Displaying 20 results from an estimated 1000 matches similar to: "Extend logging of openssh-server - e.g. plaintext password"
2016 Dec 18
2
Extend logging of openssh-server - e.g. plaintext password
I concur with Nico ? logging plaintext passwords is an extremely bad idea.
The tone of the poster also leaves much to be desired ? but I?ll hold my tongue for now.
--
Regards,
Uri Blumenthal
On 12/18/16, 11:48, "openssh-unix-dev on behalf of Nico Kadel-Garcia" <openssh-unix-dev-bounces+uri=ll.mit.edu at mindrot.org on behalf of nkadel at gmail.com> wrote:
On Sun, Dec 18,
2016 Dec 18
2
Extend logging of openssh-server - e.g. plaintext password
What part of ?Password Authentication is disabled? do you not understand?
> Am 18.12.2016 um 11:21 schrieb Nico Kadel-Garcia <nkadel at gmail.com>:
>
> On Sat, Dec 17, 2016 at 7:37 PM, Philipp Vlassakakis
> <philipp at vlassakakis.de> wrote:
>> Dear list members,
>>
>> I want to extend the logging of the openssh-server, so it also logs the entered
2009 May 03
10
[Bug 1595] New: Server option PrintLastLog does not work on AIX
https://bugzilla.mindrot.org/show_bug.cgi?id=1595
Summary: Server option PrintLastLog does not work on AIX
Product: Portable OpenSSH
Version: 5.2p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy:
2016 Dec 18
2
Extend logging of openssh-server - e.g. plaintext password
Also, if password-based auth is not allowed, WTF would you want to log passwords?
This whole idea is ugly, and smacks of a teenage-level prank attempt.
I would strongly object against any such modification of the main source (though I'm sure the maintainers are sane enough to never let such a crap in).
Of course the original poster is free to hack his own copy in whatever way he wants.?
2003 Jul 05
0
[PATCH] Replace AIX loginmsg with generic Buffer loginmsg
Hi All.
I've decided to try to merge the -Portable parts of the password expiry
patch (see bug #14) that do not depend on the OpenBSD change in bug #463.
The attached patch is the first step in this process. It removes the
AIX-specific "char *aixloginmsg" and replaces it with a platform-neutral
"Buffer loginmsg". I think this is worth having in -Portable even if it
2006 Sep 14
3
[PATCH] PermitRootLogin woes
Hi all,
among other things, we provide shell access to various unix based
platforms for our students and university staff. Recently, there has been
increasing number of root login attacks on one particular Tru64 machine
running OpenSSH.
The host is configured with "PermitRootLogin no" but every once in a while
SIA auth with TCB enhanced security locks the root account.
I suppose
2003 Sep 24
1
Patches for compatibility with Heimdal's libsia_krb5 SIA module
I have found the following patches to be desirable for using sshd on a
Tru64 UNIX system with the Kerberos 5 SIA module (libsia_krb5.so) from
Heimdal.
These patches do the following:
1) preserve context between the password authentication and the session
setup phases. This is necessary because the Heimdal SIA module stores
Kerberos context information as mechanism-specific data in
2003 Jul 03
0
AIX cleanups: includes and arguments
Hi All.
First the questions:
Is there anything objectionable in this patch?
Is AUDIT_FAIL_AUTH appropriate for the "Reason" field?
Now the details: attached is a patch that changes some of the #includes
for AIX. It moves the AIX-specific includes to port-aix.h and adds
includes that contain the prototypes for many of the authentication
functions. The idea isto fix some warnings.
2005 Apr 07
1
PermitRootLogin and Tru64 SIA
I have "PermitRootLogin no" in my sshd_config, but under Tru64 and SIA,
the root login attempts still get passed to the SIA system (so I get
lots of warnings about failed root logins). On systems with a "max
failed attempts" setting, the root account can be locked out this way.
I started looking at the code, and I'm not sure I understand what I see.
In auth-passwd.c,
2009 Feb 07
0
Patch to 5.1p1 : Log X11 forwarding
--- /linus/src/openssh-5.1p1/session.c 2008-06-16 09:29:18.000000000 -0400
+++ session.c 2009-02-07 11:27:37.146134000 -0500
@@ -344,6 +344,7 @@
} else {
s->screen = 0;
}
+
packet_check_eom();
success = session_setup_x11fwd(s);
if (!success) {
@@ -2246,6 +2247,7 @@
{
int success = 0;
Session *s;
+ const char *host = NULL;
if ((s =
2000 Oct 07
0
OpenSSH changes for BSD/OS
The following are patches against openssh 2.1.1p4 to add
support for the BSD_AUTH authentication mechanisms. It allows the
use of non-challenge/response style mechanisms (which styles are
allowed my be limited by appropriate auth-ssh entries in login.conf).
The patches also add support for calling setusercontext for the
appropriate class when called with a command (so that the PATH, limits,
2003 Sep 16
1
OpenSSH 3.7p1, PrivSep, and Tru64 broken (sorry)
Well, I had just finally gotten around to downloading a snapshot to test
the latest on Tru64 a couple of days ago but hadn't had a chance to
build it yet, and 3.7p1 has now been released. Sigh.
The problem is that Tru64 setreuid() and setregid() are broken, so
privsep doesn't work.
This could also be a security problem for SIA authentication in general
(any version of OpenSSH on Tru64,
2003 Feb 28
0
[PATCH] Clean up failed login logging.
Hi All.
As noted in a previous post, the logging of failed user logins is
somewhat spread out. This patch creates a record_failed_login()
function in sshlogin.c and moves the AIX and UNICOS code to it,
eliminating 3 #ifdefs from the main code. It also provides an obvious
place to add the code for any other platforms that support this.
I've tested this on AIX 4.3.3. Wendy Palm was kind
2003 Apr 03
0
[PATCH re-send]: Clean up logging of failed logins.
Hi All.
This is a re-send of a patch I submitted before 3.6p1.
As noted in a previous post, the logging of failed user logins is
somewhat spread out. This patch creates a record_failed_login()
function in sshlogin.c and moves the AIX and UNICOS code to it,
eliminating 3 #ifdefs from the main code. It also provides an obvious
place to add the code for any other platforms that support
2003 Jan 27
1
[PATCH] Creation of record_failed_login() in sshlogin.c
Hi All,
I've been poking around various parts of the auth code for a while.
Some platforms support failed login counters and it occurs to me that
there's as few too many instances of:
#ifdef [PLATFORM]
if (authenticated == 0 && strcmp(method, "password") == 0)
some_login_failure_func();
#endif
The attached patch creates a record_failed_login() function in
2001 Feb 04
1
minor aix patch to auth1.c
--- auth1.c.orig Sat Feb 3 18:17:53 2001
Bringa AIX modes in line with latest changes to auth1.c
+++ auth1.c Sat Feb 3 18:19:15 2001
@@ -347,7 +347,7 @@
if (authctxt->failures++ > AUTH_FAIL_MAX) {
#ifdef WITH_AIXAUTHENTICATE
- loginfailed(user,get_canonical_hostname(),"ssh");
+
2012 May 17
2
New Subsystem criteria for Match option block in OpenSSH server
Hello everybody,
I'm a C/C++ consultant working for Ericsson.
I changed the OpenSSH-Portable code to add a new criteria
into the Match sshd_config option read by the sshd server.
The new criteria is "Subsystem"; so a conditional block based
on subsystem client request can now be added to the sshd_config
configuration server file to override settings in its global
section.
2003 Feb 27
0
Update for Tru64 Unix
Here is a long-overdue (sorry about that) patch for Tru64. It is pretty
minor mostly (minor formatting and removal of a couple of unneeded
calls), and it disables post-auth privsep (so that OpenSSH will work
"out of the box" on Tru64, avoiding the many questions).
I'm also looking at getting setproctitle working. For Tru64 4.x, it
isn't a big deal (normal PS_USE_CLOBBER_ARGV
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's
authentication library. However, BSDI's patches have several
problems:
1. They don't run the approval phase, so they can allow users to login
who aren't supposed to be able to.
2. They don't patch configure to automatically detect the BSDI auth
system, so they're not ready to use in a general portable
2002 Mar 14
0
OpenSSH vs AIX 4.3.3 => 5.1 utmp patch
The patch below follows changes in AIX utmp handling made between AIX 4.3.3
and 5.1. With it, utmp entries are properly recorded again.
The patch applies to OpenSSH 3.1p1, and seems to work fine. The co-worker
who sent me the patch hasn't tested backwards compatibility on AIX 4.3.3
systems.
Richard
-------
*** openssh-2.9.9p2/auth-passwd.c.org Tue Jul 3 23:21:15 2001
---