similar to: OpenSSH's UseLogin option allows remote access with root privilege. (fwd)

OpenSSH's UseLogin option allows remote access with root privilege. 1. Systems affected: The default installation of OpenSSH is not vulnerable, since UseLogin defaults to 'no'. However, if UseLogin is enabled, all versions of OpenSSH prior to 2.1.1 are affected. 2. Description: If the UseLogin option is enabled the OpenSSH server (sshd)

I was having problems getting the UseLogin option to work on Solaris. I would recieve this error: No utmpx entry. You must exec "login" from the lowest level "shell". This led me to believe that Solaris login wants a utmpx entry in order to function. I put together a patch that calls record_login on Solaris when using the system login. I also noticed that writing a wtmpx

Hello, By the 26th of May I will have been waiting for response for 17 days. I have posted this mail at 9 May 2001 20:38:58 and still this bug is not fixed and AFAIK no one have answered to this mail. I have to ask: why? ;-) ---------- My OLD message ---------- Hello, I have just discoverd that ssh -T does not work with servers which have UseLogin option enabled. This happends becouse

https://bugzilla.mindrot.org/show_bug.cgi?id=378 --- Comment #3 from Darren Tucker <dtucker at zip.com.au> --- Comment on attachment 2590 --> https://bugzilla.mindrot.org/attachment.cgi?id=2590 skip record_login in privsep when UseLogin is active >+ if (!options.use_login) >+ return; >+ Err, that's going to skip the login recording when UseLogin is INactive. -- You

I'm using openssh 2.5.2p2 on Solaris-x86 2.6. I ran into a couple problems when I set UseLogin to "yes": The big one seems to have been reported before: login refuses to run without a utmpx entry. This problem appears to have been caused by the changes in revision 1.24 of session.c. Before this revision, the record_login() function was always called, no matter how UseLogin was

This patch revive almost all login.conf and password/account expiration features, makes OpenSSH more FreeBSD login compatible and fix non-critical memory leak. Please review and commit. --- sshd.c.old Fri Feb 25 08:23:45 2000 +++ sshd.c Sun Feb 27 02:53:33 2000 @@ -37,9 +37,8 @@ #endif /* LIBWRAP */ #ifdef __FreeBSD__ -#include <libutil.h> -#include <syslog.h> #define LOGIN_CAP

http://bugzilla.mindrot.org/show_bug.cgi?id=101 Summary: session.c modifications for correct UNICOS behavior Product: Portable OpenSSH Version: 3.0.2p1 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

Attached is a patch to be applied with GNU patch -p0, notice that configure needs to be regenerated. The patch addresses the following annoyances: * On AIX there is a signal called SIGDANGER which is sent to all processes when the machine runs low on virtual memory. This patch makes sure that this signal is ignored, because the default on older AIX releases is to kill the running process

Attached is the latest version of my UseLogin patch that makes "UseLogin true" work on Solaris and UNICOS. As usual, I have provided configure.in changes that set the appropriate defines for Solaris, but I have not provided the configure.in changes for UNICOS (since they would be incomplete, and Wendy is working on this). This version fixes a problem with the last-login time always

My apologies if this has already been discussed. I looked through the mailing list archives and couldn't see any mention of this problem. I compiled and installed openssh-2.3.0p1 on a sparc running SunOS 5.7, and while I was testing it to make sure everything was working properly, I noticed that when I used PAM to authenticate, rather than /bin/login, sshd was not honoring /etc/nologin. I

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

Greetings, In order to use solaris's BSM (Basic security module) also called c2 audit, which logs specific kernel calls depending on your audit_control, I would need to use login(1) to log users exec calls and whatnot because Portable OpenSSH does not have <bsm/audit.h> support, now that would mean I would have to enable Uselogin in sshd_config in order for that to work. I am running

Hello, whereas most people take passwd/shadow/ldap/<whatever> as the place where decision on a chrooted environment / sandbox for certain users is met (just set the given usershell appropriateley), I needed a somewhat different approach. Below is a tiny patch to 2.2.0p1 which enhances the sshd-config by two options and, when set, places all users / users of a certain group immediately in

We recently switched to OpenSSH from ssh 1.2.x and I quickly noticed that /etc/environment processing has gone AWOL. This patch adds a new sshd_config variable: SysEnvFile Specifies a file containing the system-wide default environment in ``VARNAME=value'' format (default is none.) The contents of a user's $HOME/.ssh/environment file, if

Hello, I tried UseLogin, because ssh does not seem to propagate the tty controlling characters from the local to the remote tty and the login(1) on my system offers a config file to set them. Unfortunately, when using UseLogin, sshd does not run xauth. I can only guess that it does so, because it would have to drop privileges for doing so, but that makes UseLogin about useless. I am not

http://bugzilla.mindrot.org/show_bug.cgi?id=378 Summary: sshd does not update utmp/utmpx records correctly when "UseLogin" feature on Product: Portable OpenSSH Version: -current Platform: MIPS OS/Version: IRIX Status: NEW Severity: normal Priority: P2

https://bugzilla.mindrot.org/show_bug.cgi?id=378 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |djm at mindrot.org, |

Hello all, I just noticed that if I enable UseLogin, IP address will be shown in 'w' when logging on. If UseLogin is disabled, the hostname will be used. I tested this on 2.1.1p2 and p4, on home-grown Redhat Linux 6.2. Anyone else notice this? Is this an issue with OpenSSH or login? -- Pekka Savola "Tell me of difficulties surmounted, Pekka.Savola at

Back on April 4th I sent a patch that makes UseLogin work on Solaris. This change also made UseLogin work with Unicos (both of which require a valid utmpx entry before /usr/bin/login will run). I have not heard back from any of the ssh developers about this issue, and the current snapshot doesn't appear to deal with this problem at all. So, is there some issue here we still need to deal

http://bugzilla.mindrot.org/show_bug.cgi?id=1024 Summary: SSHD fails to connect when "UsePAM and UseLogin" is yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org