Displaying 20 results from an estimated 1000 matches similar to: "SSH PAM authentication/login with a new user DB (through NSS)"
2004 Jul 09
3
Bug#252676: sshd failure
On Fri, Jun 04, 2004 at 01:20:54PM -0400, Joey Hess wrote:
> My colocated server was refusing both ssh and ssl telnet connections.
> It looked like this:
>
> joey:~>ssh -v kite
> OpenSSH_3.8.1p1 Debian 1:3.8.1p1-4, OpenSSL 0.9.7d 17 Mar 2004
> debug1: Reading configuration data /home/joey/.ssh/config
> debug1: Applying options for kite
> debug1: Reading configuration
2005 Mar 16
1
openssh-3.8.1p1, with pthreads enabled, hung in pthread_join.
I connect to my OpenSSH 3.8.1p1 server and when the password dialog
shoes up I wait a min or so, long enough for the "Timeout before
authentication for %s" alarm to trigger. If at that point I enter my
password ssh will just sit there:
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 18 padlen 14 extra_pad
2004 May 27
1
Solaris/PAM/AFS: can't make it work
Greetings,
I know this has been discussed (pretty much since 3.7.1) and I have
been going through the archives trying to make sense of it but I am
still having problems getting 3.8.1p1 to work with PAM and AFS on
Solaris 8.
The problem (for those who may have missed it):
When I try and log in as an AFS user to a Solaris 8 box running
3.8.1p1, I can authenticate to the machine but do not
2016 Feb 17
2
Using 'ForceCommand' Option
I would like to implement an arbitrary script to be executed when logging
on via SSH. This is supposedly possible using the ForceCommand option to
sshd. However, as soon as I implement any script, even as simple as echoing
a string, clients can no longer connect to the server. Clients report only
that the connection was dropped by the server. The server, in debug mode,
shows:
Feb 17 16:14:01
2008 Mar 21
1
ChrootDirectory fails if compiled with SELinux support (whether or not using SELinux)
Hi,
(please CC me as I'm not subscribed to the list)
If compiled with SELinux support, OpenSSH 4.8 current cvs fails for
accounts where the new ChrootDirectory option is active :
debug1: PAM: establishing credentials
debug3: PAM: opening session
debug2: User child is on pid 1695
debug3: mm_request_receive entering
debug1: PAM: establishing credentials
debug3: safely_chroot: checking
2010 Jul 13
5
[Bug 1795] New: An integer variable "num" in mm_answer_pam_query() is not initialized before used
https://bugzilla.mindrot.org/show_bug.cgi?id=1795
Summary: An integer variable "num" in mm_answer_pam_query() is
not initialized before used
Product: Portable OpenSSH
Version: 5.5p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
2024 Oct 08
1
sshd fails when using cryptodev-linux to compute hmac
I don't know anything about cryptodev-linux, but I assume it's an
openssl engine? If so it's possible sshd's multiprocess model and/or
file descriptor handling is confusing it.
It's not a configuration we test, so you're mostly on your own to debug
it. It's entirely possible there's a bug there; if so, I'd expect it
to be something like a fd being closed while
2006 Aug 15
1
OpenSSH_4.3p2 fails to create a pty session
I am out of ideas about what the problem is. I am using the default
sshd_config installed by the port. I can authenticate, copy files, and
start processes, but sshd fails to create a tty session. This happens
from remote machines and creating a session from the host machine. I
find the following under messages.
Aug 8 19:32:16 mongoloid sshd[44626]: fatal: mm_send_fd: sendmsg(4):
Bad
2024 Oct 08
1
sshd fails when using cryptodev-linux to compute hmac
Hi All,
I'm having an issue where SSH sessions fail if I enable the cryptodev engine for HMAC. I'd like to confirm if this is a supported configuration and if there are any known bugs.
HMAC with the cryptodev engine works fine when using the openssl application directly, so I suspect that something in openssh may be the cause of the issue.
I tried this initially with sshd from openssh
2015 Apr 07
2
OpenSSH 6.6.x sends invalid SSH_MSG_USERAUTH_INFO_REQUEST
Darren Tucker <dtucker at zip.com.au> writes:
>That's a vendor-modified version of OpenSSH. Assuming it corresponds to
>what's in FreeBSD head, there's about a thousand lines of changes.
Ugh.
>Can you reproduce the problem with an unmodified version from openssh.com?
