similar to: sshd double-logging

Hi, Could someone who uses GSSAPI user authentication help test the following patch? This improves the restrictions in the privilege separation monitor to be a bit more stict. There should be no change in behaviour. If the patch breaks something then it should be immediately apparent - the server will drop connections during user-authentication. -d diff --git a/monitor.c b/monitor.c index

Hi, I'm wondering if that's planned or just occuring accidentally. With OpenSSH 4.0 and the upcoming 4.1, I'm getting two entries in syslog when a pubkey authentication logon was successful: Apr 7 13:19:10 cathi sshd : PID 66116 : Accepted publickey for corinna from 192.168.129.6 port 40207 ssh2 Apr 7 13:19:10 cathi sshd : PID 67060 : Accepted publickey for corinna from

It still is not right, but thanks to Steve we have gotten this far.. The issue seems to be here: debug3: entering: type 26 debug3: entering debug1: session_new: init debug1: session_new: session 0 debug3: entering: type 26 : sendmsg(12): Invalid argument debug1: Calling cleanup 0x1200365c0(0x14000d9d8) debug1: session_pty_cleanup: session 0 release /dev/ttyp4 debug1: Calling cleanup

Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes PAM kbd-int work with privilege separation. Contrary to what I have previously stated - it *does* handle multiple prompts. What it does not handle is multiple passes through the PAM conversation function, which would be required for expired password changing. I would really appreciate some additional eyes over the

The following is a patch (based on FreeBSD code) which gets kbd-int working with privsep. It moves the kbd-int PAM conversation to a child process and communicates with it over a socket. The patch has a limitation: it does not handle multiple prompts - I have no idea how common these are in real-life. Furthermore it is not well tested at all (despite my many requests on openssh-unix-dev@). -d

Greetings, I know this has been discussed (pretty much since 3.7.1) and I have been going through the archives trying to make sense of it but I am still having problems getting 3.8.1p1 to work with PAM and AFS on Solaris 8. The problem (for those who may have missed it): When I try and log in as an AFS user to a Solaris 8 box running 3.8.1p1, I can authenticate to the machine but do not

I am out of ideas about what the problem is. I am using the default sshd_config installed by the port. I can authenticate, copy files, and start processes, but sshd fails to create a tty session. This happens from remote machines and creating a session from the host machine. I find the following under messages. Aug 8 19:32:16 mongoloid sshd[44626]: fatal: mm_send_fd: sendmsg(4): Bad

Hi, I am not sure this is a bug in Openssh or not. I am running Openssh 4.1p1. with openssl 0.9.7g Scenario: When my password is in the warning period, I logon via ssh and I did not get the warning message which I should. I enabled the DEBUG level to 3 and I can see that sshd did received the warning message but It is not displayed from login session. Information from DEBUG : Jul 13 17:05:31

Hello I am not a developer, but since this is a more advanced issue I rather post to this list than to the users list, I hope this is OK. We are currently running openssh with simon's gssapi patch and want to move towards the new integrated solution with openssh-3.7.1p2. A problem we experienced in both versions of openssh is that we are not able to change the kerberos password, when it

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));

this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h

Hi, This diff (for portable) makes the chrooted preauth privsep process log via the monitor using a shared socketpair. It removes the need for /dev/log inside /var/empty and makes mandatory sandboxing of the privsep child easier down the road (no more socket() syscall required). Please test. -d Index: log.c =================================================================== RCS file:

Darren Tucker <dtucker at zip.com.au> writes: >That's a vendor-modified version of OpenSSH. Assuming it corresponds to >what's in FreeBSD head, there's about a thousand lines of changes. Ugh. >Can you reproduce the problem with an unmodified version from openssh.com? >Failing that, can you get the server-side debug output from a failing >connection (ie

nuqneH, I've tried using TIS authsrv authentication via bsd auth and found it quite limited. The most important restriction it does not log ip and fqdn of the remote peer, nor the application name, to the authentication server. It does not matter much for TIS authsrv, but since other applications do provide such information, our authsrv version uses it for extra authentication restrictions.

https://bugs.freedesktop.org/show_bug.cgi?id=41585 Summary: X freeze and PGRAPH errors in dmesg Product: xorg Version: unspecified Platform: x86-64 (AMD64) OS/Version: Linux (All) Status: NEW Severity: major Priority: medium Component: Driver/nouveau AssignedTo: nouveau at lists.freedesktop.org

please test Olaf Kirch's patch. it looks fine to me, but i don't to K5. i'd like to see this in the next release. thx -m -------------- next part -------------- --- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002 +++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002 @@ -73,18 +73,17 @@ * from the ticket */ int -auth_krb5(Authctxt *authctxt, krb5_data *auth, char

On Tue, 23 Dec 2014, Dmt Ops wrote: > testing goole-authenticator's standalone functionality, it > > > cd google-authenticator/libpam/ > > ./demo > Verification code: 123456 > Login failed > Invalid verification code > > > > fails with an INVALID code, and > > > ./demo > Verification code:

http://bugzilla.mindrot.org/show_bug.cgi?id=290 Summary: auth_method set incorrectly in mm_answer_keyverify() Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

As posted, here is an updated patch which allows openssh to be built with non-selinux config. (Hi openssh guys, forwarding this to you incase you interested including it into the devel version of openssh. Please let us know if you have any suggestions or changes that need to be made) Regards Nigel Kukard On Thu, Sep 02, 2004 at 04:11:54PM -0400, Daniel J Walsh wrote: > New SSH patch. >

I need a way to make sshd require S/KEY authentication to succeed before allowing either password or public-key authentication. Currently, we can only have S/KEY+password, by using PAM for authentication, and configuring PAM accordingly. But PAM of course can't handle SSH public keys. I thought for a while that ideally we could actually use PAM to tell sshd what methods of authentication to