Displaying 20 results from an estimated 700 matches similar to: "Where to implement user limit settings ?"
2002 Sep 04
2
uid transition and post-auth privsep (WAS Re: possible fundamental problem with tru64 patch) (fwd)
What do we loose by not having post-auth privsep?
What code is executed between authorization and actual setting of the
effective uid?
On Tue, 3 Sep 2002, Chris Adams wrote:
> Once upon a time, Toni L. Harbaugh-Blackford <harbaugh at nciaxp.ncifcrf.gov> said:
> > It appears that the integration of the sia session setup will either
> > have to be rethought or abandoned
2002 Jun 25
1
PrivSep and AIX 4.3.2
With 3.3p1 built on AIX 4.3.2:
$ ssh [blah]
Couldn't set usrinfo: Not owner
debug1: Calling cleanup 0x20019080(0x200219a0)
debug3: mm_request_send entering: type 27
debug1: Calling cleanup 0x20018dd4(0x0)
Connection to songohan closed by remote host.
Connection to songohan closed.
Output from sshd -d -d -d:
...
debug3: tty_parse_modes: 92 0
debug3: tty_parse_modes: 93 0
2001 May 01
1
Problem with .hushlogin in Tru64 UNIX 4.0e
I have tried this with openssh-2.5.2p2 and openssh-SNAP-20010501.
I have noticed that with a .hushlogin file in my home directory I still
get messages.
With the .hushlogin file I get these messages:
Last successful login for ricardo: Tue May 1 08:06:00 2001 from
blah.mnsu.edu
Last unsuccessful login for ricardo: Tue May 1 08:05:21 2001 from
blah.mnsu.edu
Without the .hushlogin file I get
2002 Nov 05
2
[PATCH] Add a chroot_users option to sshd
This patch adds a new option to sshd, chroot_users. It has the effect of
chroot()ing incoming ssh users to their home directory. Note: this option
does not work if UsePrivilegeSeparation is enabled.
Patch is based on OpenSSH 3.4p1.
*** servconf.h@@\main\1 Tue Oct 1 17:25:32 2002
--- servconf.h Wed Oct 2 06:17:48 2002
***************
*** 131,136 ****
--- 131,137 ----
char
2001 Mar 20
1
Tru64 UNIX SIA in 2.5.2p1 is hosed
Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I
haven't been able to figure out what changed in the code, but the
symptom seems to be that the TTY name being registered with SIA is
truncated to eight characters. This apparently prevents it from
matching with entries in the tty database, and the dreaded "Cannot
obtain database information on this terminal
2002 Aug 11
4
OSF/1 or Tru64 patch for Privsep
Either this never made it to the list or no one cares about Tru64. This
is the last time I'll send this patch to the list. If no one steps up and
finishes it or provides me with enough information to fix any remaining
bugs (one being complaint that 'ssh site cmd' does not work right).
If there is no activity on this for a week. I'll post it to bugzilla and
will ignore any
2001 Apr 13
0
Fixed patch for Digital Unix SIA
Okay, here is a fixed version of the patch I sent before for fixing the
problems I know about with Digital Unix SIA: displaying too much info
(MOTD, last login, etc.) when access is denied, and the loss of the
error message sometimes when access is denied.
It does break some code out of do_login into a couple of separate
functions. I did this to avoid duplicating the code in a couple of
places.
2002 Sep 11
1
tru64 sia: move call of session_setup_sia() to do_setusercontext(), letting grantpty() and friends handle pty perms
Hi-
Under privsep, I experimented with moving the session_setup_sia() out of
do_child() and into do_setusercontext(), which is where the uids/gids are set
to the final execution user. The call is made with a NULL tty, and this
is functional provided that any later pty allocation uses grantpty() to
set the device permissions. Logging in with this method shows that a utmp
entry does get made for
2001 Nov 15
1
Solaris 2.6: acomp failed for session.c
Re: openssh-2.9.9p2 versus Solaris 2.6, Forte C version 6upd2
The compiler treated the call to do_pre_login in session.c line 581 as a
prototype, warned of inconsistency with the function definition starting
line 628:
"session.c", line 628: identifier redeclared: do_pre_login
current : static function(pointer to struct Session {[struct
definition suppressed]}) returning void
2002 Apr 22
0
[Bug 101] session.c modifications for correct UNICOS behavior
http://bugzilla.mindrot.org/show_bug.cgi?id=101
------- Additional Comments From wendyp at cray.com 2002-04-23 08:43 -------
updated patches for 22 april snapshot:
--- session.c.orig Mon Apr 22 14:36:13 2002
+++ session.c Mon Apr 22 16:31:15 2002
@@ -64,6 +64,10 @@
#define is_winnt (GetVersion() < 0x80000000)
#endif
+#ifdef _CRAY
+#include <tmpdir.h>
+#endif /*
2001 Oct 23
1
Compilation error on Solaris Workshop 6 (+patch)
Hi!
