From bugzilla-daemon at mindrot.org Mon Sep 1 16:40:37 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 1 Sep 2003 16:40:37 +1000 (EST) Subject: [Bug 423] Workaround for pw change in privsep mode (3.5.p1) Message-ID: <20030901064037.4D77B27C199@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=423 michael_steffens at hp.com changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #375 is|0 |1 obsolete| | ------- Additional Comments From michael_steffens at hp.com 2003-09-01 16:40 ------- Created an attachment (id=376) --> (http://bugzilla.mindrot.org/attachment.cgi?id=376&action=view) Corrected port of Dan's original session setup patch Sorry, with (attachment #375) I introduced a stupid bug, making the initialization of sshpam_conv conditional (which didn't show up because USE_POSIX_THREADS was not defined). The attached version has this one corrected. When I last tested Dan's proposed modifications on Solaris and Linux, these didn't hickup. Would prefer someone more familiar with these platforms to verify, though. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 1 16:41:18 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 1 Sep 2003 16:41:18 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030901064118.7B91227C19B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 ------- Additional Comments From djm at mindrot.org 2003-09-01 16:41 ------- (From update of attachment 367) Some comments: I think these warnings: >+ [ if test ! -z "$external_path_file" ; then >+ AC_MSG_WARN([Make sure the path to scp is in $external_path_file]) should be added to here: >@@ -2558,8 +2568,8 @@ echo " Askpass program > echo " Manual pages: $F" > echo " PID file: $G" > echo " Privilege separation chroot path: $H" >-if test "$USES_LOGIN_CONF" = "yes" ; then >-echo " At runtime, sshd will use the path defined in /etc/login.conf" >+if test ! -z "$external_path_file"; then >+echo " At runtime, sshd will use the path defined in $external_path_file" so users actually get a chance to read them :) >+static char * >+child_get_env(char **envp, const char *name) >+{ >+ u_int i, namelen; >+ >+ namelen = strlen(name); >+ for (i = 0; envp[i]; i++) { KNF says "envp[i] != NULL" >+ edf_envsize = 10; >+ edf_env = xmalloc(edf_envsize * sizeof(char *)); Nit: I think that: edf_env = xmalloc(edf_envsize * sizeof(*edf_env)); is a generally safer way of allocating arrays. >+ /* >+ * Paranoia check: set at least a standard path >+ * if none is set yet. >+ */ Nit: This isn't a paranoia check, most platforms don't use /e/d/l >+ if (child_get_env(env, "PATH") == NULL) { >+#ifdef SUPERUSER_PATH >+ child_set_env(&env, &envsize, "PATH", >+ s->pw->pw_uid == 0 ? >+ SUPERUSER_PATH : _PATH_STDPATH); >+#else >+ child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); >+#endif /* SUPERUSER_PATH */ >+ } Maybe it would be better to hack defines.h to set SUPERUSER_PATH to _PATH_STDPATH in cases where SUPERUSER_PATH isn't already set. That would allow us to eliminate this #ifdef block entirely. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 1 16:51:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 1 Sep 2003 16:51:08 +1000 (EST) Subject: [Bug 423] Workaround for pw change in privsep mode (3.5.p1) Message-ID: <20030901065108.7A5F427C193@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From djm at mindrot.org 2003-09-01 16:51 ------- (From update of attachment 376) >--- auth-pam.c-orig Tue Aug 26 03:58:16 2003 >+++ auth-pam.c Mon Sep 1 08:04:13 2003 >@@ -199,10 +199,15 @@ > { > struct pam_ctxt *ctxt = ctxtp; > Buffer buffer; >- struct pam_conv sshpam_conv = { sshpam_thread_conv, ctxt }; >+ struct pam_conv sshpam_conv; > #ifndef USE_POSIX_THREADS > const char *pam_user; >+#endif >+ >+ sshpam_conv.conv = sshpam_thread_conv; >+ sshpam_conv.appdata_ptr = ctxt; I don't understand this part of the patch. Why does break the initialisation from the declaration? >+#ifndef USE_POSIX_THREADS I'm not sure which version you are diffing against, but CVS HEAD already has this test. > #if defined(USE_PAM) > if (options.use_pam) { >- do_pam_session(s->pw->pw_name, NULL); > do_pam_setcred(1); > if (is_pam_password_change_required()) > packet_disconnect("Password change required but no " >@@ -561,7 +560,7 @@ > > #if defined(USE_PAM) > if (options.use_pam) { >- do_pam_session(s->pw->pw_name, s->tty); >+ do_pam_set_tty(s->tty); > do_pam_setcred(1); > } > #endif >@@ -1235,6 +1234,7 @@ > */ > if (options.use_pam) > do_pam_setcred(0); >+ do_pam_session(pw->pw_name,NULL); This is missing braces after the "if" statement. I.e if (options.use_pam) { do_pam_setcred(0); do_pam_session(pw->pw_name,NULL); } I agree that do_pam_session makes more sense is setusercontext, but if we split the PAM_TTY setting, then we should remove do_pam_session's second argument entirely. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 1 17:24:45 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 1 Sep 2003 17:24:45 +1000 (EST) Subject: [Bug 423] Workaround for pw change in privsep mode (3.5.p1) Message-ID: <20030901072445.2FC8527C199@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From michael_steffens at hp.com 2003-09-01 17:24 ------- > ------- Additional Comments From djm at mindrot.org 2003-09-01 16:51 ------- > (From update of attachment 376) > >>--- auth-pam.c-orig Tue Aug 26 03:58:16 2003 >>+++ auth-pam.c Mon Sep 1 08:04:13 2003 >>@@ -199,10 +199,15 @@ >>{ >> struct pam_ctxt *ctxt = ctxtp; >> Buffer buffer; >>- struct pam_conv sshpam_conv = { sshpam_thread_conv, ctxt }; >>+ struct pam_conv sshpam_conv; >>#ifndef USE_POSIX_THREADS >> const char *pam_user; >>+#endif >>+ >>+ sshpam_conv.conv = sshpam_thread_conv; >>+ sshpam_conv.appdata_ptr = ctxt; > > > I don't understand this part of the patch. Why does break the initialisation > from the declaration? To be honest, I don't know. Compiler refused it with error 1521: Incorrect initialization. > > >>+#ifndef USE_POSIX_THREADS > > > I'm not sure which version you are diffing against, but CVS HEAD already has > this test. Yes, but I erranously moved initialization inside the #ifndef block when wanting to get it past the declaration of pam_user. Correction was to split the #ifndef, and put the initialization in between. > > > >>#if defined(USE_PAM) >> if (options.use_pam) { >>- do_pam_session(s->pw->pw_name, NULL); >> do_pam_setcred(1); >> if (is_pam_password_change_required()) >> packet_disconnect("Password change required but no " >>@@ -561,7 +560,7 @@ >> >>#if defined(USE_PAM) >> if (options.use_pam) { >>- do_pam_session(s->pw->pw_name, s->tty); >>+ do_pam_set_tty(s->tty); >> do_pam_setcred(1); >> } >>#endif >>@@ -1235,6 +1234,7 @@ >> */ >> if (options.use_pam) >> do_pam_setcred(0); >>+ do_pam_session(pw->pw_name,NULL); > > > This is missing braces after the "if" statement. I.e > > if (options.use_pam) { > do_pam_setcred(0); > do_pam_session(pw->pw_name,NULL); > } Yep, another stupid bug of mine :(. Thanks for catching. (This also didn't show up when testing, because options.use_pam was true, of course.) > > I agree that do_pam_session makes more sense is setusercontext, but if we split > the PAM_TTY setting, then we should remove do_pam_session's second argument > entirely. Also agreed. (I used Dan's original modifications as they were, and these were presumably meant to modify at little as possible. But there is only one invokation of do_pam_session left, not using the second argument.) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 1 17:46:51 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 1 Sep 2003 17:46:51 +1000 (EST) Subject: [Bug 631] Build fails on Redhat Linux 6.x Message-ID: <20030901074651.57FBD27C19B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=631 Summary: Build fails on Redhat Linux 6.x Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P3 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: mdobel at kawo2.rwth-aachen.de I needed this package for a box running Redhat 6.2. So I changed the build6x-define in the specfile from 0 to 1 and tried to build the package. rpm complained about error: failed build dependencies: db1-devel is needed by openssh-3.6.1p1-1 caused by this part of the specfile: %if ! %{build6x} BuildPreReq: glibc-devel, pam %else BuildPreReq: db1-devel, /usr/include/security/pam_appl.h %endif There is no db1 package in Redhat 6.x, db1 was intruduced in 7.x. In Redhat 6.x the contents of db1 are part of the glibc package. It seems like that the condition is the wrong way around. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 1 18:31:45 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 1 Sep 2003 18:31:45 +1000 (EST) Subject: [Bug 423] Workaround for pw change in privsep mode (3.5.p1) Message-ID: <20030901083145.D2E3D27C191@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=423 michael_steffens at hp.com changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #376 is|0 |1 obsolete| | ------- Additional Comments From michael_steffens at hp.com 2003-09-01 18:31 ------- Created an attachment (id=377) --> (http://bugzilla.mindrot.org/attachment.cgi?id=377&action=view) 3rd version port of Dan's original session setup patch Now a version taking djm's correction and suggestion into account. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 2 00:02:23 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 2 Sep 2003 00:02:23 +1000 (EST) Subject: [Bug 632] PAM conversation function does not return when connection is aborted Message-ID: <20030901140223.AC8B527C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=632 Summary: PAM conversation function does not return when connection is aborted Product: Portable OpenSSH Version: 3.6.1p2 Platform: All URL: http://www.cl.cam.ac.uk/~mgk25/otpw.html#opensshbug OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: Markus.Kuhn at cl.cam.ac.uk When a user presses Ctrl-C in ssh while being prompted by the PAM conversation function during a keyboard-interactive authentication, then sshd's conversation function does not return to the PAM library with PAM_CONV_ERR. Instead sshd calls pam_end() directly from inside the conversation function. This is in violation of "The Linux-PAM application developers' guide" (draft 0.73, 2000-12-02), which states in section 3.2.1, page 14 that "should an error occur the application should [...] simply return PAM_CONV_ERR". Why is calling pam_end() directly from within the conversation function causing a problem? Linux-PAM keeps as a debugging aid in its handler variable pamh->caller_is track of whether the calling thread was supposed to come from the application (caller_is=2) or from the PAM module (caller_is=1). (See Linux-PAM-0.75/libpam/pam_private.h for the relevant macros.) The incorrect call of pam_end() from within the conversation function results in an error message by Linux-PAM, because Linux-PAM thinks, based on its pamh->caller_is=1 value, that pam_end() was accidentally called by the module. As a result, pam_end() aborts and none of the PAM data structures are cleaned up properly. In particular, and call-back functions that a PAM module might have registered ro release resources are not called. As a result, PAM modules that create, for example, a lock file before entering the conversation function are not given a chance to release their resources, leading to malfunctions. Another security-critical side effect of this bug is that the memory scrubbing that PAM normally applies carefully to any password buffers never takes place if the ssh connection is aborted. As a result, passwords are more likely to leak out into swap space or core dumps. I discussed this issue with Linux-PAM author Andrew Morgan, and he agreed that this is clearly a bug in the PAM support of OpenSSH. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 2 01:06:59 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 2 Sep 2003 01:06:59 +1000 (EST) Subject: [Bug 423] Workaround for pw change in privsep mode (3.5.p1) Message-ID: <20030901150659.08AB727C191@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From michael_steffens at hp.com 2003-09-02 01:06 ------- Tried to find where the strange password authentication behaviour mentioned in comment #22 comes from, and why plain old password authentication fails in HP-UX trusted mode. Maybe this got me a bit closer to how the new code works. :) Apparently it's falling back to non-PAM authentication for plain old password authentication (the one where the client prompts "user at host's password:"). This fails in trusted mode, because DISABLE_SHADOW is defined for all versions of HP-UX, thus getspnam is not being used to retrieve the real pw hash. Instead the '*' from /etc/passwd is being used. By enabling shadow this can be fixed. I have tried it and it worked. On the other hand, with proto 1, TIS authentication has precedence over password authentication, and it actually works using sshpam_device. PAM happens to generate the challenge "Password:", and succeeds when getting the correct password on the prompt "Response:". In case password via TIS fails (for example because the user was confused by the prompts), traditional password authentication, bypassing PAM, is being tried. Is this correct and the intended order? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 2 06:16:24 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 2 Sep 2003 06:16:24 +1000 (EST) Subject: [Bug 632] PAM conversation function does not return when connection is aborted Message-ID: <20030901201624.E547D27C195@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=632 ------- Additional Comments From markus at openbsd.org 2003-09-02 06:16 ------- Markus, the PAM support has been completely replaced for the upcoming 3.7 release (the current code is from the author of OpenPAM). Could you please try with a recent snapshot from http://www.openssh.com/portable.html ? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 2 12:51:34 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 2 Sep 2003 12:51:34 +1000 (EST) Subject: [Bug 625] Local Port Forwarding does not work in AIX 5.1 or AIX 5.2 Message-ID: <20030902025134.DA9DC27C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=625 tech at rassin.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From tech at rassin.com 2003-09-02 12:51 ------- Compiled with gcc 3.3.1 and local port forwarding worked. Original tests were done with openssh that was compiled with xlc "IBM Visual Age C/C++" and also with the openssh binaries distributed by IBM and bullfreeware. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 2 23:19:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 2 Sep 2003 23:19:40 +1000 (EST) Subject: [Bug 423] Workaround for pw change in privsep mode (3.5.p1) Message-ID: <20030902131940.4C8EF27C198@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=423 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2003-09-02 23:19 ------- very similar patch applied, thanks. Please file a separate bug for the HAVE_SHADOW issue ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 2 23:19:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 2 Sep 2003 23:19:43 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030902131943.252EF27C19F@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 Bug 627 depends on bug 423, which changed state. Bug 423 Summary: Workaround for pw change in privsep mode (3.5.p1) http://bugzilla.mindrot.org/show_bug.cgi?id=423 What |Old Value |New Value ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 2 23:21:23 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 2 Sep 2003 23:21:23 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030902132123.1180B27C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn|608 | ------- Additional Comments From djm at mindrot.org 2003-09-02 23:21 ------- Bug #608 isn't going in for this release ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 2 23:21:38 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 2 Sep 2003 23:21:38 +1000 (EST) Subject: [Bug 608] smartcard: ask for passphrase Message-ID: <20030902132138.8024227C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=608 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|627 | nThis| | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 3 00:39:01 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 3 Sep 2003 00:39:01 +1000 (EST) Subject: [Bug 608] smartcard: ask for passphrase Message-ID: <20030902143901.2083227C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=608 ------- Additional Comments From markus at openbsd.org 2003-09-03 00:38 ------- this has to be delayed for post-3.7 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 3 00:39:58 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 3 Sep 2003 00:39:58 +1000 (EST) Subject: [Bug 423] Workaround for pw change in privsep mode (3.5.p1) Message-ID: <20030902143958.0308927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From michael_steffens at hp.com 2003-09-03 00:39 ------- Hi Damien, thanks for applying! However, this modification only solves the problem of getting session set up at all with privsep in trusted mode, but not yet changing expired passwords. (The one being prerequisite to perform the other.) This fix would rather apply to BUG #419, which is marked resolved/duplicate of BUG #83. However, I'm having no idea whether they are related... Michael ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 3 00:47:54 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 3 Sep 2003 00:47:54 +1000 (EST) Subject: [Bug 423] Workaround for pw change in privsep mode (3.5.p1) Message-ID: <20030902144754.EA9E627C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From Todd.Bowden at atosorigin.com 2003-09-03 00:47 ------- Didnt Patch 162 fix all this? I have OpenSSH 3.5p1 working on a HP-UX 11 trusted system in privelage seperation mode with password aging and it works like a charm. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 3 00:54:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 3 Sep 2003 00:54:42 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030902145442.C1DC727C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 Summary: Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Product: Portable OpenSSH Version: -current Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: michael_steffens at hp.com Hello, with current CVS portable OpenSSH non-PAM password authentication fails with the system running in trusted mode. This does get an issue, because apparently current code does not use PAM for plain old passord authentication. The reason for failure is that password hashes are not being looked up using getspnam, but rather from /etc/passwd even in trusted mode, because DISABLE_SHADOW is being defined by configure for all versions of HP-UX. Michael ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 3 01:03:41 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 3 Sep 2003 01:03:41 +1000 (EST) Subject: [Bug 423] Workaround for pw change in privsep mode (3.5.p1) Message-ID: <20030902150341.AA34127C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From michael_steffens at hp.com 2003-09-03 01:03 ------- It did, besides the additional suid ssh-chauthtok-helper did not get accepted. The more elegant approach should be enabled by new PAM code, but is apparently not active yet. (unless, beat me, I missed something. It didn't work when I tried yesterday.) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 3 12:14:23 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 3 Sep 2003 12:14:23 +1000 (EST) Subject: [Bug 634] scp incompatibility with ssh.com scp Message-ID: <20030903021423.EC17F27C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=634 Summary: scp incompatibility with ssh.com scp Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: scp AssignedTo: openssh-bugs at mindrot.org ReportedBy: wgs3 at po.cwru.edu It is impossible to utilize scp to copy files between a machine running OpenSSH and one running ssh.com's SSHD from the console of the OpenSSH machine. It first attempts to execute SSH1 compatibility, at which point it fails. I believe that this problem is intentional (from ssh.com); however, I am uncertain, and this precludes my use of OpenSSH as I need scp access to ssh.com machines. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 3 19:57:36 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 3 Sep 2003 19:57:36 +1000 (EST) Subject: [Bug 634] scp incompatibility with ssh.com scp Message-ID: <20030903095736.B428927C18E@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=634 ------- Additional Comments From markus at openbsd.org 2003-09-03 19:57 ------- you can use sftp instead, i don't think we will add sftp protocol support to scp soon. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 3 22:35:29 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 3 Sep 2003 22:35:29 +1000 (EST) Subject: [Bug 463] PrintLastLog doesn't work in privsep mode Message-ID: <20030903123529.C98F227C18E@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=463 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |openbsd ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 3 22:40:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 3 Sep 2003 22:40:56 +1000 (EST) Subject: [Bug 413] Port forwarding: [localhost:]localport:remotehost:remoteport Message-ID: <20030903124056.B294027C18E@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=413 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |openbsd, patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 4 13:16:13 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 4 Sep 2003 13:16:13 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030904031613.C34A527C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn|14, 463 | ------- Additional Comments From djm at mindrot.org 2003-09-04 13:16 ------- Unfortunately these aren't going to make this release ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 4 13:16:24 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 4 Sep 2003 13:16:24 +1000 (EST) Subject: [Bug 463] PrintLastLog doesn't work in privsep mode Message-ID: <20030904031624.41B3F27C19F@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=463 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|627 | nThis| | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 4 13:16:29 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 4 Sep 2003 13:16:29 +1000 (EST) Subject: [Bug 14] Can't change expired /etc/shadow password without PAM Message-ID: <20030904031629.0C5ED27C1AA@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=14 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO|627 | nThis| | ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla-daemon at mindrot.org Thu Sep 4 13:54:47 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 4 Sep 2003 13:54:47 +1000 (EST) Subject: [Bug 634] scp incompatibility with ssh.com scp Message-ID: <20030904035447.6012C27C18F@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=634 ------- Additional Comments From djm at mindrot.org 2003-09-04 13:54 ------- ssh.com changed the protocol, but kept the binary name the same. In ssh.com's language: ssh1 scp == scp ssh2 scp == sftp Our sftp works fine with ssh.com ssh2 "scp" and our scp works fine with their ssh1 "scp". OTOH I'd love someone to write a scp-compatible commandline syntax for our sftp. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 4 14:17:15 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 4 Sep 2003 14:17:15 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030904041715.40DB327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 ------- Additional Comments From dtucker at zip.com.au 2003-09-04 14:17 ------- Robert, regarding this comment: "I rewrote some of the old code to gather at least PATH and UMASK." Is the patch you posted written entirely by yourself? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 4 18:14:02 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 4 Sep 2003 18:14:02 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030904081402.F3DA227C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 ------- Additional Comments From Robert.Dahlem at siemens.com 2003-09-04 18:14 ------- Darren, child_get_env() is very similar to the one in sshd.c from ssh-1.2.31 read_etc_default_login() and the other patches were written by me. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 10:21:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 10:21:40 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030905002140.6267627C18D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #367 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-09-05 10:21 ------- Created an attachment (id=378) --> (http://bugzilla.mindrot.org/attachment.cgi?id=378&action=view) Rework based on comments. Updated based on comments (both here and in email). Also deleted and rewrote child_get_env. