Displaying 20 results from an estimated 100 matches similar to: "sshd double-logging"
2016 Sep 05
2
GSSAPI monitor hardening
Hi,
Could someone who uses GSSAPI user authentication help test the
following patch? This improves the restrictions in the privilege
separation monitor to be a bit more stict. There should be no
change in behaviour.
If the patch breaks something then it should be immediately apparent -
the server will drop connections during user-authentication.
-d
diff --git a/monitor.c b/monitor.c
index
2005 Apr 07
3
Multiple log entries for successful pubkey authentication
Hi,
I'm wondering if that's planned or just occuring accidentally.
With OpenSSH 4.0 and the upcoming 4.1, I'm getting two entries in syslog
when a pubkey authentication logon was successful:
Apr 7 13:19:10 cathi sshd : PID 66116 : Accepted publickey for corinna from 192.168.129.6 port 40207 ssh2
Apr 7 13:19:10 cathi sshd : PID 67060 : Accepted publickey for corinna from
2002 Jun 28
0
Newer OSF patch.
It still is not right, but thanks to Steve we have gotten this far..
The issue seems to be here:
debug3: entering: type 26
debug3: entering
debug1: session_new: init
debug1: session_new: session 0
debug3: entering: type 26
: sendmsg(12): Invalid argument
debug1: Calling cleanup 0x1200365c0(0x14000d9d8)
debug1: session_pty_cleanup: session 0 release /dev/ttyp4
debug1: Calling cleanup
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the
2002 Jun 25
4
PAM kbd-int with privsep
The following is a patch (based on FreeBSD code) which gets kbd-int
working with privsep. It moves the kbd-int PAM conversation to a child
process and communicates with it over a socket.
The patch has a limitation: it does not handle multiple prompts - I have
no idea how common these are in real-life. Furthermore it is not well
tested at all (despite my many requests on openssh-unix-dev@).
-d
2004 May 27
1
Solaris/PAM/AFS: can't make it work
Greetings,
I know this has been discussed (pretty much since 3.7.1) and I have
been going through the archives trying to make sense of it but I am
still having problems getting 3.8.1p1 to work with PAM and AFS on
Solaris 8.
The problem (for those who may have missed it):
When I try and log in as an AFS user to a Solaris 8 box running
3.8.1p1, I can authenticate to the machine but do not
2006 Aug 15
1
OpenSSH_4.3p2 fails to create a pty session
I am out of ideas about what the problem is. I am using the default
sshd_config installed by the port. I can authenticate, copy files, and
start processes, but sshd fails to create a tty session. This happens
from remote machines and creating a session from the host machine. I
find the following under messages.
Aug 8 19:32:16 mongoloid sshd[44626]: fatal: mm_send_fd: sendmsg(4):
Bad
2005 Jul 13
1
no expiry message displayed when login.
Hi,
I am not sure this is a bug in Openssh or not.
I am running Openssh 4.1p1. with openssl 0.9.7g
Scenario:
When my password is in the warning period, I logon via ssh and I did not
get the warning message which I should.
I enabled the DEBUG level to 3 and I can see that sshd did received the
warning message but It is not displayed from login session.
Information from DEBUG :
Jul 13 17:05:31
2003 Oct 09
5
kerberos + gssapi password change
Hello
I am not a developer, but since this is a more advanced issue I rather
post to this list than to the users list, I hope this is OK.
We are currently running openssh with simon's gssapi patch and want to
move towards the new integrated solution with openssh-3.7.1p2. A problem
we experienced in both versions of openssh is that we are not able to
change the kerberos password, when it
2006 May 04
2
xmalloc(foo*bar) -> xcalloc(foo, bar) for Portable
Hi All.
While wandering in auth-pam.c I noticed that there's a few Portable-specific
escapees from the xmalloc(foo * bar) cleanup.
There's also a "probably can't happen" integer overflow in
ssh-rand-helper.c with the memset:
num_cmds = 64;
- entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t));
+ entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2011 Jun 02
2
preauth privsep logging via monitor
Hi,
This diff (for portable) makes the chrooted preauth privsep process
log via the monitor using a shared socketpair. It removes the need
for /dev/log inside /var/empty and makes mandatory sandboxing of the
privsep child easier down the road (no more socket() syscall required).
Please test.
-d
Index: log.c
===================================================================
RCS file:
2015 Apr 07
2
OpenSSH 6.6.x sends invalid SSH_MSG_USERAUTH_INFO_REQUEST
Darren Tucker <dtucker at zip.com.au> writes:
>That's a vendor-modified version of OpenSSH. Assuming it corresponds to
>what's in FreeBSD head, there's about a thousand lines of changes.
Ugh.
>Can you reproduce the problem with an unmodified version from openssh.com?
>Failing that, can you get the server-side debug output from a failing
>connection (ie
2006 Sep 12
1
openssh (OpenBSD) , bsdauth and tis authsrv
nuqneH,
I've tried using TIS authsrv authentication via bsd auth and found
it quite limited. The most important restriction it does not log
ip and fqdn of the remote peer, nor the application name, to
the authentication server. It does not matter much for TIS authsrv,
but since other applications do provide such information, our
authsrv version uses it for extra authentication restrictions.
2011 Oct 08
13
[Bug 41585] New: X freeze and PGRAPH errors in dmesg
https://bugs.freedesktop.org/show_bug.cgi?id=41585
Summary: X freeze and PGRAPH errors in dmesg
Product: xorg
Version: unspecified
Platform: x86-64 (AMD64)
OS/Version: Linux (All)
Status: NEW
Severity: major
Priority: medium
Component: Driver/nouveau
AssignedTo: nouveau at lists.freedesktop.org
2002 Jul 31
2
privsep+kerb5+ssh1
please test Olaf Kirch's patch. it looks fine to me, but i don't to K5.
i'd like to see this in the next release. thx
-m
-------------- next part --------------
--- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002
+++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002
@@ -73,18 +73,17 @@
* from the ticket
*/
int
-auth_krb5(Authctxt *authctxt, krb5_data *auth, char
2014 Dec 23
2
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
On Tue, 23 Dec 2014, Dmt Ops wrote:
> testing goole-authenticator's standalone functionality, it
>
> > cd google-authenticator/libpam/
> > ./demo
> Verification code: 123456
> Login failed
> Invalid verification code
> >
>
> fails with an INVALID code, and
>
> > ./demo
> Verification code:
2002 Jun 25
0
[Bug 290] New: auth_method set incorrectly in mm_answer_keyverify()
http://bugzilla.mindrot.org/show_bug.cgi?id=290
Summary: auth_method set incorrectly in mm_answer_keyverify()
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2004 Sep 07
0
Please review openssh patch for selinux
As posted, here is an updated patch which allows openssh to be built
with non-selinux config.
(Hi openssh guys, forwarding this to you incase you interested including
it into the devel version of openssh. Please let us know if you have any
suggestions or changes that need to be made)
Regards
Nigel Kukard
On Thu, Sep 02, 2004 at 04:11:54PM -0400, Daniel J Walsh wrote:
> New SSH patch.
>
2003 Mar 02
0
[RFC][PATCH] Require S/KEY before other authentication methods.
I need a way to make sshd require S/KEY authentication to succeed before
allowing either password or public-key authentication.
Currently, we can only have S/KEY+password, by using PAM for
authentication, and configuring PAM accordingly. But PAM of course can't
handle SSH public keys.
I thought for a while that ideally we could actually use PAM to tell
sshd what methods of authentication to