At compilation of the openssh-2.9.9p2 with Solaris WorkShop 6.01 the
following compilation error was given out.
/opt/SUNWspro/bin/cc -Xa -xF -xCC -xildoff -xarch=v9 -xchip=ultra
-dalign -I/usr/include/v9 -D_REENTRANT -xO2 -I. -I.
-I/usr/local/include -DETCDIR=\"/etc/ssh\"
-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
2001 Aug 07
1
do_pre_login() used before declared
do_pre_login() in session.c is used (in do_exec_pty()) before
it's declared, which is causing some problems for me.
please move it up a couple hundred lines in the file.
patch included for 0807 snapshot.
thanks,
wendy
% diff -u session.c.orig session.c.mod
--- session.c.orig Tue Aug 7 13:11:51 2001
+++ session.c.mod Tue Aug 7 16:21:07 2001
@@ -397,6 +397,34 @@
}
}
2003 Feb 27
0
Update for Tru64 Unix
Here is a long-overdue (sorry about that) patch for Tru64. It is pretty
minor mostly (minor formatting and removal of a couple of unneeded
calls), and it disables post-auth privsep (so that OpenSSH will work
"out of the box" on Tru64, avoiding the many questions).
I'm also looking at getting setproctitle working. For Tru64 4.x, it
isn't a big deal (normal PS_USE_CLOBBER_ARGV
2001 Mar 21
1
Tru64 UNIX SIA in 2.5.2p1 is hosed (still)
The recent patch posted by Steve VanDevender <stevev at darkwing.uoregon.edu>
for fixing the session code on Tru64 isn't quite right -- it still fails
in the case of NO tty being allocated.
The problem is that s->tty is a char[TTYSZ] rather than a char *, and
hence can't hold a NULL. Calling sia_ses_init() with the tty being an
empty string doesn't signify no tty, and
2001 Feb 13
4
cvs bulid breaks on slackware
cvs code from this morning (about 9am PST) breaks on slackware 7.1 w/ gcc
2.95.2.1 with an undefined reference to session_setup_sia in session.o.
this seems to be the culprit here:
#ifdef HAVE_OSF_SIA
#else /* HAVE_OSF_SIA */
session_setup_sia(pw->pw_name, ttyname);
since i have no idea what that's trying to accomplish (and seems to be a bit
backwards to me from looking
2002 Jun 29
0
Privsep for osf/1 .. still need a bit of help
This privsepifies OSF/1 SIA, but I'm still being told the same error
occurs. I'm stumped.
Without an OSF/1 box near me I can't do too much more help unless someone
can either tell me what is wrong or show me why SIA is failing in their
logs.
(And tell me if it's different w/ or w/out this patch)
- Ben
Index: auth-sia.c
2004 Sep 06
0
OpenSSH 3.9p1 bug, .hushlogin is ignored
Hello Darren! Hello OpenSSH (portable) users!
After updating from OpenSSH 3.8.1p1 to OpenSSH 3.9p1 on my
Fedora Core 2 Linux box, the "sshd" no longer respects
"~/.hushlogin" to get a quiet and silent login. Now I get
the noisy "Last login: somedate from somehost" line.
I really loved that feature. ;-)
The problem is related to a change in "session.c",
2002 Aug 01
0
Tru64 and OSF/1 Privsep patch
Ok.. I need wider testing for this. I'm getting reports back it works
mostly. 'ssh site ls' fails, but they can login with Privsep enbled.
Can I get those who are using Tru64 or OSF/1 that have SIA enabled to
test? This should apple to either -cvs or the current snapshot (I would
perfer not to use 3.4p1 due to bugs).
I'm going on a trip next week and will be around very spotty
2002 Jun 28
0
Newer OSF patch.
It still is not right, but thanks to Steve we have gotten this far..
The issue seems to be here:
debug3: entering: type 26
debug3: entering
debug1: session_new: init
debug1: session_new: session 0
debug3: entering: type 26
: sendmsg(12): Invalid argument
debug1: Calling cleanup 0x1200365c0(0x14000d9d8)
debug1: session_pty_cleanup: session 0 release /dev/ttyp4
debug1: Calling cleanup
2004 Aug 23
8
[Bug 918] ssh_gssapi_storecreds called to late to be usable by PAM in sesion.c
http://bugzilla.mindrot.org/show_bug.cgi?id=918
Summary: ssh_gssapi_storecreds called to late to be usable by PAM
in sesion.c
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: