
allows a compromised slave process to make new
2013 Oct 31
9
[Bug 2167] New: Connection remains when fork() fails.
https://bugzilla.mindrot.org/show_bug.cgi?id=2167
Bug ID: 2167
Summary: Connection remains when fork() fails.
Product: Portable OpenSSH
Version: 5.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2002 Apr 23
0
[Bug 225] New: Supression of login warning banner for noninteractive commands
http://bugzilla.mindrot.org/show_bug.cgi?id=225
Summary: Supression of login warning banner for noninteractive
commands
Product: Portable OpenSSH
Version: 3.0.2p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P4
Component: ssh
AssignedTo:
2002 Jun 26
5
[PATCH] improved chroot handling
There are a couple of niggles with the sandboxing of the unprivileged
child in the privsep code: the empty directory causes namespace pollution,
and it requires care to ensure that it is set up properly and remains set
up properly. The patch below (against the portable OpenSSH, although the
patch against the OpenBSD version is very similar) replaces the fixed
empty directory with one that is
2012 Jan 28
1
PATCH: Fix memory leak in sshd
Hello,
The below patch fixes a memory leak I noticed in monitor_read_load() when the child's log pipe is closed.
Thanks,
Zev Weiss
--
diff --git a/monitor.c b/monitor.c
index a166fed..6464eec 100644
--- a/monitor.c
+++ b/monitor.c
@@ -510,6 +510,7 @@ monitor_read_log(struct monitor *pmonitor)
debug("%s: child log fd closed", __func__);
close(pmonitor->m_log_recvfd);
2014 Sep 08
1
possible deadcodes in sources
Hello,
we've run a coverity scan on the openssh sources and it found several
issues. Although the scan was run on patched rhel sources, some results are applicable to vanilla sources
too.
* servconf.c:1458:dead_error_line ? Execution cannot reach this statement "*intptr = *intptr + 1;"
--- a/servconf.c
+++ b/servconf.c
@@ -1451,12 +1451,8 @@
2003 Mar 26
0
Password expiry in auth-krb5.c
Due to difficulties in getting PAM (with krb5) password expiry working
consistently on multiple platforms, I'd like to see if I could hack
something into auth-krb5.c to do so.
Here's a backtrace when stopped in auth_krb5_password:
#0 auth_krb5_password (authctxt=0x8e148, password=0x90250 "XXXXXXXX") at auth-krb5.c:270
#1 0x274d8 in auth_password (authctxt=0x8e148,
2001 Oct 26
5
New password echoes on Sol8
I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different
version that just calls getpassphrase(). It appears to solve the echo
problem when the user tries to login in interactive mode and needs to
change their password.
Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add:
#define HAVE_GETPASSPHRASE
... to config.h when compiling (since it's not a configurable
2020 Mar 11
6
[PATCH 0/1] *** SUBJECT HERE ***
Hi,
sifting through my system's logs, I noticed many break-in attempts by
rogue ssh clients trying long lists of common passwords. For some time
now I pondered different approaches to counter these, but could not come
up with a solution that really satisfied me.
I finally reached the conclusion that any countermeasures required
support in sshd itself, and created the attached patch. If
2005 Mar 16
1
openssh-3.8.1p1, with pthreads enabled, hung in pthread_join.
I connect to my OpenSSH 3.8.1p1 server and when the password dialog
shoes up I wait a min or so, long enough for the "Timeout before
authentication for %s" alarm to trigger. If at that point I enter my
password ssh will just sit there:
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad
2003 Jul 06
10
[Bug 585] sshd core dumping on IRIX 6.5.18 with VerifyReverseMapping enabled
http://bugzilla.mindrot.org/show_bug.cgi?id=585
------- Additional Comments From dtucker at zip.com.au 2003-07-07 00:32 -------
dmalloc (http://dmalloc.com/) claims to work on IRIX. It's likely to increase
the CPU and memory load, though.
I've built with dmalloc on Linux thusly:
LDFLAGS=-ldmalloc ./configure && make
eval `dmalloc -l /path/to/log high`
./sshd [options]
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
Hi All.
Attached is a patch that implements password expiry with PAM and
privsep. It works by passing a descriptor to the tty to the monitor,
which sets up a child with that tty as stdin/stdout/stderr, then runs
chauthtok(). No setuid helpers.
I used some parts of Michael Steffens' patch (bugid #423) to make it
work on HP-UX.
It's still rough but it works. Tested on Solaris 8 and