>Failing that, can you get the server-side debug output from a failing
>connection (ie
2017 Aug 30
4
sshd dies when starting gkrellm
sshd also dies when certain other kinds of traffic is generated, such as
`man pw' using the most pager[1], and many x11 apps such as emacs.
However, it is stable when running simple x11 apps such as xeyes, and
the link its self is stable -- a terminal will stay connected without
issue for days, as long as not much happens in it. Also a sshfs
connection dies immediately.
ssh -Y karren
gkrellm
2008 Jun 12
2
FIPS mode OpenSSH suggestion
Hi OpenSSH team,
I find a url http://www.gossamer-threads.com/lists/openssh/dev/42808?do=post_view_threaded#42808, which provides unofficial patch for FIPS Capable OpenSSH. I try it and it seems working for some cases.
(BTW, I also find that aes128-ctr, aes192-ctr and aes256-ctr ciphers can't work in FIPS mode properly.
The fips mode sshd debug info is as following.
2004 Oct 02
12
[Bug 938] "AllowGroups" option and secondary user's groups limit
http://bugzilla.mindrot.org/show_bug.cgi?id=938
Summary: "AllowGroups" option and secondary user's groups limit
Product: Portable OpenSSH
Version: 3.9p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at
2008 Jun 19
0
Is there any plan for OpenSSH to support FIPS?
Hi OpenSSh Developer,
Currently, I can make openssh-5.0p1 working in FIPS mode. The detail steps I did are as follows.
1) Build FIPS OpenSSL according to FIPS User Guide(http://www.openssl.org/docs/fips/) on HP-UX PA 11.23 box.
FIPS object module is generated by compiling openssl-fips-1.1.2.
FIPS OpenSSL is built by openssl-0.9.7m, which is passed fips option for Configure step.
2) Modify
2008 Oct 16
2
5.1p on RHEL 3 and password expiration
[ Sorry for the length of this; I felt it better to provide potentially
too much info, rather than not enough. I've probably missed something
that's important, though! ]
I have an odd problem with 5.1p on RHEL3 if "UsePAM yes" and
"UsePrivilegeSeparation no" is set. The code detects that the user
password is aged (according to shadow) but then fails to let me
2004 May 04
3
Error with USE_POSIX_THREADS and OpenSSH-3.8p1
Hello,
I am using OpenSSH-3.8p1 on HP-UX machine with USE_POSIX_THREADS option.
This is for making the kerberos credentials file to be created in the system
with PAM. In OpenSSH versions 3.5 when authentication is done with pam
kerberos, a /tmp/krb5cc_X_Y file is created on the server side. But the
KRB5CCNAME variable is not set by default. So, after we manually set this
environment variable, the
2015 Dec 16
2
Running sshd with Privilege Seperation drops connection on password change
Hi Darren/Damien,
Sorry for responding so late. Still hope we can get this sorted out.
Yes I am indeed using PAM for ssh authentication and disabling priv seperation is a no-go for us since it opens up a security loophole.
From what I can see in ptree and auth logs, when the child passwd process returns with SIGCHLD, the parent sshd process terminates.
Sshd logs are as follows as requested at
2015 Sep 28
4
[Bug 2475] New: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=2475
Bug ID: 2475
Summary: Login failure when PasswordAuthentication,
ChallengeResponseAuthentication, and
PermitEmptyPasswords are all enabled
Product: Portable OpenSSH
Version: 7.1p1
Hardware: ix86
OS: Linux
Status: NEW
2007 Jan 17
0
login_get_lastlog - nss enviornment - works in shell env, doesn't work when sshd calls it.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello to every one!
Maybe this is not exactly the right place,
but I don't know where to ask, so...
I have a FreeBSD-6-STABLE machine,
setuped with custom nss lib which reads from pgsql database.
It seems to be working just fine except
that I can't login trought ssh, when trying the normal method.
When I do
$>ssh host.com tcsh
I get
2004 Nov 27
0
buffer_get_bignum2: negative numbers not supported
Hi
I have added smartcard support to PuTTY and this worked fine
until yesterday when we replaced one of our Slackware-9 machines
by a Slackware-10 one.
Slackware-9 contained OpenSSH 3.5p1 while Slackware-10 has
OpenSSH 3.8.1p1.
Now the same keys that worked before do not work anymore and
OpenSSH fails with
buffer_get_bignum2: negative numbers not supported
I first supected that my