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 13:24:55 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 13:24:55 +1000 (EST) Subject: [Bug 620] Address bits are backwards when setting up port forwarding on Solaris/intel Message-ID: <20030905032455.6C5B427C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=620 ------- Additional Comments From dtucker at zip.com.au 2003-09-05 13:24 ------- Reminder: we need to know if we can detect this at build time so we can set BROKEN_GETADDRINFO where necessary. Does attachment #359 detect the problem on Solaris/x86? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 13:39:31 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 13:39:31 +1000 (EST) Subject: [Bug 585] sshd core dumping on IRIX 6.5.18 with VerifyReverseMapping enabled Message-ID: <20030905033931.7577327C191@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=585 ------- Additional Comments From dtucker at zip.com.au 2003-09-05 13:39 ------- What's the status of this? At the moment, my understanding is: * a bug exists in getaddrinfo in IRIX 6.5.18 and up * defining BROKEN_GETADDRINFO causes a type clash with gai_strerror * solving the type clash results in an sshd that works OK Should we be defining BROKEN_GETADDRINFO for some IRIXes? If so, which versions, and is there a clean way to solve the type clash? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 13:43:25 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 13:43:25 +1000 (EST) Subject: [Bug 510] corrupted MAC disconnecting Message-ID: <20030905034325.B45B127C18D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=510 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From dtucker at zip.com.au 2003-09-05 13:43 ------- I'm closing this as the cause does not seem to be in OpenSSH. If you can provide some evidence this is due to a fault in OpenSSH, please re-open this bug. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 13:56:55 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 13:56:55 +1000 (EST) Subject: [Bug 345] w (uptime) command still indicates user is logged in after logout Message-ID: <20030905035655.4B51C27C18D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=345 ------- Additional Comments From dtucker at zip.com.au 2003-09-05 13:56 ------- Created an attachment (id=379) --> (http://bugzilla.mindrot.org/attachment.cgi?id=379&action=view) Remove DISABLE_UTMP from HP-UX 10.x Are we going to do something like this? Anyone with HP-UX 10.x experience want to comment? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 13:59:01 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 13:59:01 +1000 (EST) Subject: [Bug 396] sshd orphans processes when no pty allocated Message-ID: <20030905035901.0DD2F27C191@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=396 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |openbsd ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 14:23:58 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 14:23:58 +1000 (EST) Subject: [Bug 458] sshd crashes with "fatal: mm_malloc: size too big" Message-ID: <20030905042358.C448F27C18D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=458 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|IRIX |All Platform|MIPS |All ------- Additional Comments From dtucker at zip.com.au 2003-09-05 14:23 ------- I had to reformat Guido's post to read it: "Same Problem on Solaris 8 Build 32-Bit, gcc 2.95-3 It seems that line 170 in monitor_mm.c is the problem: if (size > SIZE_T_MAX - MM_MINSIZE + 1) fatal("mm_malloc: size too big"); size seems to be a different type (uint32) in defines.h: #ifndef SIZE_T_MAX # define SIZE_T_MAX ULONG_MAX #endif /* SIZE_T_MAX */ #ifndef HAVE_SIZE_T typedef unsigned int size_t; # define HAVE_SIZE_T #endif /* HAVE_SIZE_T */ the line #define SIZE_T_MAX ULONG_MAX should be changed, I tried # define SIZE_T_MAX ((2 << (8 * sizeof(size_t)) - 1) but got an error (also out of bounds :-( The definition of SIZE_T_MAX has to be changed to be in the range of the type of size >From the build log: gcc -O3 -pipe -mcpu=ultrasparc -m32 -I. -I. -I/usr/local/include -I/usr/local/include -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_ SSH_ASKPASS_DEFAULT=\"/usr/local/lib/ssh/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/us r/local/lib/ssh/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/lib/ssh/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/lib/ssh/ssh-rand-helper\" -DHAVE_CONFIG_H -c monitor_mm.c monitor_mm.c: In function `mm_malloc': monitor_mm.c:170: warning: integer overflow in expression monitor_mm.c:170: warning: comparison is always true due to limited range of data type" ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 14:30:32 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 14:30:32 +1000 (EST) Subject: [Bug 458] sshd crashes with "fatal: mm_malloc: size too big" Message-ID: <20030905043032.5881827C18D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=458 ------- Additional Comments From dtucker at zip.com.au 2003-09-05 14:30 ------- Created an attachment (id=380) --> (http://bugzilla.mindrot.org/attachment.cgi?id=380&action=view) Set SIZE_T_MAX to UINT_MAX if we we define size_t ourselves. defines.h is obviously wrong for the case where neither SIZE_T_MAX or size_t are defined; size_t ends up as unsigned int, while SIZE_T_MAX ends up as ULONG max. That works if sizeof(unsigned int) == sizeof(unsigned long). Any objections to this patch? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 14:38:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 14:38:08 +1000 (EST) Subject: [Bug 458] sshd crashes with "fatal: mm_malloc: size too big" Message-ID: <20030905043808.C112527C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=458 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional Comments From dtucker at zip.com.au 2003-09-05 14:38 ------- BTW, the "U" means the constant should be evaluated as an unsigned. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 14:38:11 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 14:38:11 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030905043811.92BF127C193@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |458 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 14:41:16 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 14:41:16 +1000 (EST) Subject: [Bug 458] sshd crashes with "fatal: mm_malloc: size too big" Message-ID: <20030905044116.0BBF727C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=458 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #380 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-09-05 14:41 ------- Created an attachment (id=381) --> (http://bugzilla.mindrot.org/attachment.cgi?id=381&action=view) Set SIZE_T_MAX to UINT_MAX if we we define size_t ourselves. Sorry, mixed patch. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 15:00:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 15:00:56 +1000 (EST) Subject: [Bug 561] Please implement MaxAuthTries Message-ID: <20030905050056.581EE27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=561 ------- Additional Comments From dtucker at zip.com.au 2003-09-05 15:00 ------- Created an attachment (id=382) --> (http://bugzilla.mindrot.org/attachment.cgi?id=382&action=view) Implement MaxAuthTries, patch against OpenBSD. Would something like this be accepted for OpenBSD? If so I'll do the man page for it. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 15:01:16 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 15:01:16 +1000 (EST) Subject: [Bug 561] Please implement MaxAuthTries Message-ID: <20030905050116.1DCD827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=561 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |openbsd, patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 15:32:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 15:32:42 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030905053242.773DC27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 ------- Additional Comments From dtucker at zip.com.au 2003-09-05 15:32 ------- Created an attachment (id=383) --> (http://bugzilla.mindrot.org/attachment.cgi?id=383&action=view) Always check for iscomsec() on HP-UX Does this patch fix the trusted mode issue? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 15:34:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 15:34:14 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030905053414.94FE127C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED Keywords| |patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 15:34:16 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 15:34:16 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030905053416.9913627C191@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |633 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 15:59:19 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 15:59:19 +1000 (EST) Subject: [Bug 620] Address bits are backwards when setting up port forwarding on Solaris/intel Message-ID: <20030905055919.3C73827C195@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=620 ------- Additional Comments From jrhett at isite.net 2003-09-05 15:59 ------- It seems to think so: % gcc -lsocket -o test test.c % ./test Loopback sane Sorry for the delay ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 16:01:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 16:01:56 +1000 (EST) Subject: [Bug 620] Address bits are backwards when setting up port forwarding on Solaris/intel Message-ID: <20030905060156.51F1D27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=620 ------- Additional Comments From jrhett at isite.net 2003-09-05 16:01 ------- Er, it seems to think not. Sorry. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 17:09:04 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 17:09:04 +1000 (EST) Subject: [Bug 345] w (uptime) command still indicates user is logged in after logout Message-ID: <20030905070904.8601627C197@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=345 ------- Additional Comments From Lutz.Jaenicke at aet.TU-Cottbus.DE 2003-09-05 17:09 ------- The change works around the problem on HP-UX 10.20. I have re-checked the latest libc patch (PHCO_26158) and the problem is still around. As HP-UX 10.20 has reached its official "end-of-life" I do not expect the problem to be fixed from HP's side anymore. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 17:40:01 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 17:40:01 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030905074001.E3B8527C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 ------- Additional Comments From michael_steffens at hp.com 2003-09-05 17:40 ------- Attachment #383 doesn't fix it, unless if (spw = getprpwnam(pw->pw_name) != NULL) is replaced by if ((spw = getprpwnam(pw->pw_name)) != NULL) or the "!= NULL" comparison is omitted. However, you might consider delegating pw hash retrieval to getspnam, as this library function will transparently select the correct source also when /etc/shadow shadowing (which has become available as addon product for 11i) is in use. getspnam is available on all versions since at least 10.20. You may then drop all HP-UX specific stuff from function shadow_pw. Function xcrypt will need to pick the correct hashing method (crypt vs. bigcrypt) based on the result of iscomsec(), just the way it does now. No change required on that part. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 18:29:45 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 18:29:45 +1000 (EST) Subject: [Bug 620] Address bits are backwards when setting up port forwarding on Solaris/intel Message-ID: <20030905082945.14AE627C193@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=620 ------- Additional Comments From dtucker at zip.com.au 2003-09-05 18:29 ------- Created an attachment (id=384) --> (http://bugzilla.mindrot.org/attachment.cgi?id=384&action=view) Show htonl() output Maybe the problem is in the htonl() macro? What does the attached program give? On Solaris/SPARC (bigendian) I get: htonl 7f000001 ntohl 7f000001 On an Linux/i386 (little endian) I get: htonl 100007f ntohl 100007f Your Solaris/x86 box should give the same results as Linux, however I suspect it will give the same as the SPARC. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 18:39:20 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 18:39:20 +1000 (EST) Subject: [Bug 620] Address bits are backwards when setting up port forwarding on Solaris/intel Message-ID: <20030905083920.1461027C191@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=620 ------- Additional Comments From jrhett at isite.net 2003-09-05 18:39 ------- Nope, it seems to mirror Linux: % ./test htonl 100007f ntohl 100007f ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 18:47:34 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 18:47:34 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030905084734.9FC1627C191@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 Summary: openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Kerberos support AssignedTo: openssh-bugs at mindrot.org ReportedBy: mmokrejs at natur.cuni.cz I see configure did not manage to realize my heimdal installation does not have libdes. When heimdal detects during build libcrypto installed, it does not build libdes. Second problem is that $ ./configure --prefix=/usr/local --with-tcp-wrappers --with-ssl-dir=/usr/local/openssl --with-prngd-socket=/tmp/entropy --with-default-path=/usr/bin:/bin:/sbin:/usr/local/bin:/usr/local/sbin:/software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/bin/X11:/usr/afs/bin:/usr/athena/bin:/usr/local/openssl/bin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin --with-xauth=/usr/bin/X11/xauth --with-zlib --with-osfsia --with-login=/usr/bin/login --with-privsep --with-kerberos5=/usr/heimdal --with-afs=/usr/afsws [cut] checking whether we are using Heimdal... yes checking for library containing dn_expand... none required checking for gss_init_sec_context in -lgssapi... no checking for gss_init_sec_context in -lgssapi_krb5... no configure: WARNING: Cannot find any suitable gss-api library - build may fail checking for gssapi.h... yes checking for gssapi_krb5.h... no [cut] OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /usr/local/etc Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/sbin:/usr/local/bin:/usr/local/sbin:/software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/bin/X11:/usr/afs/bin:/usr/athena/bin:/usr/local/openssl/bin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin Manpage format: man DNS support: no PAM support: no KerberosV support: yes Smartcard support: no S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Host: alphaev67-dec-osf5.1 Compiler: cc Compiler flags: -O2 -arch ev56 Preprocessor flags: -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/usr/local/openssl/include -I/usr/heimdal/include Linker flags: -L/usr/local/openssl/lib -Lyes -L/usr/heimdal/lib Libraries: -lwrap -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -lkrb5 -ldes -lcom_err -lasn1 -lroken You see, the "Linker flags" contain properly -L/usr/heimdal/lib , that's where libgssapi.a is. The problem is when heimdal is installed with support for openssl, it does not build libdes: configure:14199: checking whether we are using Heimdal configure:14214: cc -c -O2 -arch ev56 -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/usr/local/ openssl/include -I/usr/heimdal/include conftest.c >&5 cc: Warning: configure, line 14207: In the initializer for tmp, the referenced type of the pointer value "heimdal_version" is const, but the referenced type of the target of this assignment is not. (notconstqual) char *tmp = heimdal_version; -------------^ configure:14217: $? = 0 configure:14220: test -s conftest.o configure:14223: $? = 0 configure:14225: result: yes configure:14248: checking for library containing dn_expand configure:14275: cc -o conftest -O2 -arch ev56 -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/u sr/local/openssl/include -I/usr/heimdal/include -L/usr/local/openssl/lib -Lyes -L/usr/heimdal/lib conftest.c -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto >&5 configure:14278: $? = 0 configure:14281: test -s conftest configure:14284: $? = 0 configure:14337: result: none required configure:14344: checking for gss_init_sec_context in -lgssapi configure:14371: cc -o conftest -O2 -arch ev56 -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/u sr/local/openssl/include -I/usr/heimdal/include -L/usr/local/openssl/lib -Lyes -L/usr/heimdal/lib conftest.c -lgssapi -lkrb5 -ldes -lco m_err -lasn1 -lroken -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -l crypto >&5 ld: Can't locate file for: -ldes configure:14374: $? = 1 configure: failed program was: #line 14352 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char gss_init_sec_context (); int main () { gss_init_sec_context (); ; return 0; } configure:14391: result: no configure:14400: checking for gss_init_sec_context in -lgssapi_krb5 configure:14427: cc -o conftest -O2 -arch ev56 -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/u sr/local/openssl/include -I/usr/heimdal/include -L/usr/local/openssl/lib -Lyes -L/usr/heimdal/lib conftest.c -lgssapi_krb5 -lkrb5 -ldes -lcom_err -lasn1 -lroken -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -la ud -lcrypto >&5 ld: Can't locate file for: -lgssapi_krb5 configure:14430: $? = 1 configure: failed program was: #line 14408 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ #ifdef __cplusplus extern "C" #endif /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char gss_init_sec_context (); int main () { gss_init_sec_context (); ; return 0; } configure:14447: result: no configure:14456: WARNING: Cannot find any suitable gss-api library - build may fail configure:14462: checking for gssapi.h configure:14472: cc -E -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/usr/local/openssl/include -I/usr/heimdal/include conftest.c configure:14478: $? = 0 configure:14497: result: yes configure:14561: checking for gssapi_krb5.h configure:14571: cc -E -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/usr/local/openssl/include -I/usr/heimdal/include -I/usr/heimdal/include/gssapi conftest.c cc: Error: configure, line 14568: Cannot find file specified in #include directive. (noinclfile) #include -^ configure:14577: $? = 1 configure: failed program was: #line 14567 "configure" #include "confdefs.h" #include configure:14596: result: no To help you out with what is available and what isn't when latest cvs snapshot of heimdal is installed(with support for openssl, i.e. without libdes.a build): serow# ls /usr/heimdal/include asn1_err.h fnmatch.h hdb_asn1.h krb5-private.h parse_bytes.h sl.h base64.h getarg.h hdb_err.h krb5-protos.h parse_time.h ss com_err.h glob.h heim_err.h krb5-types.h parse_units.h vis.h com_right.h gssapi.h ifaddrs.h krb5.h resolve.h xdbm.h der.h hdb-private.h k524_err.h krb5_asn1.h roken-common.h editline.h hdb-protos.h kadm5 krb5_err.h roken.h err.h hdb.h kafs.h otp.h rtbl.h serow# ls /usr/heimdal/lib lib45.a libeditline.la libkadm5clnt.la libkrb5.la libsl.a libasn1.a libgssapi.a libkadm5srv.a libotp.a libsl.la libasn1.la libgssapi.la libkadm5srv.la libotp.la libss.a libcom_err.a libhdb.a libkafs.a libroken.a libss.la libcom_err.la libhdb.la libkafs.la libroken.la libeditline.a libkadm5clnt.a libkrb5.a libsia_krb5.so serow# ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 18:51:21 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 18:51:21 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030905085121.764B427C193@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 mmokrejs at natur.cuni.cz changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|Linux |OSF/1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 18:59:04 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 18:59:04 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030905085904.E412427C191@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-05 18:59 ------- To be clear about OpenSSL version, that's what openssh/configure says(and I aggree) :): checking OpenSSL header version... 90702f (OpenSSL 0.9.7b 10 Apr 2003) checking OpenSSL library version... 90702f (OpenSSL 0.9.7b 10 Apr 2003) checking whether OpenSSL's headers match the library... yes checking whether OpenSSL's PRNG is internally seeded... yes ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 19:49:02 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 19:49:02 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030905094902.DC7B227C1DA@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #383 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-09-05 19:49 ------- Created an attachment (id=385) --> (http://bugzilla.mindrot.org/attachment.cgi?id=385&action=view) Remove DISABLE_SHADOW for HP-UX 11.x, fix brackets. Not as tidy as I'd like, but does this fix it? Note: You will need to run "autoreconf" to rebuild configure, then re-run configure. Also: I just noticed that xcrypt.c has variable declarations after code within a block, which I think some compilers will choke on. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 19:49:25 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 19:49:25 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030905094925.98AE027C1E7@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-05 19:49 ------- The snapshot can be compiled, when user removed -ldes from config.status and reshuffles libraries on the link commandline: cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-sia.o md5crypt.o -L. -Lopenbsd-compat/ -L/usr/local/openssl/lib -Lyes -L/usr/heimdal/lib -lssh -lopenbsd-compat -lwrap -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -lkrb5 -lcom_err -lasn1 -lroken ld: Unresolved: DES_cbc_cksum DES_cbc_encrypt DES_pcbc_encrypt RAND_write_file RAND_file_name UI_UTIL_read_pw_string make: *** [sshd] Error 1 serow# cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-sia.o md5crypt.o -L. -Lopenbsd-compat/ -L/usr/local/openssl/lib -Lyes -L/usr/heimdal/lib -lssh -lopenbsd-compat -lwrap -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lkrb5 -lcom_err -lasn1 -lroken -lcrypto serow# But, the binaries do even try to use my kerberos5 tickets at all(tested with ssh -v). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 20:11:52 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 20:11:52 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030905101152.8327C27C18D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-05 20:11 ------- Arrgh, - But, the binaries do even try to use my kerberos5 tickets at all(tested with ssh - -v). + But, the binaries do NOT even try to use my kerberos5 tickets at all(tested with + ssh -v). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 5 22:43:44 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 5 Sep 2003 22:43:44 +1000 (EST) Subject: [Bug 585] sshd core dumping on IRIX 6.5.18 with VerifyReverseMapping enabled Message-ID: <20030905124344.4F70227C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=585 ------- Additional Comments From ktaylor at daac.gsfc.nasa.gov 2003-09-05 22:43 ------- Unfortunately at this time I can't confirm that the problem has gone away in the recent version of IRIX (6.5.21), maybe in a few months we'll have an updated machine we can try it on. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 6 00:22:33 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 6 Sep 2003 00:22:33 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030905142233.EE63127C18D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 ------- Additional Comments From michael_steffens at hp.com 2003-09-06 00:22 ------- Created an attachment (id=386) --> (http://bugzilla.mindrot.org/attachment.cgi?id=386&action=view) Move protected pw hash retrieval to getspnam HP-UX trusted mode (as well as shadow mode on 11i, if installed and active) can be served by the very same code as Linux and Solaris are, at the top of function shadow_pw. Attached patch illustrates what I mean. It consists of removed lines only :) I tested it on 10.20, 11.00, and 11.11. The latter one with ShadowPassword installed and activated, and the same sshd binary as used on the 11.00 trusted system. It worked. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 6 00:41:27 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 6 Sep 2003 00:41:27 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030905144127.4F11027C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 ------- Additional Comments From dtucker at zip.com.au 2003-09-06 00:41 ------- I understood what you were getting at, but am wary of breaking things I can't test. Will patch #386 break any currently-working configurations? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 6 01:17:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 6 Sep 2003 01:17:56 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030905151756.AD44027C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 ------- Additional Comments From michael_steffens at hp.com 2003-09-06 01:17 ------- Hmm, how to guarantee this? But I would say, unless other platforms get accidentally recognized as HP-UX by configure, or define the __hpux macro, no platform but HP-UX can be affected by this change. On HP-UX 10.20, 11.00, and 11.11 I have tested it with both trusted and non-trusted mode, plus ShadowPassword on 11.11. The possibility remains that OS patch levels might affect it, but it's virtually impossible to test all possible configuration there... Furthermore, using getspnam for this purpose is in line with its specification, see getspent(3C). Without ShadowPassword installed it states getspent() is only supported on trusted systems. The secured password facility is implemented without the use of the /etc/shadow file. getspent(), getspnam(), setspent(), and endspent() read from the trusted system's protected password database (/tcb/files/auth/*/*) and not /etc/shadow. The file /etc/shadow is not used in any way by the HP-UX login facility. These routines return a null pointer and sets ERRNO to ENOENT if the system has not been converted to trusted system. In all other cases, the return value is set similarly to getprpwent(). See getprpwent(3) for more information. Programs using these routines must be compiled with -lsec. On 11.11 with ShadowPassword installed it says If libsec patch PHCO_27038 or later is not installed, then getspent(), getspnam(), setspent() and endspent() are supported only on trusted systems; getspnam_r() and fgetspent() are not supported. The secured password information is obtained from the Protected Password Database (/tcb/files/auth/*/*). If libsec patch PHCO_27038 or later is installed, then all of these functions are supported on standard systems, shadowed standard systems and trusted systems. The one exception to this is that getspnam_r() is not supported on trusted systems. On a standard system the secured password information is obtained from /etc/passwd. If the system has been converted to a trusted system, then the secured password information is obtained from the Protected Password Database (/tcb/files/auth/*/*). If the system has been converted to use shadow passwords, then the secured password information is obtained from /etc/shadow. See shadow(4). The patch referred to, PHCO_27038, however is part of the ShadowPassword software bundle, thus can be assumed to be present. Isn't this exactly the behaviour we want? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 6 01:21:47 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 6 Sep 2003 01:21:47 +1000 (EST) Subject: [Bug 620] Address bits are backwards when setting up port forwarding on Solaris/intel Message-ID: <20030905152147.7A02027C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=620 jrhett at isite.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID ------- Additional Comments From jrhett at isite.net 2003-09-06 01:21 ------- Bug is not a bug. Problem was tester, not test. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 6 12:01:00 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 6 Sep 2003 12:01:00 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030906020100.5ACD127C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 ------- Additional Comments From dtucker at zip.com.au 2003-09-06 12:00 ------- Anything that defines __hpux that isn't HP-UX deserves whatever it gets. This code was originally put there for a reason, I'm wondering if the reason is still valid now. My guess is that it was to support older trusted-mode boxes (does 10.10 do trusted mode?) or unpatched machines where getspnam doesn't work. Have asked stevesk. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 6 12:51:48 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 6 Sep 2003 12:51:48 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030906025148.9EED327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From dtucker at zip.com.au 2003-09-06 12:51 ------- Created an attachment (id=387) --> (http://bugzilla.mindrot.org/attachment.cgi?id=387&action=view) Move libgen test after dirname test Looked at this again, I think the reason it's not working is libgen has already been detected before the dirname test, and that upsets the delicate logic in that test. Attachment is patch to configure.ac, will attach a rebuilt configure for testing. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 6 12:55:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 6 Sep 2003 12:55:43 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030906025543.4AD4F27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From dtucker at zip.com.au 2003-09-06 12:55 ------- Created an attachment (id=388) --> (http://bugzilla.mindrot.org/attachment.cgi?id=388&action=view) rebuilt gzipped configure To test, please download today's snapshot: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/snapshot/openssh-SNAP-20030905.tar.gz then replace configure with this attachment, then "./configure && make" ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 6 12:56:58 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 6 Sep 2003 12:56:58 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030906025658.B26D927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 6 12:57:02 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 6 Sep 2003 12:57:02 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030906025702.24D5C27C191@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |615 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 6 12:58:49 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 6 Sep 2003 12:58:49 +1000 (EST) Subject: [Bug 558] configure broken_dirname checks not run on Solaris 2.5.1 Message-ID: <20030906025849.1DCA427C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=558 ------- Additional Comments From dtucker at zip.com.au 2003-09-06 12:58 ------- I'm pretty sure this has the same root cause as bug #615. Please try the proposed fix at comments 8 & 9: http://bugzilla.mindrot.org/show_bug.cgi?id=615#c8 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 6 14:35:06 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 6 Sep 2003 14:35:06 +1000 (EST) Subject: [Bug 631] Build fails on Redhat Linux 6.x Message-ID: <20030906043506.718EA27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=631 ------- Additional Comments From dtucker at zip.com.au 2003-09-06 14:35 ------- Created an attachment (id=389) --> (http://bugzilla.mindrot.org/attachment.cgi?id=389&action=view) Add build7x variable. There seems to be some confusion about this. $ cvs log openssh.spec revision 1.109 date: 2002/09/04 07:19:06; author: djm; state: Exp; lines: +1 -1 - (djm) Fix Redhat RPM build dependancy test and from Redhat bug #55105: "If build_6x is defined for building openssh on a 6.x box, it won't build because it claims to need db1-devel. However db1-devel does not exist for 6.x, as it is included in glibc-devel." A quick survey shows db1-devel present *only* in 7.x releases, so no amount of fiddling with build6x is going to get it right for all cases. How about this patch? I'm not fluent in specfile so it might be wrong, but it works on my RH8.0 box. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 8 15:54:29 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 8 Sep 2003 15:54:29 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030908055429.0EB4F27C18F@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From vikashb at comparexafrica.co.za 2003-09-08 15:54 ------- I downloaded the configure (id=388) file as well as the snapshop (20030905). ./configure works fine and config.h does not define HAVE_DIRNAME however, make fails with the following: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. -I/usr/local/ssl/include -Dftruncate=chsize -I/usr/local/include -DHAVE_CONFIG_H -c bsd-arc4random.c In file included from ../includes.h:34, from bsd-arc4random.c:25: /usr/local/lib/gcc-lib/i386-unknown-sco3.2v4.2/2.7.2.3/include/time.h:126: warning: `struct timeb' declared inside parameter list /usr/local/lib/gcc-lib/i386-unknown-sco3.2v4.2/2.7.2.3/include/time.h:126: warning: its scope is only this definition or declaration, /usr/local/lib/gcc-lib/i386-unknown-sco3.2v4.2/2.7.2.3/include/time.h:126: warning: which is probably not what you want. In file included from ../openbsd-compat/openbsd-compat.h:127, from ../includes.h:173, from bsd-arc4random.c:25: ../openbsd-compat/bsd-misc.h:97: parse error before `(' *** Error code 1 *** Error code 1 Not sure if this is related, though it appears that the original problem is solved ( i.e broken dirname is marked as broken ) and an interesting note: The configure script that was part of the snapshot (20030905) also does not define HAVE_DIRNAME and make also fails at: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. -I/usr/local/ssl/include -Dftruncate=chsize -I/usr/local/include -DHAVE_CONFIG_H -c bsd-arc4random.c In file included from ../includes.h:170, from bsd-arc4random.c:25: ../defines.h:146: #error "8 bit int type not found." ../defines.h:158: #error "16 bit int type not found." ../defines.h:167: #error "32 bit int type not found." ../defines.h:183: #error "8 bit int type not found." ../defines.h:195: #error "16 bit int type not found." ../defines.h:204: #error "32 bit int type not found." In file included from ../openbsd-compat/openbsd-compat.h:128, from ../includes.h:173, from bsd-arc4random.c:25: ../openbsd-compat/bsd-waitpid.h:42: warning: `WEXITSTATUS' redefined /usr/include/sys/wait.h:82: warning: this is the location of the previous definition ../openbsd-compat/bsd-waitpid.h:43: warning: `WTERMSIG' redefined /usr/include/sys/wait.h:84: warning: this is the location of the previous definition ../openbsd-compat/bsd-waitpid.h:45: warning: `WCOREDUMP' redefined /usr/include/sys/wait.h:94: warning: this is the location of the previous definition *** Error code 1 *** Error code 1 Not sure if this new problem should be part of this bug, please advise. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 8 16:39:25 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 8 Sep 2003 16:39:25 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030908063925.184BE27C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From dtucker at zip.com.au 2003-09-08 16:39 ------- Created an attachment (id=390) --> (http://bugzilla.mindrot.org/attachment.cgi?id=390&action=view) Updated configure.gz from 3.6.1p2 Let's try to cut down the variables here: there's been a bunch of changes recently in openbsd-compat/. Does the attached configure work with vanilla 3.6.1p2? It has the following lines moved below the broken dirname test: +AC_CHECK_FUNC(getspnam, , AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen")) +AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) +AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME)) Also, which header file defines "struct timeb"? You can try adding a #include for that file immediately before "#include " in includes.h. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 8 17:35:01 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 8 Sep 2003 17:35:01 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030908073501.8AD1227C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From vikashb at comparexafrica.co.za 2003-09-08 17:35 ------- applied configure(id=390) to vanilla 3.6p2 configure is fine, HAVE_DIRNAME not defined in config.log compiled cleanly problem is resolved ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 8 17:53:28 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 8 Sep 2003 17:53:28 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030908075328.F141A27C191@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From vikashb at comparexafrica.co.za 2003-09-08 17:53 ------- the timeb struct is defined in sys/timeb.h ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 8 21:55:17 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 8 Sep 2003 21:55:17 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030908115517.5B20927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From dtucker at zip.com.au 2003-09-08 21:55 ------- The getspnam line was there in 3.5p1 too, so I think it's safe to leave it and the nanosleep line where they are and just move the basename line, which I'll do unless someone objects. What's at time.h line 126, and why does it break with -current but not 3.6.1p2? Is it inside an #ifdef or something? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 8 23:11:38 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 8 Sep 2003 23:11:38 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030908131138.9492027C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From vikashb at comparexafrica.co.za 2003-09-08 23:11 ------- time.h (/usr/include) 125 #if !defined(_XOPEN_SOURCE) && !defined(_POSIX_SOURCE) && !__STDC__ 126 extern void ftime ( struct timeb * ); 127 extern char * nl_cxtime( long *, char * ); 128 extern char * nl_ascxtime( struct tm *, char * ); 129 #endif -current breaks with : #ifndef HAVE_TCSENDBREAK int tcsendbreak(int,int); in "openbsd-compat/bsd-misc.h" line 96 and "openbsd-compat/bsd-misc.c" line 183 I don't understand the problem here, SCO 3.2v4 has tcsendbreak in { int tcsendbreak (fildes, duration) } from config.log: configure:6033: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -Dftruncate=chsize -I/usr/local/include -L/usr/local/lib conftest.c -lintl -lz -lsocket -los -lprot -lx -ltinfo -lm >&5 undefined first referenced symbol in file tcsendbreak /usr/tmp/cca153591.o ld fatal: Symbol referencing errors. No output written to conftest is configure is missing the -lc ? the sco man page for tcsendbreak() states cc . . . -lc I looked at config.h of 3.6p2 and there is no TCSENDBREAK, on -current, HAVE_TCSENDBREAK is undefined in config.h if I define HAVE_TCSENDBREAK then the make stops at gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/include -Dftruncate=chsize -I/usr/local/include -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/etc/ssh\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c ssh-keygen.c In file included from /usr/local/include/sys/time.h:34, from includes.h:34, from ssh-keygen.c:14: /usr/local/lib/gcc-lib/i386-unknown-sco3.2v4.2/2.7.2.3/include/time.h:126: warning: `struct timeb' declared inside parameter list /usr/local/lib/gcc-lib/i386-unknown-sco3.2v4.2/2.7.2.3/include/time.h:126: warning: its scope is only this definition or declaration, /usr/local/lib/gcc-lib/i386-unknown-sco3.2v4.2/2.7.2.3/include/time.h:126: warning: which is probably not what you want. ssh-keygen.c: In function `do_change_comment': ssh-keygen.c:740: warning: implicit declaration of function `fdopen' ssh-keygen.c:740: warning: assignment makes pointer from integer without a cast ssh-keygen.c: In function `main': ssh-keygen.c:798: `PATH_MAX' undeclared (first use this function) ssh-keygen.c:798: (Each undeclared identifier is reported only once ssh-keygen.c:798: for each function it appears in.) ssh-keygen.c:826: warning: implicit declaration of function `gethostname' ssh-keygen.c:1118: warning: assignment makes pointer from integer without a cast ssh-keygen.c:798: warning: unused variable `out_file' *** Error code 1 The above problem is resolved by the following: #diff defines.h.org defines.h 52a53,55 > #ifndef PATH_MAX > # define PATH_MAX 64 > #endif I am not sure if the figure of 64 is safe! I can now get the code to compile and if execute ./sshd -p 5000 -d -d -d all seems well, i have not done a complete test yet, but i can login as root ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 8 23:38:26 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 8 Sep 2003 23:38:26 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030908133826.19B5627C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From dtucker at zip.com.au 2003-09-08 23:38 ------- I think the tcsendbreak is just from a redefinition of it, since it wasn't detected correctly. I dunno about the -lc thing, I thought all C programs would get linked against libc. What happens if you do "./configure --with-ldflags=-lc"? Tim is looking at the PATH_MAX thing. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 9 14:45:37 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 9 Sep 2003 14:45:37 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030909044537.A3B1927C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From vikashb at comparexafrica.co.za 2003-09-09 14:45 ------- executing "./configure --with-ldflags=-lc" does not cause tcsendbreak to be detected. I don't fully understand how the configure script works, thought it seems to me that the is missing from the confdef.h, the config.log shows: configure:5996: checking for tcsendbreak configure:6033: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -Dftruncate=chsize -I/usr/local/include -L/usr/local/lib conftest.c -lintl -lz -lsocket -los -lprot -lx -ltinfo -lm >&5 undefined first referenced symbol in file tcsendbreak /usr/tmp/cca116141.o ld fatal: Symbol referencing errors. No output written to conftest configure:6036: $? = 1 I edited the configure script and added "#include " after line 6006 and the following is revealed from config.log: configure:5996: checking for tcsendbreak configure:6033: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -Dftruncate=chsize -I/usr/local/include -L/usr/local/lib -lc conftest.c -lintl -lz -lsocket -los -lprot -lx -ltinfo -lm >&5 configure:6013: macro `tcsendbreak' used without args configure:6036: $? = 1 okay at this point i am lost, i do not understand enough to take this further. forgive my ignorance ( not really a programmer (yet) ) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 9 15:04:15 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 9 Sep 2003 15:04:15 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030909050415.7547D27C2CC@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From mouring at eviladmin.org 2003-09-09 15:04 ------- >configure:6033: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wno- >uninitialized -Dftruncate=chsize -I/usr/local/include -L/usr/local/lib -lc >conftest.c -lintl -lz -lsocket -los -lprot -lx -ltinfo -lm >&5 >configure:6013: macro `tcsendbreak' used without args This implies to me that tcsendbreak() is not a function call, but is a macro. Check that header you added for tcsendbreak() as a macro. That would seem odd to me.. but ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 9 15:10:34 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 9 Sep 2003 15:10:34 +1000 (EST) Subject: [Bug 558] configure broken_dirname checks not run on Solaris 2.5.1 Message-ID: <20030909051034.5ED8027C19D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=558 ------- Additional Comments From dtucker at zip.com.au 2003-09-09 15:10 ------- Created an attachment (id=391) --> (http://bugzilla.mindrot.org/attachment.cgi?id=391&action=view) Move other libgen tests after dirname test, remove first libgen.h test. I think the attached patch will solve this: it removes the extra libgen.h test and only defines HAVE_LIBGEN_H if HAVE_DIRNAME gets defined. Hopefully this won't break anything else... if it does we'll probably need a "DIRNAME_IS_CONST " test or something. The ChangeLog entry for the previous libgen.h change is: revision 1.107 date: 2003/02/24 01:47:16; author: djm; state: Exp; lines: +3 -3 - (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter I have confirmed that is fixes the problem on Solaris 2.5.1 and that Cygwin still builds after this change. OK? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 9 15:43:26 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 9 Sep 2003 15:43:26 +1000 (EST) Subject: [Bug 558] configure broken_dirname checks not run on Solaris 2.5.1 Message-ID: <20030909054326.2147927C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=558 ------- Additional Comments From alex.kiernan at thus.net 2003-09-09 15:43 ------- The patch is (modulo exchanging the order of the final basename & getspnam checks), identical to what I've been using locally to get the build to work on Solaris 2.5.1. Seems extremely likely that this fixes the problem. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 9 15:45:12 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 9 Sep 2003 15:45:12 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030909054512.2D13A27C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From dtucker at zip.com.au 2003-09-09 15:45 ------- Created an attachment (id=392) --> (http://bugzilla.mindrot.org/attachment.cgi?id=392&action=view) Test for tcsendbreak as a macro (I hope!) Don't worry, you're doing fine. It looks like we need to test for the possibility of tcsendbreak() being a macro. Does AC_CHECK_DECL detect macros? If so, we can do something like the attached. Will attach a rebuilt configure containing this and the libgen change. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 9 16:05:12 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 9 Sep 2003 16:05:12 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030909060512.AA05727C199@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From dtucker at zip.com.au 2003-09-09 16:05 ------- Created an attachment (id=393) --> (http://bugzilla.mindrot.org/attachment.cgi?id=393&action=view) openssh-SNAP-sco.patch.gz: compressed diff against SNAP-20030906 This is a gzipped patch against openssh-SNAP-20030906.tar.gz containing all of the changes since then plus attachments #391 & #392. (It's relatively large but most of the diff is from rebuilding machine-generated files). Please test. BTW, anyone know why the snapshots aren't updating? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 9 16:17:24 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 9 Sep 2003 16:17:24 +1000 (EST) Subject: [Bug 558] configure broken_dirname checks not run on Solaris 2.5.1 Message-ID: <20030909061724.9717727C2D5@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=558 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional Comments From dtucker at zip.com.au 2003-09-09 16:17 ------- Thanks, I'll put this in the queue to be fixed for 3.7. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 9 16:17:28 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 9 Sep 2003 16:17:28 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030909061728.972B927C2E2@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |558 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 9 17:40:50 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 9 Sep 2003 17:40:50 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030909074050.13A4627C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From vikashb at comparexafrica.co.za 2003-09-09 17:40 ------- Applied the patch set (id=393) to openssh-SNAP-20030906 configure worked, HAVE_TCSENDBREAK is defined make fails at : /bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} > scp.1.out; \ fi gawk: fatal: can't open source file "./mdoc2man.awk" for reading (No such file or directory) *** Error code 2 retrieved mdoc2.awk from cvs repo recompiled okay, can login as root however when exiting from shell or remote command results in the session hanging at: debug1: channel 0: obuf empty debug1: channel 0: close_write debug1: channel 0: output drain -> closed part of the problem seems fixed, only the hanging on exit or command completion remains. Thanks, I've learnt a lot. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 9 18:24:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 9 Sep 2003 18:24:56 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030909082456.2014227C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From dtucker at zip.com.au 2003-09-09 18:24 ------- Whoops, forgot about mdoc2man.awk. Is that debug from the server or client? Could you please attach a full server-side debug (eg "sshd -ddd -p 2022")? I can't think of anything that might be causing the sessions to hang, though. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 9 18:34:15 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 9 Sep 2003 18:34:15 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030909083415.660AD27C19A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From vikashb at comparexafrica.co.za 2003-09-09 18:34 ------- Created an attachment (id=394) --> (http://bugzilla.mindrot.org/attachment.cgi?id=394&action=view) Complete cut and paste of ./sshd -p 5000 -d -d -d ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 9 22:36:32 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 9 Sep 2003 22:36:32 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030909123632.A981F27C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-09 22:36 ------- The heimdal developers suggest using krb5-config instead of magic. The fallback to magic in configure might be necessary as the script is not always installed. They say krb5-config exists also in MIT kerberos5 version. mokrejs at vrapenec$ krb5-config --libs gssapi -L/usr/lib -lgssapi -lkrb5 -lasn1 -L/usr/athena/lib -ldes -lroken -lcrypt mokrejs at vrapenec$ ls -la /usr/athena/lib/libdes* -rw-r--r-- 1 root root 90978 Aug 26 02:58 /usr/athena/lib/libdes.a -rwxr-xr-x 1 root root 697 Aug 26 02:58 /usr/athena/lib/libdes.la mokrejs at vrapenec$ mokrejs at vrapenec$ krb5-config --cflags -I/usr/include -I/usr/athena/include mokrejs at vrapenec$ The --cflags gives you the path used when for example kerberos4 support has been compile dinto kerberos5. Therefore, you always have to append include path to find whee kerberos5 is installed(for example /usr/heimdal/include). I believe you can ask heimdal developers for more info. ;) From: Love Cc: heimdal-discuss at sics.se ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 03:46:13 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 03:46:13 +1000 (EST) Subject: [Bug 636] configure.ac patch for unicosmp machine Message-ID: <20030909174613.74D0A27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=636 Summary: configure.ac patch for unicosmp machine Product: Portable OpenSSH Version: -current Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: wendyp at cray.com please add this patch for our new X1 machine. i thought i'd sent it in already, but obviously didn't. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 03:48:01 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 03:48:01 +1000 (EST) Subject: [Bug 636] configure.ac patch for unicosmp machine Message-ID: <20030909174801.CBA9527C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=636 ------- Additional Comments From wendyp at cray.com 2003-09-10 03:48 ------- Created an attachment (id=395) --> (http://bugzilla.mindrot.org/attachment.cgi?id=395&action=view) unicosmp entry ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 10:10:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 10:10:42 +1000 (EST) Subject: [Bug 636] configure.ac patch for unicosmp machine Message-ID: <20030910001042.D879127C37C@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=636 ------- Additional Comments From wendyp at cray.com 2003-09-10 10:10 ------- sorry, i made a slight error. skip the -ldb ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 11:39:54 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 11:39:54 +1000 (EST) Subject: [Bug 636] configure.ac patch for unicosmp machine Message-ID: <20030910013954.ABA4827C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=636 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-10 11:39 ------- Applied, thanks. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 14:24:23 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 14:24:23 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030910042423.B464727C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From dtucker at zip.com.au 2003-09-10 14:24 ------- Created an attachment (id=396) --> (http://bugzilla.mindrot.org/attachment.cgi?id=396&action=view) Try to use krb5-config where available How's the attached patch? So far I've only tested configuring with MIT kerberos but it seems to be OK. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 20:31:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 20:31:42 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030910103142.A8DF427C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-10 20:31 ------- So I tested with heimdal and latest openssh snapshot-10-09-03: checking whether we are using Heimdal... yes checking for library containing dn_expand... none required checking for gss_init_sec_context in -lgssapi... yes checking gssapi.h usability... yes checking gssapi.h presence... yes checking for gssapi.h... yes checking gssapi_krb5.h usability... no checking gssapi_krb5.h presence... no checking for gssapi_krb5.h... no OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /usr/local/etc Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/sbin:/usr/local/bin:/usr/local/sbin:/software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/bin/X11:/usr/afs/bin:/usr/athena/bin:/usr/local/openssl/bin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin Manpage format: man DNS support: no PAM support: no KerberosV support: yes Smartcard support: no S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Host: alphaev67-dec-osf5.1 Compiler: cc Compiler flags: -O2 -arch ev56 Preprocessor flags: -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/usr/local/openssl/include -I/usr/heimdal/include -I/usr/heimdal/include Linker flags: -L/usr/local/openssl/lib -Lyes -L/usr/heimdal/lib Libraries: -lwrap -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -L/usr/heimdal/lib -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib I can compile fine but the produced binaries do not use kerberos: serow# ./ssh -v -l mokrejs serow -p 8888 OpenSSH_3.7p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7b 10 Apr 2003 debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Connecting to serow [146.107.217.72] port 8888. debug1: Connection established. debug1: identity file /.ssh/identity type -1 debug1: identity file /.ssh/id_rsa type -1 debug1: identity file /.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2 debug1: match: OpenSSH_3.6.1p2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.7p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'serow' is known and matches the RSA host key. debug1: Found key in /.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /.ssh/identity debug1: Trying private key: /.ssh/id_rsa debug1: Trying private key: /.ssh/id_dsa debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password mokrejs at serow's password: debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug1: Entering interactive session. Last login: Tue Sep 9 22:47:01 MEST 2003 from sheep1.gsf.de Compaq Tru64 UNIX V5.1A (Rev. 1885); Fri Dec 6 18:07:50 MET 2002 Tru64 UNIX German Support V5.1A (rev. 168) Tru64 UNIX Czech Support V5.1A (rev. 168) Tru64 UNIX Polish Support V5.1A (rev. 168) Tru64 UNIX Russian Support V5.1A (rev. 168) Tru64 UNIX Slovak Support V5.1A (rev. 168) Tru64 UNIX Spanish Support V5.1A (rev. 168) Tru64 UNIX Swedish Support V5.1A (rev. 168) serow$ logout debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 Connection to serow closed. debug1: Transferred: stdin 0, stdout 0, stderr 29 bytes in 2.1 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 13.6 debug1: Exit status 0 serow# ./ssh -v -l mokrejs serow -p 8888 -1 OpenSSH_3.7p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7b 10 Apr 2003 debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Connecting to serow [146.107.217.72] port 8888. debug1: Connection established. debug1: identity file /.ssh/identity type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2 debug1: match: OpenSSH_3.6.1p2 pat OpenSSH* debug1: Local version string SSH-1.5-OpenSSH_3.7p1 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug1: Host 'serow' is known and matches the RSA1 host key. debug1: Found key in /.ssh/known_hosts:13 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Doing challenge response authentication. debug1: No challenge. debug1: Doing password authentication. mokrejs at serow's password: debug1: Requesting pty. debug1: Requesting shell. debug1: Entering interactive session. Last login: Wed Sep 10 12:07:44 MEST 2003 from serow.gsf.de Compaq Tru64 UNIX V5.1A (Rev. 1885); Fri Dec 6 18:07:50 MET 2002 Tru64 UNIX German Support V5.1A (rev. 168) Tru64 UNIX Czech Support V5.1A (rev. 168) Tru64 UNIX Polish Support V5.1A (rev. 168) Tru64 UNIX Russian Support V5.1A (rev. 168) Tru64 UNIX Slovak Support V5.1A (rev. 168) Tru64 UNIX Spanish Support V5.1A (rev. 168) Tru64 UNIX Swedish Support V5.1A (rev. 168) serow$ I remember openssh used to use kerberos only in protocol one, and there used to be a patch from Jan Iven that actually allowed kerberos to be used also in protocol two. It seems those patches have been totally backed out with the removal of krb4. BTW, I see still krb4 in the configure. So, with the above patch, ssh and sshd are created as: cc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o -L. -Lopenbsd-compat/ -L/usr/local/openssl/lib -Lyes -L/usr/heimdal/lib -lssh -lopenbsd-compat -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -L/usr/heimdal/lib -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-sia.o md5crypt.o -L. -Lopenbsd-compat/ -L/usr/local/openssl/lib -Lyes -L/usr/heimdal/lib -lssh -lopenbsd-compat -lwrap -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -L/usr/heimdal/lib -lgssapi -lkrb5 -lasn1 -lcrypto -lroken -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib I remember there have been problems with order of libs which prevented kerberos to be used, also crypt() from libc used to override the one from libcrypto. I believe you can find the reports in email archives of openssh, look for reporters from "natur.cuni.cz". This is how it should look like: mmokrejs at prfdec$ kauth mmokrejs mmokrejs at NATUR.CUNI.CZ's Password: mmokrejs at prfdec$ ssh -v -1 www OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090702f debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Applying options for * debug1: /usr/local/etc/ssh_config line 70: Deprecated option "UseRsh" debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: Connecting to www [195.113.56.1] port 22. debug1: Connection established. debug1: identity file /usr/home3/mmokrejs/.ssh/identity type 0 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2 debug1: match: OpenSSH_3.6.1p2 pat OpenSSH* debug1: Local version string SSH-1.5-OpenSSH_3.6.1p2 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug1: Host 'www' is known and matches the RSA1 host key. debug1: Found key in /usr/home3/mmokrejs/.ssh/known_hosts:25 debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Trying Kerberos v4 authentication. debug1: Kerberos v4 authentication accepted. debug1: Kerberos v4 challenge successful. debug1: Requesting compression at level 9. debug1: Enabling compression at level 9. debug1: Requesting pty. debug1: Requesting X11 forwarding with authentication spoofing. debug1: Requesting shell. debug1: Entering interactive session. Last successful login for mmokrejs: Wed Sep 10 11:10:57 CEST 2003 from sheep1.gsf.de Last unsuccessful login for mmokrejs: Thu Aug 28 08:54:23 CEST 2003 from sheep1.gsf.de Compaq Tru64 UNIX V5.1A (Rev. 1885); Tue Aug 12 21:09:54 CEST 2003 mmokrejs at prfdec$ logout Connection to www closed. debug1: Transferred: stdin 1, stdout 408, stderr 27 bytes in 43.2 seconds debug1: Bytes per second: stdin 0.0, stdout 9.5, stderr 0.6 debug1: Exit status 0 debug1: compress outgoing: raw data 212, compressed 210, factor 0.99 debug1: compress incoming: raw data 440, compressed 348, factor 0.79 mmokrejs at prfdec$ This installation was created by David Komanek ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 20:48:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 20:48:39 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030910104839.E954D27C194@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From vikashb at comparexafrica.co.za 2003-09-10 20:48 ------- The hanging on exit of shell or remote command is only applicable when connecting via ssh2 I've beening attemping to locate the problem, so far it appears to be in serverloop.c { rev 1.110 } It seems to me that the connection_closed (line 783) is not being set. from my understanding, the process_input function should set connection_closed, how do i determine what's stopping this and why ? I messed around abit: server side debug: debug1: Received SIGCHLD. debug2: notify_done: reading debug2: channel 0: read<=0 rfd 10 len 0 debug2: channel 0: read failed debug2: channel 0: close_read debug2: channel 0: input open -> drain debug2: channel 0: read 0 from efd 12 debug2: channel 0: closing read-efd 12 debug3: Vix --> entering process_input debug2: channel 0: ibuf empty debug2: channel 0: send eof debug2: channel 0: input drain -> closed debug3: Vix --> entering process_input code : process_input(fd_set * readset) { int len; char buf[16384]; debug3("Vix --> entering process_input"); /* Read and buffer any input data from the client. */ if (FD_ISSET(connection_in, readset)) { .... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 20:52:24 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 20:52:24 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030910105224.E7FF027C197@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-10 20:52 ------- I tried the patch from http://www.sxw.org.uk/computing/patches/openssh.html with openssh-3.6p1 with same configure commandline: checking whether we are using Heimdal... yes checking for dn_expand in -lresolv... yes checking for gss_init_sec_context in -lgssapi... no checking for gss_init_sec_context in -lgssapi_krb5... no configure: WARNING: Cannot find any suitable gss-api library - build may fail checking gssapi.h usability... yes checking gssapi.h presence... yes checking for gssapi.h... yes checking gssapi_krb5.h usability... no checking gssapi_krb5.h presence... no checking for gssapi_krb5.h... no configure: WARNING: AFS requires Kerberos IV support, build may fail OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /usr/local/etc Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/sbin:/usr/local/bin:/usr/local/sbin:/software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/bin/X11:/usr/afs/bin:/usr/athena/bin:/usr/local/openssl/bin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin Manpage format: man PAM support: no KerberosIV support: no KerberosV support: yes Smartcard support: no AFS support: yes S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Use IPv4 by default hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Host: alphaev67-dec-osf5.1 Compiler: cc Compiler flags: -O2 -arch ev56 Preprocessor flags: -I/usr/local/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/usr/local/openssl/include -I/usr/heimdal/include -I/usr/afsws/include Linker flags: -L/usr/local/openssl/lib -Lyes -L/usr/heimdal/lib -L/usr/afsws/lib Libraries: -lwrap -lkafs -lresolv -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -lkrb5 -ldes -lcom_err -lasn1 -lroken Well, this ecpects kerb5 to be compiled with the fallback to krb4 and with libdes built(i.e. -ldes has to override symbols from lcrypto). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 21:00:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 21:00:43 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030910110043.4A97427C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From dtucker at zip.com.au 2003-09-10 21:00 ------- I've built the current CVS tree with patch id=396 and Heimdal (0.6) and one thing I noticed different: debug3: preferred gssapi,publickey,keyboard-interactive,password What happens if you try "ssh -o PreferredAuthentication=gssapi" ? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 21:02:34 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 21:02:34 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030910110234.1127F27C194@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From vikashb at comparexafrica.co.za 2003-09-10 21:02 ------- some additional info : when using ssh1: server side debug: debug1: Received SIGCHLD. debug3: Vix --> Leaving process_input debug2: notify_done: reading debug3: Vix --> entering process_input debug3: Vix --> Leaving process_input debug1: End of interactive session; stdin 0, stdout (read 295, sent 295), stderr 263 bytes. Disconnecting: wait: No child processes debug1: Calling cleanup 0x25078(0x0) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 21:08:03 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 21:08:03 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030910110803.E100D27C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-10 21:08 ------- $ head ChangeLog 20030909 - (tim) [regress/Makefile] Fixes for building outside of a read-only source tree. 20030908 - (tim) [configure.ac openbsd-compat/getrrsetbyname.c] wrap _getshort and _getlong in #ifndef - (tim) [configure.ac acconfig.h openbsd-compat/getrrsetbyname.c] test for HEADER.ad in arpa/nameser.h - (tim) [ssh-keygen.c] s/PATH_MAX/MAXPATHLEN/ ok mouring@ $ ./ssh -o PreferredAuthentication=gssapi -p 8888 command-line: line 0: Bad configuration option: PreferredAuthentication $ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 21:12:16 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 21:12:16 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030910111216.1EB2227C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From dtucker at zip.com.au 2003-09-10 21:12 ------- Sorry, typo, make that "ssh -o PreferredAuthentications=gssapi" (note trailing "s") ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 10 21:18:12 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 10 Sep 2003 21:18:12 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030910111812.7A5EA27C194@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-10 21:18 ------- No way ... $ ./ssh -o PreferredAuthentications=gssapi -p 8888 Usage: ssh [options] host [command] Options: -l user Log in using this user name. -n Redirect input from /dev/null. -F config Config file (default: ~/.ssh/config). -A Enable authentication agent forwarding. -a Disable authentication agent forwarding (default). -X Enable X11 connection forwarding. -x Disable X11 connection forwarding (default). -i file Identity for public key authentication (default: ~/.ssh/identity) -t Tty; allocate a tty even if command is given. -T Do not allocate a tty. -v Verbose; display verbose debugging messages. Multiple -v increases verbosity. [cut] ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 11 13:18:46 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 11 Sep 2003 13:18:46 +1000 (EST) Subject: [Bug 558] configure broken_dirname checks not run on Solaris 2.5.1 Message-ID: <20030911031846.7098327C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=558 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #391| |ok Status| | ------- Additional Comments From djm at mindrot.org 2003-09-11 13:18 ------- (From update of attachment 391) Looks fine to me ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 11 14:45:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 11 Sep 2003 14:45:08 +1000 (EST) Subject: [Bug 558] configure broken_dirname checks not run on Solaris 2.5.1 Message-ID: <20030911044508.3E47627C195@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=558 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-11 14:45 ------- Fixed, thanks. 20030911 - (dtucker) [configure.ac] Bug #588, #615: Move other libgen tests to after the dirname test, to allow a broken dirname to be detected correctly. Based partially on patch supplied by alex.kiernan at thus.net. ok djm@ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 11 14:45:11 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 11 Sep 2003 14:45:11 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030911044511.8458727C1A2@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 Bug 627 depends on bug 558, which changed state. Bug 558 Summary: configure broken_dirname checks not run on Solaris 2.5.1 http://bugzilla.mindrot.org/show_bug.cgi?id=558 What |Old Value |New Value ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 12 19:03:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 12 Sep 2003 19:03:40 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030912090340.C01E427C227@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From dtucker at zip.com.au 2003-09-12 19:03 ------- Could you please elaborate on "No way.."? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 12 19:20:17 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 12 Sep 2003 19:20:17 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030912092017.A027927C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 ------- Additional Comments From dtucker at zip.com.au 2003-09-12 19:20 ------- The fix for the original problem has been committed, the current snapshots should work without changes. 20030911 - (dtucker) [configure.ac] Bug #588, #615: Move other libgen tests to after the dirname test, to allow a broken dirname to be detected correctly. Based partially on patch supplied by alex.kiernan at thus.net. ok djm@ I don't know about the session hang problem. If I had to guess I'd say it was something stopping the pty from closing. You can see when the variable changes by using GDB and setting a "watchpoint". You'll get a break whenever something touches the variable. I've only ever done that once and it was really slow, and if you're debugging sshd you'll probably want to put UsePrivilegeSeparation=no into sshd's args. If we can't resolve this quickly, I'm going to ask you to close this bug and open a new one since the original problem (and the one after that!) has been solved. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 12 19:37:27 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 12 Sep 2003 19:37:27 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030912093727.329C227C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From markus at openbsd.org 2003-09-12 19:37 ------- $ ./ssh -o PreferredAuthentications=gssapi -p 8888 Usage: ssh [options] host [command] ^^^^^ the command line is missing the hostname. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 12 19:45:32 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 12 Sep 2003 19:45:32 +1000 (EST) Subject: [Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) Message-ID: <20030912094532.6CAD427C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=615 vikashb at comparexafrica.co.za changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From vikashb at comparexafrica.co.za 2003-09-12 19:45 ------- I am not familiar with gdb, will probably have to install it first. Any pointers ? I'll close this bug and log another ( after I learn about gbd ) Thanks ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 12 19:45:35 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 12 Sep 2003 19:45:35 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030912094535.A97BC27C18F@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 Bug 627 depends on bug 615, which changed state. Bug 615 Summary: OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen) http://bugzilla.mindrot.org/show_bug.cgi?id=615 What |Old Value |New Value ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 13 07:59:09 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 13 Sep 2003 07:59:09 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030912215909.840BE27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 Summary: ssh records that the user has logged out even though an sftp session is active Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: All Status: NEW Severity: security Priority: P1 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: micah at cs.swt.edu problem: whenever you startup a ssh session with a graphical ssh client, fork a sftp session, and exit the ssh session the wtmp log indicates the user has logged out even though they still have an open sftp session. reproducibility: always workaround: startup a sftp session first, then fork a ssh session. I believe this bug is related to "session_destroy_all(NULL);" in "server_loop2(Authctxt *authctxt)" from "serverloop.c". it appears that the sftp session is being closed in the wtmp log whenever the parent ssh process exits. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 13 08:59:41 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 13 Sep 2003 08:59:41 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030912225941.75FE027C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 ------- Additional Comments From mouring at eviladmin.org 2003-09-13 08:59 ------- sftp sessions are never creates a 'wtmp'. So I don't see this as really a bug. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 13 10:44:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 13 Sep 2003 10:44:14 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030913004414.29D2D27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 ------- Additional Comments From micah at cs.swt.edu 2003-09-13 10:44 ------- so if the user is actively using an sftp session they aren't logged on? all of the major ftp servers seem to disagree with your stance as they DO log to the wtmp log whenever a user begins and ends an ftp session. therefore, the sftp server needs to log user logons/logoffs to the wtmp log. if yo u don't, the wtmp log will not be accurate and some insitutions, such as universities, need accurate logs of who is using the system at all times. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 13 10:54:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 13 Sep 2003 10:54:08 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030913005408.B9E1C27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 ------- Additional Comments From dtucker at zip.com.au 2003-09-13 10:54 ------- What's the verdict on patch #378? Should it make 3.7? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 13 15:24:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 13 Sep 2003 15:24:56 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030913052456.61C7627C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 mouring at eviladmin.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From mouring at eviladmin.org 2003-09-13 15:24 ------- > [..] major ftp servers seem to disagree [..] Who said sshd was a ftp server? Ignoring the fact this 'feature' was added about four/five years ago. Against a lot of people's believes that it was an abuse of the wtmp file. Besides, there is no clear way of saying "this is an sftp" session. Tagging all subsystems as a 'must have wtmp' is wrong since subsystems is a generic concept. And you can always do 'sftp -1 localhost' under OpenSSH which skips the subsystem since SSH v1 protocol does not support it. try: ssh localhost /bin/ksh or scp file localhost:/tmp or ssh localhost 'cat /my/file' > file none of them create wtmp entry. Try the rsh versions and you'll see they the same behavior. - Ben ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 13 17:04:48 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 13 Sep 2003 17:04:48 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030913070448.1A47D27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 micah at cs.swt.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From micah at cs.swt.edu 2003-09-13 17:04 ------- > Besides, there is no clear way of saying "this is an sftp" session. couldn't ssh just write to the wtmp log whenever sftp-server starts and exits respectively? > Tagging all subsystems as a 'must have wtmp' is wrong since subsystems is a generic concept. the generic nature of subsystems like shells, etc is irrelevant, IMHO. sshd forks for every user session and doesn't exist until the command, shell, etc has exited. so here is a typical senario: 1.) sshd recieves a connection and authenicates the user 2.) sshd forks to handle the user's session 3.) the child(sshd) writes to the wtmp log that the user has logged on 4.) the child(sshd) executes a command or subsystem(if any) and waits on the child 5.) the command or subsystem process exits 6.) the child(sshd) recieves the exit status and writes to the wtmp log that user has logged off 6.) the child(sshd) exits apparantly, you believe that logging user sessions to the wtmp log is abuse? I consider it nothing less than mandatory. consider this situation: a university student executes "ssh user at host /bin/ksh" and does something malign to the system intentionally or unintentially. it would help tremedously if the wtmp log reflected who actually logged on during that period. basically, openssh provides several loopholes around proper user session logging through subsystems and I find this to be a huge security risk. I've spoken with a couple of sysadmins at neighboring universities and they have the same problem/concerns. I'm just the first one to speak up about it. don't get me wrong, I love what you guys are doing with openssh but this is a serious issue. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sun Sep 14 01:36:23 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sun, 14 Sep 2003 01:36:23 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030913153623.CA26627C1B9@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID ------- Additional Comments From markus at openbsd.org 2003-09-14 01:36 ------- wtmp is not for logins, it's for ttys. using it for sftp is an abuse and causes portability nightmares. we could abuse wtmp, but not now. apart from that only rlogin causes wtmp entries, rsh does not. sshd tried to emulate this from the beginning. now every ssh host ls would create a wtmp entry, same about cvs over ssh. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sun Sep 14 01:37:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sun, 14 Sep 2003 01:37:08 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030913153708.007D827C764@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|security |enhancement ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sun Sep 14 01:39:10 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sun, 14 Sep 2003 01:39:10 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030913153910.D4BEF27C345@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sun Sep 14 01:39:34 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sun, 14 Sep 2003 01:39:34 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030913153934.7076C27C359@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |LATER ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sun Sep 14 04:39:03 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sun, 14 Sep 2003 04:39:03 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030913183903.A9D1827C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 ------- Additional Comments From micah at cs.swt.edu 2003-09-14 04:39 ------- > wtmp is not for logins, it's for ttys. from UTMP(5) man page: "The file declares the structures used to record information about current users in the file utmp, logins and logouts in the file wtmp, and last logins in the file lastlog." furthermore: "Next, the login program opens the file wtmp, and appends the user's utmp record. The same utmp record, with an updated time stamp is later ap- pended to the wtmp file when the user logs out (see init(8))." an empty tty can be included in the log for that user. > using it for sftp is an abuse and causes portability nightmares. correct me if I'm wrong, but you already have "ssh_login.c", etc so the portable wtmp logging code has been there for a while. it's simply a matter of incorporating the existing functionality in the write place i.e. whenever a subsystem is called. as it stands, ssh provides an insecure login method where a user can go undetected by exploiting the subsystem and thus rendering commands such as 'who' and 'last' useless... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sun Sep 14 20:56:13 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sun, 14 Sep 2003 20:56:13 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030914105613.2F40027C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 ------- Additional Comments From markus at openbsd.org 2003-09-14 20:56 ------- correct me if i'm wrong, but wtmp is about 'lines' i.e. ttys and not arbitrary remote command execution. traditionally, in rlogind/rshd/sshd, _login_ refers to login sessions involving terminals. and as i said, no it's not a bug, its intentional in sshd for about 8 years, but, as i said before we might consider changing this. but having all remote command executions in wtmp is a huge change that should not be made without considering all kinds of side effects. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sun Sep 14 21:19:33 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sun, 14 Sep 2003 21:19:33 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030914111933.7D6CC27C1A1@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 ------- Additional Comments From markus at openbsd.org 2003-09-14 21:19 ------- tility functions SYNOPSIS #include #include void login(struct utmp *ut); int logout(const char *line); void logwtmp(const char *line, const char *name, const char *host); DESCRIPTION The login(), logout(), and logwtmp() functions operate on the database of current users in /var/run/utmp and on the logfile /var/log/wtmp of logins and logouts. The login() function updates the /var/run/utmp and /var/log/wtmp files with user information contained in ut. The logout() function removes the entry from /var/run/utmp corresponding to the device line. The logwtmp() function adds an entry to /var/log/wtmp. Since login() will add the appropriate entry for /var/log/wtmp during a login, logwtmp() is usually used for logouts. RETURN VALUES logout() returns non-zero if it was able to find and delete an entry for line, and zero if there is no entry for line in /var/run/utmp. XXX, need unique ttyline ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sun Sep 14 21:21:01 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sun, 14 Sep 2003 21:21:01 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030914112101.D7C5027C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 ------- Additional Comments From markus at openbsd.org 2003-09-14 21:21 ------- XXX adding wtmp logging to subsystems only will lead to a false sense of so called security since sftp will not be logged for sftp -s /usr/libexec/sftp-server server ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sun Sep 14 21:22:21 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sun, 14 Sep 2003 21:22:21 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030914112221.CBA0027C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|LATER | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 15 05:42:17 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 15 Sep 2003 05:42:17 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030914194217.CF45627C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 ------- Additional Comments From micah at cs.swt.edu 2003-09-15 05:42 ------- I looked at creating a patch for the current version, but I ran into problems with "privilege separation" i.e. setuid(). I noticed that you fork several times to handle a user logons, especially using privilege separation, which makes it bit more confusing. the change is located in "session.c" where you have two functions to handle the user: void do_exec_pty(Session *s, const char *command) void do_exec_no_pty(Session *s, const char *command) and the only difference is "do_exec_pty" calls "do_login" which calls "record_login" in "sshlogin.c" because "do_exec_pty" handles shell invocations. the logon(writing to the wtmp file) only occurs if privilege separation is not used so it's a bit confusing. so the obvious fix to the nieve developer, me, is to add "do_login" to the "do_exec_no_pty" function to handle all subsystem invocations but this doesn't work if privilege separation is used because the executing process is running as the user who was authenticated and not root. any ideas? FYI, executing "sftp -s /usr/libexec/sftp-server " goes through "do_exec_no_pty" just like all subsystem commands so it would be logged too... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 15 09:29:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 15 Sep 2003 09:29:08 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030914232908.A782B27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 ------- Additional Comments From djm at mindrot.org 2003-09-15 09:29 ------- (From update of attachment 378) >+ if (*envp == NULL && *envsizep == 0) { >+ *envp = xmalloc(sizeof(char *)); >+ *envp[0] = NULL; >+ *envsizep = 1; >+ } >+ An expanatory comment here would be good. >+char * >+child_get_env(char **env, const char *name) >+{ >+ int i; >+ size_t len; >+ >+ len = strlen(name); >+ for (i=0; env[i] != NULL; i++) >+ if (env[i][len] == '=' && strncmp(name, env[i], len) == 0) >+ return(env[i] + len + 1); I think the order of this test should be reversed. env[i][len] may be past the end of the environment string if name is long (e.g. name = "blahblahblah", env[i] = "a=b"). Otherwise OK ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 15 12:13:46 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 15 Sep 2003 12:13:46 +1000 (EST) Subject: [Bug 83] PAM limits applied incorrectly (pam_session being called as non-root) Message-ID: <20030915021346.344BD27C191@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=83 ------- Additional Comments From dtucker at zip.com.au 2003-09-15 12:13 ------- Hey, isn't this fixed in -current? do_pam_session is now called before permanently_set_uid. Could you please try a snapshot? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 15 15:49:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 15 Sep 2003 15:49:43 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030915054943.9BE4627C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #378 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-09-15 15:49 ------- Created an attachment (id=397) --> (http://bugzilla.mindrot.org/attachment.cgi?id=397&action=view) Fix bugs found in testing Last-minute testing found a couple of (my) nasty bugs: * if PATH wasn't defined in /etc/default/login, no path was set due to an unintentionally inverted test in a configure test. * on platforms without /e/d/l, child_get_env was being called, even though it was #ifdef'ed out. I'm tempted to re-enable the part in configure that adds /usr/local/bin (for scp) to USER_PATH on platforms with /e/d/l. I think --with-user-path should still be able to be set at build time, but be overridden if PATH (or SUPATH) is set in /e/d/l. Comments? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 15 16:18:16 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 15 Sep 2003 16:18:16 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030915061816.C6D3B27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 ------- Additional Comments From djm at mindrot.org 2003-09-15 16:18 ------- (From update of attachment 397) >+ /* If we're passed an uninitialized list, allocate a single null >+ * entry before continuing */ Nit - this comment is not KNF. As to whether or not we should automatically add $SCP_PATH to the $PATH set by the server - I don't think we should mess with a path explicitly set in a configuration file. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 15 16:33:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 15 Sep 2003 16:33:39 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030915063339.1042927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 ------- Additional Comments From dtucker at zip.com.au 2003-09-15 16:33 ------- Oops. Comment fixed. I'm not proposing changing the PATH if it's set in the config file, only to the compiled-in PATH (which is either the default or as specified --with-user-path). Put another way: I propose maintaining the existing behaviour unless overridden by PATH specified in /etc/default/login (ie, rule of least surprise). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 15 18:09:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 15 Sep 2003 18:09:43 +1000 (EST) Subject: [Bug 637] ssh records that the user has logged out even though an sftp session is active Message-ID: <20030915080943.E330127C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=637 ------- Additional Comments From markus at openbsd.org 2003-09-15 18:09 ------- the unprivileged process, needs to tell the monitor that it executes a command. this requires a new privsep message. but as is said before: having all remote command executions in wtmp is a huge change that should not be made without considering all kinds of side effects. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 15 19:10:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 15 Sep 2003 19:10:43 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030915091043.BA60C27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 ------- Additional Comments From dtucker at zip.com.au 2003-09-15 19:10 ------- Created an attachment (id=398) --> (http://bugzilla.mindrot.org/attachment.cgi?id=398&action=view) Preserve existing add-path-to-scp behaviour Existing compile-time behaviour is: Use path specified by --with-default-path else use default path, adding scp path if necessary. This patch (hopefully!) keeps exactly the same behaviour, except that the path from /etc/default/login will be used at run time if it's set. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 15 22:17:09 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 15 Sep 2003 22:17:09 +1000 (EST) Subject: [Bug 638] scp: wrong exit status Message-ID: <20030915121709.B9B5B27C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=638 Summary: scp: wrong exit status Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: scp AssignedTo: openssh-bugs at mindrot.org ReportedBy: koenig at science-computing.de Hi OpenSSH, at least both openssh 3.5p1 and 3.6p1 give the wrong exit status 0 (zero) for "scp", if both source and destination are "remote" and some error happens (e.g. disk full): turtle tmp > scp /tmp/BIG1 /tmp/BIG2 ; echo $? cp: writing `/tmp/BIG2': No space left on device 1 turtle tmp > scp /tmp/BIG1 turtle:/tmp/BIG2 ; echo $? BIG1 100% |*****************************| 10601 KB 00:01 scp: /tmp/BIG2: No space left on device 1 turtle tmp > scp turtle:/tmp/BIG1 /tmp/BIG2 ; echo $? BIG1 100% |*****************************| 10601 KB 00:01 /tmp/BIG2: No space left on device 1 turtle tmp > scp turtle:/tmp/BIG1 turtle:/tmp/BIG2 ; echo $? scp: /tmp/BIG2: No space left on device ==> 0 turtle tmp > ssh -V OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090605f this is running on SuSE Linux 7.2. openssh binaries have been compiled myself on a RedHat 7.1 system using gcc-2.95.3 (built myself too). Harald Koenig ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 02:19:20 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 02:19:20 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030915161920.0C40827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-16 02:19 ------- It seems my response did not make it into bugzilla .... :( Here's the output from the binary made on Sep 10. # ./ssh -o PreferredAuthentications=gssapi -p 8888 -v -v -v 127.0.0.1 OpenSSH_3.7p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7b 10 Apr 2003 debug1: Reading configuration data /usr/local/etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to 127.0.0.1 [127.0.0.1] port 8888. debug1: Connection established. debug1: identity file /.ssh/identity type -1 debug1: identity file /.ssh/id_rsa type -1 debug1: identity file /.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7p1 debug1: match: OpenSSH_3.7p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.7p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 119/256 debug2: bits set: 1625/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /.ssh/known_hosts debug3: check_host_in_hostfile: match line 15 debug1: Host '127.0.0.1' is known and matches the RSA host key. debug1: Found key in /.ssh/known_hosts:15 debug2: bits set: 1574/3191 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /.ssh/identity (0) debug2: key: /.ssh/id_rsa (0) debug2: key: /.ssh/id_dsa (0) debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred gssapi debug1: No more authentication methods to try. Permission denied (publickey,password,keyboard-interactive). debug1: Calling cleanup 0x12006fab0(0x0) # ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 05:46:33 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 05:46:33 +1000 (EST) Subject: [Bug 638] scp: wrong exit status Message-ID: <20030915194633.2E7C127C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=638 ------- Additional Comments From markus at openbsd.org 2003-09-16 05:46 ------- Created an attachment (id=399) --> (http://bugzilla.mindrot.org/attachment.cgi?id=399&action=view) check system return code. could you please try this? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 08:22:51 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 08:22:51 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030915222251.98E1C27C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 ------- Additional Comments From djm at mindrot.org 2003-09-16 08:22 ------- Does this latest patch add the path to scp to an explicitly specified $PATH (--with-default-path)? If it doesn't, OK :) Also, do we need the prototypes in session.h? The don't seem to be used outside the file. I suggest making the functions "static". ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 11:07:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 11:07:08 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030916010708.84B7727C311@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 ------- Additional Comments From dtucker at zip.com.au 2003-09-16 11:07 ------- With patch id=398, if the user specifies the path (either --with-default path or in /etc/default/login) they get exactly what they specify, regardless of where scp is. (In comment #14 I assumed that scp's path was also added to --with-default-path, however that was not correct.) I'll "static" those functions and commit it. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 11:41:44 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 11:41:44 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030916014144.DDDF127C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From dtucker at zip.com.au 2003-09-16 11:41 ------- This bit from the debug "debug1: Authentications that can continue: publickey,password,keyboard-interactive", looks like GSSAPI is not enabled on the server side. Do you have "GSSAPIAuthentication yes" in the server's config? It defaults to "no". >From "make sshd_config": GSSAPIAuthentication Specifies whether user authentication based on GSSAPI is allowed. The default is ``no''. Note that this option applies to protocol version 2 only. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 11:53:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 11:53:39 +1000 (EST) Subject: [Bug 252] Patch for use of /etc/default/login Message-ID: <20030916015339.DBDCD27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=252 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-16 11:53 ------- Patch applied, thanks. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 11:53:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 11:53:42 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030916015342.673F727C18D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 Bug 627 depends on bug 252, which changed state. Bug 252 Summary: Patch for use of /etc/default/login http://bugzilla.mindrot.org/show_bug.cgi?id=252 What |Old Value |New Value ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 18:26:04 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 18:26:04 +1000 (EST) Subject: [Bug 639] scp: wrong exit status Message-ID: <20030916082604.9062027C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=639 Summary: scp: wrong exit status Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: scp AssignedTo: openssh-bugs at mindrot.org ReportedBy: koenig at science-computing.de Hi OpenSSH, at least both openssh 3.5p1 and 3.6p1 give the wrong exit status 0 (zero) for "scp", if both source and destination are "remote" and some error happens (e.g. disk full): turtle tmp > scp /tmp/BIG1 /tmp/BIG2 ; echo $? cp: writing `/tmp/BIG2': No space left on device 1 turtle tmp > scp /tmp/BIG1 turtle:/tmp/BIG2 ; echo $? BIG1 100% |*****************************| 10601 KB 00:01 scp: /tmp/BIG2: No space left on device 1 turtle tmp > scp turtle:/tmp/BIG1 /tmp/BIG2 ; echo $? BIG1 100% |*****************************| 10601 KB 00:01 /tmp/BIG2: No space left on device 1 turtle tmp > scp turtle:/tmp/BIG1 turtle:/tmp/BIG2 ; echo $? scp: /tmp/BIG2: No space left on device ==> 0 turtle tmp > ssh -V OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090605f this is running on SuSE Linux 7.2. openssh binaries have been compiled myself on a RedHat 7.1 system using gcc-2.95.3 (built myself too). Harald Koenig ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 18:30:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 18:30:14 +1000 (EST) Subject: [Bug 639] scp: wrong exit status Message-ID: <20030916083014.A444627C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=639 koenig at science-computing.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From koenig at science-computing.de 2003-09-16 18:30 ------- sorry for the duplicate report of bug #638 *** This bug has been marked as a duplicate of 638 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 18:30:20 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 18:30:20 +1000 (EST) Subject: [Bug 638] scp: wrong exit status Message-ID: <20030916083020.0A49127C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=638 ------- Additional Comments From koenig at science-computing.de 2003-09-16 18:30 ------- *** Bug 639 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 19:03:46 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 19:03:46 +1000 (EST) Subject: [Bug 638] scp: wrong exit status Message-ID: <20030916090346.655AD27C193@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=638 koenig at science-computing.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From koenig at science-computing.de 2003-09-16 19:03 ------- Hi Markus, I've tested your patch with 3.5p1 and it works for our actual test case and current problem. thanks for the quick fix !! Harald. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 19:13:48 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 19:13:48 +1000 (EST) Subject: [Bug 638] scp: wrong exit status Message-ID: <20030916091348.168BC27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=638 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Additional Comments From djm at mindrot.org 2003-09-16 19:13 ------- It is not fixed until the fix is in the tree. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 19:33:13 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 19:33:13 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030916093313.0DDA727C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-16 19:33 ------- I decided to reinstall heimdal and openssh again, both with latest snapshots. With openssh-SNAP-20030916.tar.gz I see: $ ./configure --prefix=/usr/local --with-tcp-wrappers --with-ssl-dir=/software/@sys/usr/openssl --with-prngd-socket=/var/run/egd-pool --with-default-path=/software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/afs/bin:/software/@sys/usr/openssl/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/sbin:/usr/sbin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin --with-xauth=/usr/bin/X11/xauth --with-zlib --with-osfsia --with-login=/usr/bin/login --with-privsep --with-afs=/usr/afsws --with-kerberos5=/usr/heimdal $make [...] $ cc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o -L. -Lopenbsd-compat/ -L/software/@sys/usr/openssl/lib -Lyes -L/usr/heimdal/lib -lssh -lopenbsd-compat -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -lkrb5 -ldes -lcom_err -lasn1 -lroken ld: Can't locate file for: -ldes make: *** [ssh] Error 1 $ cc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o -L. -Lopenbsd-compat/ -L/software/@sys/usr/openssl/lib -Lyes -L/usr/heimdal/lib -lssh -lopenbsd-compat -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -lkrb5 -lcom_err -lasn1 -lroken $ So I see configure still tries to guess which libraries are needed for KerberosV. sshd has to be linked with -lcrypto as the very last, not like currently set: cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-sia.o md5crypt.o -L. -Lopenbsd-compat/ -L/software/@sys/usr/openssl/lib -Lyes -L/usr/heimdal/lib -lssh -lopenbsd-compat -lwrap -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -lkrb5 -lcom_err -lasn1 -lroken ld: Unresolved: DES_cbc_cksum DES_cbc_encrypt DES_pcbc_encrypt RAND_write_file RAND_file_name UI_UTIL_read_pw_string make: *** [sshd] Error 1 Running "make test" gives: ssh-keygen -if /usr/local/scratch/openssh/regress/dsa_ssh2.pub > /usr/local/scratch/openssh/regress//t6.out2 chmod 600 /usr/local/scratch/openssh/regress//t6.out1 ssh-keygen -yf /usr/local/scratch/openssh/regress//t6.out1 | diff - /usr/local/scratch/openssh/regress//t6.out2 ssh-keygen -q -t rsa -N '' -f /usr/local/scratch/openssh/regress//t7.out ssh-keygen -lf /usr/local/scratch/openssh/regress//t7.out > /dev/null ssh-keygen -Bf /usr/local/scratch/openssh/regress//t7.out > /dev/null run test connect.sh ... Connection closed by 127.0.0.1 ssh connect with protocol 1 failed Connection closed by 127.0.0.1 ssh connect with protocol 2 failed failed simple connect make[1]: *** [t-exec] Error 1 make[1]: Leaving directory `/usr/local/scratch/openssh/regress' make: *** [tests] Error 2 I've deleted ssh*config files and edited those newly installed version again. Could you please improve the comments in shhd_config template so that it clear that "Kerberos options" refer to kerberosIV only and that "GSSAPI options" refers only to kerberosV? ;) # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCreds yes And, I tried to start sshd but get: # ./sshd -p 8888 /usr/local/etc/sshd_config line 66: Unsupported option GSSAPIAuthentication /usr/local/etc/sshd_config line 67: Unsupported option GSSAPICleanupCreds # ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 19:39:21 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 19:39:21 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030916093921.F24E727C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-16 19:39 ------- I forgt to include how openssh-SNAP-20030916 got configured checking whether we are using Heimdal... yes checking for library containing dn_expand... none required checking for gss_init_sec_context in -lgssapi... no checking for gss_init_sec_context in -lgssapi_krb5... no configure: WARNING: Cannot find any suitable gss-api library - build may fail checking for gssapi.h... yes checking for gssapi_krb5.h... no config.h contains: /* Define this is you want GSSAPI support in the version 2 protocol */ /* #undef GSSAPI */ /* Define if you want Kerberos 5 support */ #define KRB5 1 /* Define this if you are using the Heimdal version of Kerberos V5 */ #define HEIMDAL 1 /* Define if you want S/Key support */ /* #undef SKEY */ /* Define if you want TCP Wrappers support */ #define LIBWRAP 1 OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /usr/local/etc Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/afs/bin:/software/@sys/usr/openssl/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/sbin:/usr/sbin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin Manpage format: man DNS support: no PAM support: no KerberosV support: yes Smartcard support: no S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Host: alphaev67-dec-osf5.1 Compiler: cc Compiler flags: -O2 -arch ev56 Preprocessor flags: -I/software/@sys/usr/openssl/include -Iyes -I/software/@sys/usr/include -I/usr/local/include -I/usr/local/openssl/include -I/usr/heimdal/include Linker flags: -L/software/@sys/usr/openssl/lib -Lyes -L/usr/heimdal/lib Libraries: -lwrap -lrt -lz -L/usr/local/lib -L/software/@sys/usr/lib -L/usr/local/openssl/lib -L/usr/lib -lsecurity -ldb -lm -laud -lcrypto -lkrb5 -ldes -lcom_err -lasn1 -lroken ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 16 19:49:20 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 16 Sep 2003 19:49:20 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030916094920.128F027C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-16 19:49 ------- So I've defined GSSAPI in config.h. To get things compiled, I had to put -lgssapi in fron of -lkrb5 and again put -lcrypto at the end of linker commadline. Then, I get: serow# ./ssh -o PreferredAuthentications=gssapi -p 8888 -v -v -v serow -1 OpenSSH_3.7p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7b 10 Apr 2003 debug1: Reading configuration data /usr/local/etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to serow [146.107.217.72] port 8888. debug1: Connection established. debug1: identity file /.ssh/identity type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7p1 debug1: match: OpenSSH_3.7p1 pat OpenSSH* debug1: Local version string SSH-1.5-OpenSSH_3.7p1 debug1: Waiting for server public key. Connection closed by 146.107.217.72 debug1: Calling cleanup 0x1200708d0(0x0) serow# ./ssh -o PreferredAuthentications=gssapi -p 8888 -v -v -v serow OpenSSH_3.7p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7b 10 Apr 2003 debug1: Reading configuration data /usr/local/etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to serow [146.107.217.72] port 8888. debug1: Connection established. debug1: identity file /.ssh/identity type -1 debug1: identity file /.ssh/id_rsa type -1 debug1: identity file /.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7p1 debug1: match: OpenSSH_3.7p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.7p1 debug1: SSH2_MSG_KEXINIT sent Connection closed by 146.107.217.72 debug1: Calling cleanup 0x1200708d0(0x0) serow# I guess the server crashes somewhere. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 04:10:11 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 04:10:11 +1000 (EST) Subject: [Bug 640] Error when trying to run make on openssh-3.7p1 with AIX 4.3.3 Message-ID: <20030916181011.7BF5127C196@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=640 Summary: Error when trying to run make on openssh-3.7p1 with AIX 4.3.3 Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: Alan.Vidmar at Colorado.edu Environment: OS: AIX 4.3.3.11 GCC:3.3.1 Make:3.80 Openssh:3.7p1 Openssl:0.9.7b Prngd:0.9.27 Notes: Openssh 3.7p1 does work with AIX 5.1 and all of the same components ======================== In file included from /usr/include/sys/user.h:77, from /usr/include/sys/audit.h:38, from ../openbsd-compat/port-aix.h:35, from ../openbsd-compat/openbsd-compat.h:166, from ../includes.h:173, from bsd-arc4random.c:25: /usr/include/sys/proc.h:203: error: parse error before "crid_t" /usr/include/sys/proc.h:212: error: parse error before "p_class" /usr/include/sys/proc.h:355: error: parse error before '}' token make: 1254-004 The error code from the last command is 1. Stop. make: 1254-004 The error code from the last command is 2. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 04:45:31 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 04:45:31 +1000 (EST) Subject: [Bug 641] Allow disabling of GTK2 within the RPM build process. Message-ID: <20030916184531.E85F527F9F7@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=641 Summary: Allow disabling of GTK2 within the RPM build process. Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org ReportedBy: jason at devrandom.org While building RPM packages for platforms without GTK2, rpm --rebuild (for the .src.rpm) and rpm -ba (for source) kept failing when it couldn't find GTK2, which isn't available for older Gnome platforms (e.g. RedHat <= 7.2 and RedHat Advanced Server 2.1). This patch is basically a segment in the openssh.spec file to add a --define target for rpm to disable GTK2 using already-present mechanisms within the .spec file. RedHat <= 7.2 is no longer supported by RedHat with errata builds, but many people are still using older systems so this functionality would be nice for building RPMs. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 04:50:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 04:50:40 +1000 (EST) Subject: [Bug 641] Allow disabling of GTK2 within the RPM build process. Message-ID: <20030916185040.62F8627C1D4@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=641 ------- Additional Comments From jason at devrandom.org 2003-09-17 04:50 ------- Created an attachment (id=400) --> (http://bugzilla.mindrot.org/attachment.cgi?id=400&action=view) Patch to add a --define target for RPM to disable using GTK2 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 07:34:30 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 07:34:30 +1000 (EST) Subject: [Bug 642] Can't build build OpenSSH 3.7 on OpenBSD 3.0 Message-ID: <20030916213430.4F1C727C1A8@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=642 Summary: Can't build build OpenSSH 3.7 on OpenBSD 3.0 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: OpenBSD Status: NEW Severity: critical Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: szedula at mindspring.com Can't build build OpenSSH 3.7 on OpenBSD 3.0. Have successfully built & installed OpenSSH 3.7 on OpenBSD 3.2 following the same steps found on www.openssh.org/openbsd.html Build on OpenBSD 3.0 fails on "Make" step at: cc -O2 -I/usr/src/usr.bin/ssh/lib/.. -c /usr/src/usr.bin/ssh/lib/../log.c -o log.o /usr/src/usr.bin/ssh/lib/../log.c: In function `do_log': /usr/src/usr.bin/ssh/lib/../log.c:335: variable `sdata' has initializer but incomplete type /usr/src/usr.bin/ssh/lib/../log.c:335: `SYSLOG_DATA_INIT' undeclared (first use in this function) /usr/src/usr.bin/ssh/lib/../log.c:335: (Each undeclared identifier is reported only once /usr/src/usr.bin/ssh/lib/../log.c:335: for each function it appears in.) /usr/src/usr.bin/ssh/lib/../log.c:335: storage size of `sdata' isn't known *** Error code 1 Stop in /usr/src/usr.bin/ssh/lib. *** Error code 1 Stop in /usr/src/usr.bin/ssh. ---- Step "make depend" had these "No such file or directory" messages. ===> sshd mkdep -a -DHAVE_LOGIN_CAP -DBSD_AUTH -I/usr/src/usr.bin/ssh/sshd/.. -DLIBWRAP In file included from /usr/src/usr.bin/ssh/sshd/../sshd.c:79: /usr/src/usr.bin/ssh/sshd/../monitor_mm.h:30: sys/tree.h: No such file or directory In file included from /usr/src/usr.bin/ssh/sshd/../monitor_mm.c:34: /usr/src/usr.bin/ssh/sshd/../monitor_mm.h:30: sys/tree.h: No such file or directory In file included from /usr/src/usr.bin/ssh/sshd/../monitor.c:51: /usr/src/usr.bin/ssh/sshd/../monitor_mm.h:30: sys/tree.h: No such file or directory ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 09:11:29 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 09:11:29 +1000 (EST) Subject: [Bug 640] Error when trying to run make on openssh-3.7p1 with AIX 4.3.3 Message-ID: <20030916231129.8A27127F72E@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=640 ------- Additional Comments From dtucker at zip.com.au 2003-09-17 09:11 ------- Created an attachment (id=401) --> (http://bugzilla.mindrot.org/attachment.cgi?id=401&action=view) Only include audit.h when needed for 4-arg loginfailed Please try the attached patch. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 10:13:58 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 10:13:58 +1000 (EST) Subject: [Bug 643] sshd bus faults on 64-but SPARCs when reading /etc/default/login Message-ID: <20030917001358.AC20D27C21D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=643 Summary: sshd bus faults on 64-but SPARCs when reading /etc/default/login Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: critical Priority: P1 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: dtucker at zip.com.au This can be worked around by commenting out the line in config.h that contains "HAVE_ETC_DEFAULT_LOGIN" and recompiling. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 10:23:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 10:23:56 +1000 (EST) Subject: [Bug 643] sshd bus faults on 64-but SPARCs when reading /etc/default/login Message-ID: <20030917002356.D76E927C2A0@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=643 ------- Additional Comments From dtucker at zip.com.au 2003-09-17 10:23 ------- Created an attachment (id=402) --> (http://bugzilla.mindrot.org/attachment.cgi?id=402&action=view) Fix size_t -> u_int ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 10:24:30 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 10:24:30 +1000 (EST) Subject: [Bug 644] "make clean" fails when building outside of source tree Message-ID: <20030917002430.7CA3027C2A0@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=644 Summary: "make clean" fails when building outside of source tree Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: roth at feep.net CC: roth at feep.net Under OpenSSH-3.7.1p1, "make clean" fails with the following error when building outside of the source tree: roth at coredump:/scratch/os/obj> make clean rm -f *.o *.a ssh sshd ssh-add ssh-keygen ssh-keyscan ssh-keysign ssh-agent scp ssh-rand-helper sftp-server sftp logintest config.cache config.log rm -f *.out core (cd openbsd-compat && gmake clean) gmake[1]: Entering directory `/services/scratch/os/obj/openbsd-compat' rm -f *.o *.a core gmake[1]: Leaving directory `/services/scratch/os/obj/openbsd-compat' (cd regress && gmake clean) /bin/sh: regress: does not exist gmake: *** [clean] Error 1 The problem seems to be that the "regress" subdirectory only exists in the source tree, not the build tree. This may also be a problem for the "distclean" target. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 10:25:04 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 10:25:04 +1000 (EST) Subject: [Bug 643] sshd bus faults on 64-bit SPARCs when reading /etc/default/login Message-ID: <20030917002504.6B1C927C39E@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=643 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|sshd bus faults on 64-but |sshd bus faults on 64-bit |SPARCs when reading |SPARCs when reading |/etc/default/login |/etc/default/login ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 10:34:20 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 10:34:20 +1000 (EST) Subject: [Bug 644] "make clean" fails when building outside of source tree Message-ID: <20030917003420.51A2427C36D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=644 ------- Additional Comments From dtucker at zip.com.au 2003-09-17 10:34 ------- Created an attachment (id=403) --> (http://bugzilla.mindrot.org/attachment.cgi?id=403&action=view) Fix "make clean" target Unfortunately the fix for this did not make the tree before 3.7 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 13:14:49 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 13:14:49 +1000 (EST) Subject: [Bug 645] Configure mis-identifies setresgid Message-ID: <20030917031449.6BFCB27C1F9@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=645 Summary: Configure mis-identifies setresgid Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: tigerwolf at tigerden.com Compiled on linux gcc 2.7.2.3, kernel 2.0.38 on i586. Latest zlib and openssl packages were in place. Compile completes apparently successfully. When logging in, the password is accepted, the system MOTD is displayed; but then, the connection immediately closes. Errors in syslog show: sshd[7319]: fatal: setresgid 100: Function not implemented Configure says 'yes' to the check for setresgid and sets the define HAVE_SETRESGID in config.h. Commenting out the define seems to fix the problem. I wos told by someone more knowlegeable than I that the setresgid function wasn't implemented until later kernels, implying the test done by ./configure dosen't properly yield the right answer. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 13:20:24 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 13:20:24 +1000 (EST) Subject: [Bug 646] Bogus askpass URL Message-ID: <20030917032024.C249A27C202@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=646 Summary: Bogus askpass URL Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy: tigerwolf at tigerden.com The INSTALL file lists http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html for an alternate askpass routine. That link is dead. Google found the folloign one: http://www.jmknoble.net/software/x11-ssh-askpass/ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 13:44:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 13:44:39 +1000 (EST) Subject: [Bug 647] Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam Message-ID: <20030917034439.22BFA27C304@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=647 Summary: Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: SunOS Status: NEW Severity: minor Priority: P4 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: pon at es.net CC: pon at es.net For OpenSSH_3.7p1, if one does NOT use the "--with-pam" configuration option, setting the default "#UsePAM yes" flag in sshd_config to "UsePam no" will cause the following error: init.d [111]# ./openssh start /etc/ssh/sshd_config line 75: Unsupported option UsePAM However, if one does use the "--with-pam" configuration option, setting the flag "UsePam no" is acceptable. Seems a bit confusing to me. Perhaps "#UsePAM no" should be the default? Thanks. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 15:07:37 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 15:07:37 +1000 (EST) Subject: [Bug 648] Cannot login using SecureCRT since openssh 3.7p1 Message-ID: <20030917050737.428D227C1CD@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=648 Summary: Cannot login using SecureCRT since openssh 3.7p1 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: simon at igrin.co.nz OS is Redhat 6.2 (with many updates) previously running OpenSSH 3.4p1 with default settings with no problems. I'm installing by extracting the openssh.spec file and building my own RPM's. On updating to either 3.7p1 or 3.7.1p1 I can no longer log in using SecureCRT and Password authentication. All messages and debugging information claim the password is wrong when it is not. I've tried both SecureCRT V3.1, and V4.08, with no change. Logging in from another Linux box using the openssh ssh client (3.4p1) *DOES* work. After spending many hours trying different configuration options I'm completely stumped. I've attached two attachments, one is a debug report from sshd from the old version showing a successful connection from Secure CRT the other from 3.7.1p1 showing an unsuccessful connection. I can provide more information if necessary. (At this point, I don't know what information might help) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 15:14:28 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 15:14:28 +1000 (EST) Subject: [Bug 648] Cannot login using SecureCRT since openssh 3.7p1 Message-ID: <20030917051428.5E2AA27C1FA@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=648 ------- Additional Comments From simon at igrin.co.nz 2003-09-17 15:14 ------- Created an attachment (id=404) --> (http://bugzilla.mindrot.org/attachment.cgi?id=404&action=view) Successful login with V3.4p1 This is the output of sshd -d -d -d of V3.4p1 following a successful login from SecureCRT V3.1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 15:15:03 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 15:15:03 +1000 (EST) Subject: [Bug 648] Cannot login using SecureCRT since openssh 3.7p1 Message-ID: <20030917051503.4026C27C364@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=648 ------- Additional Comments From simon at igrin.co.nz 2003-09-17 15:15 ------- Created an attachment (id=405) --> (http://bugzilla.mindrot.org/attachment.cgi?id=405&action=view) Successful login with V3.7.1p1 This is the output of sshd -d -d -d of V3.7.1p1 following an unsuccessful login from SecureCRT V3.1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 15:18:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 15:18:43 +1000 (EST) Subject: [Bug 648] Cannot login using SecureCRT since openssh 3.7p1 Message-ID: <20030917051843.0302427C292@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=648 simon at igrin.co.nz changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #405|Successful login with |Unsuccessful login with description|V3.7.1p1 |V3.7.1p1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 15:21:57 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 15:21:57 +1000 (EST) Subject: [Bug 648] Cannot login using SecureCRT since openssh 3.7p1 Message-ID: <20030917052157.782FA27C292@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=648 ------- Additional Comments From simon at igrin.co.nz 2003-09-17 15:21 ------- Opps. That second attachment should say UNsuccessful login with V3.7.1p1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 17:04:30 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 17:04:30 +1000 (EST) Subject: [Bug 645] Configure mis-identifies setresgid Message-ID: <20030917070430.C3D5F27C1A9@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=645 ------- Additional Comments From dtucker at zip.com.au 2003-09-17 17:04 ------- Created an attachment (id=406) --> (http://bugzilla.mindrot.org/attachment.cgi?id=406&action=view) Test setresuid call We need a way to detect this at build time without needing root privs to build. What does the attached program return? This is what I get from RH 8. $ gcc setresgidtest.c $ ./a.out setresgid returned 0, errno 0 setresuid returned 0, errno 0 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 17:13:38 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 17:13:38 +1000 (EST) Subject: [Bug 648] Cannot login using SecureCRT since openssh 3.7p1 Message-ID: <20030917071338.1910C27C8D6@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=648 ------- Additional Comments From dtucker at zip.com.au 2003-09-17 17:13 ------- Does it work for a non-root account? What do you get if you run sshd with "-o PermitRootLogin=yes"? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 17:21:07 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 17:21:07 +1000 (EST) Subject: [Bug 645] Configure mis-identifies setresgid Message-ID: <20030917072107.30DD727C21F@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=645 ------- Additional Comments From djm at mindrot.org 2003-09-17 17:21 ------- The problem is that your libc is advertising the availability of a setresuid library routing, but not actually implementing it. This is a thouroughly broken state of affairs. What distribution are you using? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 17:25:48 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 17:25:48 +1000 (EST) Subject: [Bug 634] scp incompatibility with ssh.com scp Message-ID: <20030917072548.507C627C19F@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=634 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |enhancement ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 18:12:51 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 18:12:51 +1000 (EST) Subject: [Bug 649] The source file "inet_ntoa.h" is unavailable. Message-ID: <20030917081251.408CA27C2BD@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=649 Summary: The source file "inet_ntoa.h" is unavailable. Product: Portable OpenSSH Version: 3.7p1 Platform: MIPS OS/Version: IRIX Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: pas50 at cam.ac.uk On building 3.7p1 on mpips irix 6.5.19f I get The source file "inet_ntoa.h" is unavailable. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 18:46:37 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 18:46:37 +1000 (EST) Subject: [Bug 650] fix for build problem on IRIX 6.5 Message-ID: <20030917084637.296BB27C19B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=650 Summary: fix for build problem on IRIX 6.5 Product: Portable OpenSSH Version: 3.7p1 Platform: MIPS OS/Version: IRIX Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: koenig at science-computing.de openssh 3.7p1 doesn't build on IRIX 6.5 (3.6.1p2 and earlier did), patch will be attached... error message: cc-1005 cc: ERROR File = inet_ntoa.c, Line = 46 The source file "inet_ntoa.h" is unavailable. #include "inet_ntoa.h" ^ 1 catastrophic error detected in the compilation of "inet_ntoa.c". Compilation terminated. gmake[1]: *** [inet_ntoa.o] Error 2 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 18:47:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 18:47:56 +1000 (EST) Subject: [Bug 650] fix for build problem on IRIX 6.5 Message-ID: <20030917084756.E881E27C19B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=650 ------- Additional Comments From koenig at science-computing.de 2003-09-17 18:47 ------- Created an attachment (id=407) --> (http://bugzilla.mindrot.org/attachment.cgi?id=407&action=view) fix for IRIX 6.5 build problem ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 18:50:15 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 18:50:15 +1000 (EST) Subject: [Bug 648] Cannot login using SecureCRT since openssh 3.7p1 Message-ID: <20030917085015.09AB527C19B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=648 ------- Additional Comments From simon at igrin.co.nz 2003-09-17 18:50 ------- No, it doesn't work for a non root account either. Using -o PermitRootLogin=yes doesn't help either, although I should point out I already have this in my sshd_config. Also in my sshd_config are: PasswordAuthentication yes UseLogin yes UsePrivilegeSeparation yes Compression no As I mentioned, using the openssh ssh client from another Linux box *can* log in using password authentication both as root or non root, and yet SecureCRT cannot. I've tried both ssh1 and ssh2 in SecureCRT, with no results. As an extra data point I just tried using Putty V0.51, and the result is "Access denied" after entering the password. Reverting to 3.4p1 allows both SecureCRT and Putty to log in ok. I'm at a loss to explain why the openssh ssh client can connect to both versions. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 19:03:23 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 19:03:23 +1000 (EST) Subject: [Bug 651] SCO 3.2v4.2 and OpenSSH 3.7.1p1 --> connection hangs and does not close (ssh2 only) Message-ID: <20030917090323.E43B227C19A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=651 Summary: SCO 3.2v4.2 and OpenSSH 3.7.1p1 --> connection hangs and does not close (ssh2 only) Product: Portable OpenSSH Version: 3.7p1 Platform: All OS/Version: other Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: vikashb at comparexafrica.co.za When executing a remote command or when exiting from a shell, the ssh connection hangs indefinitely, the only way to close the session is [crontol]+[c] even [~][.] does not work. This problem only exists when using ssh2 connections. the server side debug(-d -d -d) : debug1: Received SIGCHLD. debug2: channel 0: read failed debug2: channel 0: close_read debug2: channel 0: input open -> drain debug2: channel 0: ibuf_empty delayed efd 12/(0) debug2: notify_done: reading debug2: channel 0: read 0 from efd 12 debug2: channel 0: closing read-efd 12 debug2: channel 0: ibuf empty debug2: channel 0: send eof debug2: channel 0: input drain -> closed --->hangs<--- -------------------------------------------- below is a backtrace from gdb: (gdb) s 326 ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); (gdb) l 321 tv.tv_usec = 1000 * (max_time_milliseconds % 1000); 322 tvp = &tv; 323 } 324 325 /* Wait for something to happen, or the timeout to expire. */ 326 ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); 327 328 if (ret == -1) { 329 memset(*readsetp, 0, *nallocp); 330 memset(*writesetp, 0, *nallocp); (gdb) bt #0 wait_until_can_do_something (readsetp=0x7ffff8d8, writesetp=0x7ffff8d4, maxfdp=0x7ffff8d0, nallocp=0x7ffff8cc, max_time_milliseconds=0) at serverloop.c:326 #1 0x8bfc in server_loop2 (authctxt=0x42eaf8) at serverloop.c:770 #2 0x104bb in do_authenticated2 (authctxt=0x42eaf8) at session.c:2152 #3 0xcc19 in do_authenticated (authctxt=0x42eaf8) at session.c:216 #4 0x2eaa in main (ac=6, av=0x7ffffe1c) at sshd.c:1506 (gdb) s I have no idea how to resolve this. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 21:22:46 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 21:22:46 +1000 (EST) Subject: [Bug 649] The source file "inet_ntoa.h" is unavailable. Message-ID: <20030917112246.2062A27C18D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=649 ------- Additional Comments From pas50 at cam.ac.uk 2003-09-17 21:22 ------- Created an attachment (id=408) --> (http://bugzilla.mindrot.org/attachment.cgi?id=408&action=view) The inet_ntoa.h taken from openssh-3.6p1 This file seems to have simply been left out. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 21:43:38 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 21:43:38 +1000 (EST) Subject: [Bug 652] PermitEmptyPasswords option silently ignored Message-ID: <20030917114338.6C3E927C19E@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=652 Summary: PermitEmptyPasswords option silently ignored Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: steve at earth.ox.ac.uk Having upgraded to 3.7.1p1 from 3.6.1p2 using the following configure options:- ./configure --sysconfdir=/etc --with-rsh=/usr/ucb/rsh --with-xauth=/usr/openwin/ bin/xauth --with-default-path=/bin:/usr/ucb:/usr/bin:/usr/local/bin --with-ipv4- default --with-ssl-dir=/usr/local/ssl I've discovered that sshd silently ignores the PermitEmptyPasswords option in the config file. Researching further, it seems that the only place the option is referenced after being set in auth-passwd.c, line 70 where the password has already been requested from the user. Unfortunately, even if a user merely hits RETURN at the passowrd prompt (s)he is given the authentication fails for an account without a password. If the functionality for NULL passwords has been removed on purpose then this should be noted in the documentation and the configuration option should be removed. Otherwise, this bug shold be fixed. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 21:46:31 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 21:46:31 +1000 (EST) Subject: [Bug 649] The source file "inet_ntoa.h" is unavailable. Message-ID: <20030917114631.212BF27C19D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=649 ------- Additional Comments From pas50 at cam.ac.uk 2003-09-17 21:46 ------- The sshd still did not work debug1: match: OpenSSH_3.7.1p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.7.1p1 debug1: permanently_set_uid: 9999/9999 : was able to restore old [e]gid debug1: Calling cleanup 0x1005ee40(0x0) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 23:01:11 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 23:01:11 +1000 (EST) Subject: [Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) Message-ID: <20030917130111.1FDC227CFF1@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=653 Summary: sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) Product: Portable OpenSSH Version: 3.7.1p1 Platform: Alpha OS/Version: other Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: Ole.H.Nielsen at fysik.dtu.dk I upgraded OpenSSH 3.6.1p2 to 3.7.1p1 on a couple of HP/Compaq Tru64 UNIX systems. Version 3.6.1p2 works like a charm ! After restarting the sshd daemon I try to login using ssh from several remote systems, but the login breaks pretty early on. Nothing seems to be logged to the syslog. Details: OS: HP/Compaq Tru64 UNIX version 5.1A (same problem on Tru64 4.0F) Compiler: Compaq C V6.4-014 on Compaq Tru64 UNIX V5.1A ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 23:05:04 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 23:05:04 +1000 (EST) Subject: [Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) Message-ID: <20030917130504.1338227C1B9@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=653 ------- Additional Comments From Ole.H.Nielsen at fysik.dtu.dk 2003-09-17 23:05 ------- Created an attachment (id=409) --> (http://bugzilla.mindrot.org/attachment.cgi?id=409&action=view) SSH login attempt verbose log ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 23:13:25 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 23:13:25 +1000 (EST) Subject: [Bug 654] config throws an error due to missing zlib (but zlib present) Message-ID: <20030917131325.1EABE27C22D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=654 Summary: config throws an error due to missing zlib (but zlib present) Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P3 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: simone at piyosailing.com I just follow the INSTALL instructions: uncompress ./configure but i receive this error: checking for deflate in -lz... no configure: error: *** zlib missing - please install first or check config.log *** but I've already an openssh server running on the machine (but installed from an RPM) and also I've the latest version of both openssl (openssl-0.9.6b-32.7) and zlib (zlib-1.1.4-8.7x). So I cannot run the makefile and so install the new relase ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 23:35:35 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 23:35:35 +1000 (EST) Subject: [Bug 643] sshd bus faults on 64-bit SPARCs when reading /etc/default/login Message-ID: <20030917133535.881C227F86A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=643 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #402 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-09-17 23:35 ------- Created an attachment (id=410) --> (http://bugzilla.mindrot.org/attachment.cgi?id=410&action=view) Check for missing /etc/default/login Test for NULL pointer deref when /etc/default/login does not exist. Patch from Georg Oppenberg (georg.oppenberg at deu mci com) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 17 23:57:20 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 17 Sep 2003 23:57:20 +1000 (EST) Subject: [Bug 654] config throws an error due to missing zlib (but zlib present) Message-ID: <20030917135720.6231027C776@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=654 ------- Additional Comments From jason at devrandom.org 2003-09-17 23:57 ------- Do you have the zlib-devel package installed? -devel packages are generally required for compilation. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 00:18:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 00:18:40 +1000 (EST) Subject: [Bug 654] config throws an error due to missing zlib (but zlib present) Message-ID: <20030917141840.49C0027C1AD@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=654 simone at piyosailing.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From simone at piyosailing.com 2003-09-18 00:18 ------- I don't have the -devel lib. I'll download it and try ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 00:50:55 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 00:50:55 +1000 (EST) Subject: [Bug 652] PermitEmptyPasswords option silently ignored Message-ID: <20030917145055.8BC1027C1AD@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=652 hans at parse.nl changed: What |Removed |Added ---------------------------------------------------------------------------- Component|sshd |Build system ------- Additional Comments From hans at parse.nl 2003-09-18 00:50 ------- I can confirm this problem on Slackware 8.0 aswell. 3.7p1 compiled with following options: CFLAGS="-O2 -march=i386 -mcpu=i686 -Wall" ./configure --prefix=/usr --sysconfdir=/etc/ssh --without-pam --with-md5-passwords --with-tcp-wrappers --with-default-path=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin --with-ipv4-default --with-privsep-path=/var/empty --with-privsep-user=sshd i386-slackware-linux PasswordAuthentication yes PermitEmptyPasswords yes user with empty password keeps getting password prompt. To fix the problem i temporarily reverted back to 3.6.1p2 with patch from http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=106378044112153&w=2 will gather some more debug info later ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 00:53:28 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 00:53:28 +1000 (EST) Subject: [Bug 655] sshd_config.5: 'GSSAPICleanupCredentials' -> '...Creds' Message-ID: <20030917145328.1A29B27C1B8@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=655 Summary: sshd_config.5: 'GSSAPICleanupCredentials' -> '...Creds' Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: OpenBSD Status: NEW Severity: minor Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy: jmknoble at pobox.com 'GSSAPICleanupCreds' is mis-listed in sshd_config.5 as 'GSSAPICleanupCredentials'. Patch forthcoming. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 00:56:48 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 00:56:48 +1000 (EST) Subject: [Bug 655] sshd_config.5: 'GSSAPICleanupCredentials' -> '...Creds' Message-ID: <20030917145648.174B227C316@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=655 ------- Additional Comments From jmknoble at pobox.com 2003-09-18 00:56 ------- Created an attachment (id=411) --> (http://bugzilla.mindrot.org/attachment.cgi?id=411&action=view) Fix mis-listed 'GSSAPICleanupCreds' in ssh_config.5 (Patch actually against OpenBSD CVS, branch OPENBSD_3_3, applies fine in openssh-SNAP-20030916). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 01:17:38 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 01:17:38 +1000 (EST) Subject: [Bug 645] Configure mis-identifies setresgid Message-ID: <20030917151738.E632327C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=645 ------- Additional Comments From tigerwolf at tigerden.com 2003-09-18 01:17 ------- The distribution was originally slackware, but various parts upgraded now and then, usually to deal with something like inability to compile some needed routine (typically, some security patch issue such as this round). libc shows libc.so.4.7.6 and libc.so.5.4.44 The machine is a main server with over 100 accounts and other functions, so not easily replaced. It's been rock solid for years with uptimes over 450 days and that was cut short when the ups ran down. I'm half scared to mess with it except in a crisis! :) The test provided won't compile, either: tiger:~# gcc setresgidtest.c /tmp/cca015121.o: In function `main': /tmp/cca015121.o(.text+0x5f): undefined reference to `setresuid' ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 01:28:17 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 01:28:17 +1000 (EST) Subject: [Bug 656] ConnectTimeout option broken Message-ID: <20030917152817.A8571299B75@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=656 Summary: ConnectTimeout option broken Product: Portable OpenSSH Version: 3.7.1p1 Platform: All URL: http://charts.free.fr OS/Version: All Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: jclonguet at free.fr Code Changes were done against the original 'ConnectTimeout' patch, which broke this functionnality. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 01:29:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 01:29:39 +1000 (EST) Subject: [Bug 656] ConnectTimeout option broken Message-ID: <20030917152939.2069227CA5A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=656 ------- Additional Comments From jclonguet at free.fr 2003-09-18 01:29 ------- Created an attachment (id=412) --> (http://bugzilla.mindrot.org/attachment.cgi?id=412&action=view) patch for portable version ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 01:30:13 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 01:30:13 +1000 (EST) Subject: [Bug 656] ConnectTimeout option broken Message-ID: <20030917153013.4EACD27CA5A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=656 ------- Additional Comments From jclonguet at free.fr 2003-09-18 01:30 ------- Created an attachment (id=413) --> (http://bugzilla.mindrot.org/attachment.cgi?id=413&action=view) Patch for OpenBSD version ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 01:55:11 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 01:55:11 +1000 (EST) Subject: [Bug 657] Priv seperation causes segfault Message-ID: <20030917155511.D4E9827C2DB@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=657 Summary: Priv seperation causes segfault Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: BSDI Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: mgamble at eol.ca Running sshd with DEBUG3 logging, the following is displayed whenever connections are made: setreuid 101: Operation not permitted User 101 is the sshd user. If required, I can post ktrace outputs as well as full logs. I can also provide access to a BSDi box if needed. Our BSDi version is 4.3.1 (with all patches) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 02:13:10 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 02:13:10 +1000 (EST) Subject: [Bug 658] inet_ntoa.h missing Message-ID: <20030917161310.982EA2B7DED@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=658 Summary: inet_ntoa.h missing Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: IRIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: rick at oit.gatech.edu inet_ntoa.h seems to be missing from the 3.7 and 3.7.1 openbsd-compat source distributions, as well as the CVS tree. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 03:02:44 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 03:02:44 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030917170244.7349427C19C@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 Summary: sshd failure on IRIX Product: Portable OpenSSH Version: 3.7.1p1 Platform: MIPS OS/Version: IRIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: bugzilla-openssh at thewrittenword.com IRIX now requires the following defines: BROKEN_GETADDRINFO SETEUID_BREAKS_SETUID BROKEN_SETREUID BROKEN_SETREGID The BROKEN_GETADDRINFO definition should probably be tested for as it has been reported on the mailing list that 6.5.20+ might not need it. However, if it is defined, the openbsd-compat gai_strerror() function is used and its prototype conflicts with the definition on IRIX (const char * vs char *). Patch attached to fix this. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 03:03:44 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 03:03:44 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030917170344.0802127C218@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 ------- Additional Comments From bugzilla-openssh at thewrittenword.com 2003-09-18 03:03 ------- Created an attachment (id=414) --> (http://bugzilla.mindrot.org/attachment.cgi?id=414&action=view) Fix sshd on 3.7.1p1, gai_strerror prototype mismatch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 03:08:44 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 03:08:44 +1000 (EST) Subject: [Bug 660] buffer_free should reset buffer->alloc Message-ID: <20030917170844.2485327C1DB@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=660 Summary: buffer_free should reset buffer->alloc Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org ReportedBy: zardoz at users.sf.net Set it to zero to remove any chance of double free or memset'ing already freed memory ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 03:08:58 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 03:08:58 +1000 (EST) Subject: [Bug 661] Duplicate check for basename Message-ID: <20030917170858.BC80E27C1DB@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=661 Summary: Duplicate check for basename Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: bugzilla-openssh at thewrittenword.com Patch to remove duplicate check for basename. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 03:09:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 03:09:40 +1000 (EST) Subject: [Bug 661] Duplicate check for basename Message-ID: <20030917170940.0B44E27C1DB@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=661 ------- Additional Comments From bugzilla-openssh at thewrittenword.com 2003-09-18 03:09 ------- Created an attachment (id=415) --> (http://bugzilla.mindrot.org/attachment.cgi?id=415&action=view) Patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 03:21:10 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 03:21:10 +1000 (EST) Subject: [Bug 662] memory leak in authfile.c Message-ID: <20030917172110.3B1FD27C1F5@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=662 Summary: memory leak in authfile.c Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org ReportedBy: zardoz at users.sf.net key_save_private_rsa1 doesn't buffer_free(&encrypted) if open fails. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 03:26:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 03:26:42 +1000 (EST) Subject: [Bug 663] no DNS support Message-ID: <20030917172642.1702727C1F5@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=663 Summary: no DNS support Product: Portable OpenSSH Version: 3.7p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: openssh-bugs at mindrot.org ReportedBy: jim.a.davidson at bt.com I have just installed OpenSSH V371 on a Solaris8 test machine and configured it with the option with-dns. When I try to generate the host dns key using ssh-keygen -r dnshostname -f dnshostkeyfilename -g I am getting an error message: no DNS support. Is this an o/s error message and can you give me any pointers. /etc/nsswitch.conf and /etc resolv.conf appear to be ok for DNS. Thanks. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 03:47:11 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 03:47:11 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030917174711.59D5D27C22E@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 barryn at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |barryn at pobox.com ------- Additional Comments From barryn at pobox.com 2003-09-18 03:47 ------- AFAICT BROKEN_GETADDRINFO is not needed on IRIX 6.5.17 either. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 04:26:25 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 04:26:25 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030917182625.6000327C1EA@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 ------- Additional Comments From barryn at pobox.com 2003-09-18 04:26 ------- BTW, for anyone else like me who is/was wondering if any of the other (than BROKEN_GETADDRINFO) three options can be left out, no, they all seem to be required as far as I can tell. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 04:26:58 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 04:26:58 +1000 (EST) Subject: [Bug 664] sshd refuses to accept connections, fails with setreuid 75: Operation not permitted error Message-ID: <20030917182658.9893A27C1A5@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=664 Summary: sshd refuses to accept connections, fails with setreuid 75: Operation not permitted error Product: Portable OpenSSH Version: 3.7.1p1 Platform: PPC OS/Version: Mac OS X Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: openssh.9.aktnist at antichef.com MacOS 10.2.6, installing to fix vulnerability in default install Using openssl 0.9.6i from fink Installation appears to work, but trying to connect from remote host (with server running in sshd -de mode) gives following (short) debug trace: {snip} Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 129.6.120.31 port 28571 debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH_3.2*,OpenSSH_3.3*,OpenSSH_3.4*,OpenSSH_3.5* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.7.1p1 debug1: permanently_set_uid: 75/75 setreuid 75: Operation not permitted debug1: Calling cleanup 0x24ad8(0x0) Tried enabling BROKEN_SETREUID in config.h, still failed with setuid 75: Operation not permitted Thanks! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 04:27:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 04:27:14 +1000 (EST) Subject: [Bug 649] The source file "inet_ntoa.h" is unavailable. Message-ID: <20030917182714.3DC9C27FD35@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=649 ------- Additional Comments From barryn at pobox.com 2003-09-18 04:27 ------- Look at bugs 650 (to correct the inet_ntoa.h problem) and 659 (to correct the sshd disconnection problems) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 04:27:47 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 04:27:47 +1000 (EST) Subject: [Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) Message-ID: <20030917182747.35FD627C356@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=653 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-18 04:27 ------- I have exactly same experience. I compiled now 3.6.1p2 and 3.7.1p1 with same configure commandline and got same problem. Connectio breaks right after "SSH2_MSG_KEXINIT sent" $ ssh -v -v -v -l root -p 443 serow OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x009060af debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug2: ssh_connect: needpriv 0 debug1: Connecting to serow [146.107.217.72] port 443. debug1: Connection established. debug1: identity file /home/mokrejs/.ssh/identity type 0 debug1: identity file /home/mokrejs/.ssh/id_rsa type 0 debug3: Not a RSA1 key file /home/mokrejs/.ssh/id_dsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/mokrejs/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p1 debug1: match: OpenSSH_3.7.1p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 debug1: SSH2_MSG_KEXINIT sent Connection closed by 146.107.217.72 debug1: Calling cleanup 0x8062440(0x0) mokrejs at vrapenec$ $ ./configure --prefix=/usr/local --with-tcp-wrappers --with-ssl-dir=/software/@sys/usr/openssl --with-prngd-socket=/var/run/egd-p ool --with-default-path=/software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/afs/bin:/software/@sys/usr/openssl/bin:/usr/local/bin:/us r/local/sbin:/usr/bin:/bin:/sbin:/usr/sbin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin --with-xauth=/usr/bin/X11/xauth --with-zlib --with-osfsia --with-login=/usr/bin/login --without-privsep The server says: # ./sshd -p 443 -D -d -d -d debug2: read_server_config: filename /usr/local/etc/sshd_config debug1: sshd version OpenSSH_3.7.1p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 443 on 0.0.0.0. Server listening on 0.0.0.0 port 443. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 146.107.217.207 port 34077 debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2 debug1: match: OpenSSH_3.6.1p2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.7.1p1 debug2: Network child is on pid 34085 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: privsep user:group 15:22 debug1: permanently_set_uid: 15/22 permanently_set_uid: was able to restore old [e]gid debug1: Calling cleanup 0x12006ff40(0x0) # I suspect inability to read RAND data(below is truss snippet from ./sshd -D -d -d -d execution). 33868: fork() = 33871 33871: fork() (returning as child ...) = 33871 debug2: Network child is on pid 33871 33868: write(2, " d e b u g 2 : N e t w".., 39) = 39 33871: getsysinfo(67, 0x000000011FFFB0F0, 4, 0x00000000, 0x00000000, 0x00000000) = 1 33868: close(3) = 0 33871: close(7) = 0 debug3: preauth child monitor started 33868: write(2, " d e b u g 3 : p r e a".., 39) = 39 33871: getuid() = 0 [ 0 ] debug3: mm_request_receive entering 33868: write(2, " d e b u g 3 : m m _ r".., 37) = 37 33871: fstat(0, 0x000000011FFFB0F8) = 0 33871: fstat(1, 0x000000011FFFB0F8) = 0 33871: fstat(2, 0x000000011FFFB0F8) = 0 33871: open("/etc/passwd.pag", O_RDONLY, 00) Err#2 No such file or directory 33871: open("/etc/passwd", O_RDONLY, 0666) = 7 33871: fstat(7, 0x000000011FFFB010) = 0 33871: ioctl(7, 0x2000745E, 0x00000000) Err#25 Not a typewriter 33871: read(7, " r o o t : 5 1 A B 3 Y B".., 8192) = 891 33871: lseek(7, 0xFFFFFFFF, SEEK_CUR) = 888 33871: close(7) = 0 33871: fstat(0, 0x000000011FFFB0F8) = 0 33871: fstat(1, 0x000000011FFFB0F8) = 0 33871: fstat(2, 0x000000011FFFB0F8) = 0 33871: chroot("/var/empty") = 0 33871: chdir("/") = 0 debug3: privsep user:group 15:22 33871: write(2, " d e b u g 3 : p r i v".., 34) = 34 33871: setgroups(1, 0x000000011FFFB340) = 0 33871: getuid() = 0 [ 0 ] 33871: getgid() = 1 [ 1 ] debug1: permanently_set_uid: 15/22 33871: write(2, " d e b u g 1 : p e r m".., 36) = 36 33871: setregid(22, 22) = 0 33871: setreuid(15, 15) = 0 33871: setgid(1) = 0 permanently_set_uid: was able to restore old [e]gid 33871: write(2, " p e r m a n e n t l y _".., 53) = 53 debug1: Calling cleanup 0x12006ff40(0x0) 33871: write(2, " d e b u g 1 : C a l l".., 42) = 42 33871: shutdown(4, SHUT_RDWR) = 0 33871: close(4) = 0 Could the output of sshd and ssh be enhanced so that it tells which EGD is it using? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 04:32:15 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 04:32:15 +1000 (EST) Subject: [Bug 665] sshd doesn't work on Mac OS X Message-ID: <20030917183215.225D327C1AD@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=665 Summary: sshd doesn't work on Mac OS X Product: Portable OpenSSH Version: 3.7p1 Platform: PPC OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: max at quendi.de sshd worked fine on Mac OS X up to and including 3.6.1p1. I never tried 3.7p1, but in 3.7.1p1 it definitely is broken. In particular, when ssh'ing to localhost, my server dies with this message: [...] debug3: privsep user:group 75:75 debug1: permanently_set_uid: 75/75 setuid 75: Operation not permitted debug1: Calling cleanup 0x25008(0x0) The full output: root# sshd -d -d -d debug2: read_server_config: filename /sw/etc/ssh/sshd_config debug1: sshd version OpenSSH_3.7.1p1 Could not load host key: /sw/etc/ssh/ssh_host_key Could not load host key: /sw/etc/ssh/ssh_host_rsa_key debug3: Not a RSA1 key file /sw/etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA Disabling protocol version 1. Could not load host key debug1: setgroups() failed: Invalid argument debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from ::1 port 49356 debug1: Client protocol version 2.0; client software version OpenSSH_3.7.1p1 debug1: match: OpenSSH_3.7.1p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.7.1p1 debug2: Network child is on pid 20205 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: privsep user:group 75:75 debug1: permanently_set_uid: 75/75 setuid 75: Operation not permitted debug1: Calling cleanup 0x25008(0x0) For comparision, this is what 3.6.1p1 says (truncated): root# sshd -d -d -d debug2: read_server_config: filename /sw/etc/ssh/sshd_config debug1: sshd version OpenSSH_3.6.1p1 Could not load host key: /sw/etc/ssh/ssh_host_key Could not load host key: /sw/etc/ssh/ssh_host_rsa_key debug3: Not a RSA1 key file /sw/etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA Disabling protocol version 1. Could not load host key debug1: setgroups() failed: Invalid argument debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from ::1 port 49357 debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p1 debug1: match: OpenSSH_3.6.1p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.6.1p1 debug2: Network child is on pid 20252 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: privsep user:group 75:75 debug1: permanently_set_uid: 75/75 debug1: list_hostkey_types: ssh-dss debug1: SSH2_MSG_KEXINIT sent [...] ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 04:37:57 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 04:37:57 +1000 (EST) Subject: [Bug 663] no DNS support Message-ID: <20030917183757.124B327C253@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=663 jim.a.davidson at bt.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 04:42:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 04:42:43 +1000 (EST) Subject: [Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) Message-ID: <20030917184243.2B9EA27C1E0@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=653 mmokrejs at natur.cuni.cz changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|other |OSF/1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 04:50:28 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 04:50:28 +1000 (EST) Subject: [Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) Message-ID: <20030917185028.1ECDD28AF8B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=653 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-18 04:50 ------- OK, I stole the idea from http://bugzilla.mindrot.org/show_bug.cgi?id=659 Edit openssh-3.7.1p1/config.h to have as follows: /* Define if your platform breaks doing a seteuid before a setuid */ #define SETEUID_BREAKS_SETUID /* Define if your setreuid() is broken */ #define BROKEN_SETREUID /* Define if your setregid() is broken */ #define BROKEN_SETREGID That fixes our problem. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 04:50:53 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 04:50:53 +1000 (EST) Subject: [Bug 650] fix for build problem on IRIX 6.5 Message-ID: <20030917185053.4026C28B016@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=650 barryn at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |barryn at pobox.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 04:51:22 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 04:51:22 +1000 (EST) Subject: [Bug 649] The source file "inet_ntoa.h" is unavailable. Message-ID: <20030917185122.4C20628B086@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=649 barryn at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |barryn at pobox.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 05:13:57 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 05:13:57 +1000 (EST) Subject: [Bug 635] openssh-SNAP-20030903: configure does not work well with heimdal(krb5) Message-ID: <20030917191357.6E6F027C242@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=635 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-18 05:13 ------- I had to edit config.h to get it working with password authentication by setting these manually(the first 3 are platform specific - already in another bugreport, the last is a bug reported here): /* Define if your platform breaks doing a seteuid before a setuid */ #define SETEUID_BREAKS_SETUID /* Define if your setreuid() is broken */ #define BROKEN_SETREUID /* Define if your setregid() is broken */ #define BROKEN_SETREGID /* Define this is you want GSSAPI support in the version 2 protocol */ #define GSSAPI Unfortunately, the GSSAPI bug is still present. To summarize, I have set two GSS* options in sshd_config, I have compiled with heimdal, defined GSSAPI on config.h. Then, I get: $ ssh -o PreferredAuthentications=gssapi -v -v -v -l mokrejs -p 443 serow OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x009060af debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug2: ssh_connect: needpriv 0 debug1: Connecting to serow [146.107.217.72] port 443. debug1: Connection established. debug1: identity file /home/mokrejs/.ssh/identity type 0 debug1: identity file /home/mokrejs/.ssh/id_rsa type 0 debug3: Not a RSA1 key file /home/mokrejs/.ssh/id_dsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/mokrejs/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p1 debug1: match: OpenSSH_3.7.1p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 135/256 debug2: bits set: 1613/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/mokrejs/.ssh/known_hosts debug3: check_host_in_hostfile: match line 24 debug3: check_host_in_hostfile: filename /home/mokrejs/.ssh/known_hosts debug3: check_host_in_hostfile: match line 24 debug1: Host 'serow' is known and matches the RSA host key. debug1: Found key in /home/mokrejs/.ssh/known_hosts:24 debug2: bits set: 1585/3191 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi,password,keyboard-interactive debug3: start over, passed a different list publickey,gssapi,password,keyboard-interactive debug3: preferred gssapi debug3: authmethod_lookup gssapi debug3: remaining preferred: debug2: Unrecognized authentication method name: gssapi debug1: No more authentication methods to try. Permission denied (publickey,gssapi,password,keyboard-interactive). debug1: Calling cleanup 0x8062440(0x0) $ # ./sshd -p 443 -D -d -d -d -d debug2: read_server_config: filename /usr/local/etc/sshd_config debug1: sshd version OpenSSH_3.7.1p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 443 on 0.0.0.0. Server listening on 0.0.0.0 port 443. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 146.107.217.207 port 34118 debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2 debug1: match: OpenSSH_3.6.1p2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.7.1p1 debug2: Network child is on pid 40616 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: privsep user:group 15:22 debug1: permanently_set_uid: 15/22 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug3: mm_request_send entering: type 0 debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI debug3: mm_request_receive_expect entering: type 1 debug3: mm_request_receive entering debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 2048 8192 debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_request_receive entering debug3: mm_choose_dh: remaining 0 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug2: dh_gen_key: priv key bits set: 146/256 debug2: bits set: 1585/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug2: bits set: 1613/3191 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 14005b0e0(143) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user mokrejs service ssh-connection method none debug1: attempt 0 failures 0 debug3: mm_getpwnamallow entering debug3: mm_request_send entering: type 6 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_request_receive_expect entering: type 7 debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_request_receive entering debug2: input_userauth_request: setting up authctxt for mokrejs debug3: mm_inform_authserv entering debug3: mm_request_send entering: type 3 debug2: input_userauth_request: try method none debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 10 debug3: Trying to reverse map address 146.107.217.207. debug3: mm_answer_authpassword: sending result 0 debug3: mm_request_send entering: type 11 Failed none for mokrejs from 146.107.217.207 port 34118 ssh2 debug3: mm_request_receive entering debug3: mm_auth_password: user not authenticated Failed none for mokrejs from 146.107.217.207 port 34118 ssh2 Connection closed by 146.107.217.207 debug1: Calling cleanup 0x120082de0(0x0) # ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 05:32:37 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 05:32:37 +1000 (EST) Subject: [Bug 666] 'BatchMode yes' makes ssh(1) look for /usr/local/etc/ssh_known_hosts Message-ID: <20030917193237.365CF27C258@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=666 Summary: 'BatchMode yes' makes ssh(1) look for /usr/local/etc/ssh_known_hosts Product: Portable OpenSSH Version: 3.7.1p1 Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: mmokrejs at natur.cuni.cz When there's no /usr/local/etc/ssh_known_hosts and ssh_config says: "BatchMode yes", the clients get: $ ssh bontebok Host key verification failed. $ When the file is present with the public key of target machine, user receives: debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/users/mokrejs/.ssh/known_hosts debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts debug3: check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile: filename /home/users/mokrejs/.ssh/known_hosts debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'bontebok' is known and matches the RSA host key. debug1: Found key in /usr/local/etc/ssh_known_hosts:1 debug2: bits set: 1627/3191 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/users/mokrejs/.ssh/identity (0) debug2: key: /home/users/mokrejs/.ssh/id_rsa (0) debug2: key: /home/users/mokrejs/.ssh/id_dsa (0) debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred gssapi,publickey debug3: authmethod_lookup publickey debug3: remaining preferred: ,publickey debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/users/mokrejs/.ssh/identity debug3: no such identity: /home/users/mokrejs/.ssh/identity debug1: Trying private key: /home/users/mokrejs/.ssh/id_rsa debug3: no such identity: /home/users/mokrejs/.ssh/id_rsa debug1: Trying private key: /home/users/mokrejs/.ssh/id_dsa debug3: no such identity: /home/users/mokrejs/.ssh/id_dsa debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,password,keyboard-interactive). debug1: Calling cleanup 0x1200708e0(0x0) If the key in /usr/local/etc/ssh_known_hosts is wrong, it ssh(1) should say so. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 05:56:06 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 05:56:06 +1000 (EST) Subject: [Bug 665] sshd doesn't work on Mac OS X Message-ID: <20030917195606.798EF27C1C4@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=665 ------- Additional Comments From max at quendi.de 2003-09-18 05:56 ------- Created an attachment (id=416) --> (http://bugzilla.mindrot.org/attachment.cgi?id=416&action=view) Workaround for the problem This patch fixes the problem for me, by forcing OpenSSH to use setuid again, instead of setreuid/seteuid. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 06:11:18 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 06:11:18 +1000 (EST) Subject: [Bug 654] config throws an error due to missing zlib (but zlib present) Message-ID: <20030917201118.4E2C327C2CA@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=654 ------- Additional Comments From jason at devrandom.org 2003-09-18 06:11 ------- Did this fix the problem? I've tried re-building from source several times on Linux/RPM-based distros with no problems with zlib on 5 platforms. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 06:12:45 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 06:12:45 +1000 (EST) Subject: [Bug 648] Cannot login using SecureCRT since openssh 3.7p1 Message-ID: <20030917201245.54AAA27C244@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=648 ------- Additional Comments From wcb3 at ou.edu 2003-09-18 06:12 ------- I had the same problem. Try rebuilding with the configuration option --with-md5- passwords. That worked for me. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 06:30:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 06:30:39 +1000 (EST) Subject: [Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together Message-ID: <20030917203039.A7FCF27C325@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=667 Summary: Openssh 3.7x, Windows ssh clients and Ldap don't play together Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: critical Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: matthew.schick at usm.edu The 3.7 versions of Openssh will refuse to authenticate via password (didn't try keys) for the ssh.com and Putty clients IF the server is using ldap authentication. Authentication isn't a problem if the openssh client is used (even under cygwin), or if any windows client is used to connect to an openssh server using passwd/shadow auth. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 06:31:25 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 06:31:25 +1000 (EST) Subject: [Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together Message-ID: <20030917203125.5642527C325@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=667 ------- Additional Comments From matthew.schick at usm.edu 2003-09-18 06:31 ------- Created an attachment (id=417) --> (http://bugzilla.mindrot.org/attachment.cgi?id=417&action=view) DEBUG3 Output Output logged on affected server... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 06:40:58 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 06:40:58 +1000 (EST) Subject: [Bug 654] config throws an error due to missing zlib (but zlib present) Message-ID: <20030917204058.39D8627CC00@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=654 simone at piyosailing.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Additional Comments From simone at piyosailing.com 2003-09-18 06:40 ------- Yes, with the -devel package it worked fine. Thank you ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 06:59:07 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 06:59:07 +1000 (EST) Subject: [Bug 668] ssh truncates long banner message Message-ID: <20030917205907.DC39436BACE@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=668 Summary: ssh truncates long banner message Product: Portable OpenSSH Version: 3.7p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: dpb at bl.com I have a long, 1184 bytes, banner file. It is the one that Titan installs. and with the 3.6 version of ssh it prints fine. With the 3.7 version only part of it prints. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 07:01:52 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 07:01:52 +1000 (EST) Subject: [Bug 668] ssh truncates long banner message Message-ID: <20030917210152.1661927C383@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=668 ------- Additional Comments From dpb at bl.com 2003-09-18 07:01 ------- Created an attachment (id=418) --> (http://bugzilla.mindrot.org/attachment.cgi?id=418&action=view) The offending banner file ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 07:03:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 07:03:40 +1000 (EST) Subject: [Bug 664] sshd refuses to accept connections, fails with setreuid 75: Operation not permitted error Message-ID: <20030917210340.11DCF27C1D8@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=664 openssh.9.aktnist at antichef.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From openssh.9.aktnist at antichef.com 2003-09-18 07:03 ------- *** This bug has been marked as a duplicate of 665 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 07:03:45 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 07:03:45 +1000 (EST) Subject: [Bug 665] sshd doesn't work on Mac OS X Message-ID: <20030917210345.6D46327C326@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=665 openssh.9.aktnist at antichef.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |openssh.9.aktnist at antichef.c | |om ------- Additional Comments From openssh.9.aktnist at antichef.com 2003-09-18 07:03 ------- *** Bug 664 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 07:20:36 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 07:20:36 +1000 (EST) Subject: [Bug 669] Putty / SecureCRT connections fail to authenticate Message-ID: <20030917212036.27DD627C19E@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=669 Summary: Putty / SecureCRT connections fail to authenticate Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: kari at wabbits.org Upgraded to 3.7p1 last night and used sshd with openssh successfully for the day, but tonight I noticed that I couldn't log in from my laptop with putty. Tried from different location with Putty and SecureCRT with the same result. Logs didn't offer any help: Sep 17 23:19:01 localhost sshd[7568]: Failed password for myuser from 192.168.0.12 port 1931 ssh2 neither did testruns with "sshd -de". Still I'm considering that it's sshd's problem as the connections work from openssh and FSecure's SSH. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 07:34:07 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 07:34:07 +1000 (EST) Subject: [Bug 670] SunOS 4.1.2 libs do not contain strtoul, used in moduli.c Message-ID: <20030917213407.18F0527C3C9@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=670 Summary: SunOS 4.1.2 libs do not contain strtoul, used in moduli.c Product: Portable OpenSSH Version: 3.7p1 Platform: Sparc OS/Version: SunOS Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: nforrester at whoi.edu Make fails on SunOS 4.1.2 system when linking ssh-keygen for lack of "strtoul" in library. Using gcc with Sun provided libraries (libc?) rather than gnu libraries. strtoul is used in moduli.c, which is a new file in openssh 3.7p1 vs. 3.5p1, which previously compiled fine. I am unsure whether the right approach is a change in the configure process to detect this and provide an alternate strtoul, or whether the use of strtoul could be avoided through use of strtol in this case. Of course the other solution is to declare a lack of support for old OSs, but those legacy applications just live on... I have not the knowledge required to propose a fix, but I am willing to test. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 07:52:33 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 07:52:33 +1000 (EST) Subject: [Bug 670] SunOS 4.1.2 libs do not contain strtoul, used in moduli.c Message-ID: <20030917215233.DEB2927C1E5@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=670 ------- Additional Comments From nforrester at whoi.edu 2003-09-18 07:52 ------- Oops forgot to say that I configured with the following command: ./configure --prefix=/usr/local --sysconfdir=/etc/ssh --with-tcp-wrappers --without-shadow --with-prngd-socket=/var/run/egd-pool then: make ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 07:58:28 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 07:58:28 +1000 (EST) Subject: [Bug 648] Cannot login using SecureCRT since openssh 3.7p1 Message-ID: <20030917215828.DEE5F27C232@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=648 ------- Additional Comments From simon at igrin.co.nz 2003-09-18 07:58 ------- Well that worked. Since I'm building RPM's theres no easy way to force the use of md5 over pam without choosing a rescue disk build, so I hacked the .spec file to use md5 and the resulting RPM's allow me to log in ok. (Our systems can use either MD5 directly or PAM) It looks like the PAM support in this release is broken, (at least on some configurations) as using MD5 is only a workaround... At least I don't have to keep using a vulnerable version now... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 08:28:10 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 08:28:10 +1000 (EST) Subject: [Bug 671] vis.h is not #includ'ed in OpenBSD 3.1 build of OpenSSH portable 3.7p1 Message-ID: <20030917222810.0F61927C81D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=671 Summary: vis.h is not #includ'ed in OpenBSD 3.1 build of OpenSSH portable 3.7p1 Product: Portable OpenSSH Version: 3.7p1 Platform: ix86 OS/Version: OpenBSD Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: grace at flipt.com Adding #include to includes.h fixed the problem. The lack of the included file broke log.c during the build. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 08:28:18 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 08:28:18 +1000 (EST) Subject: [Bug 672] vis.h is not #includ'ed in OpenBSD 3.1 build of OpenSSH portable 3.7p1 Message-ID: <20030917222818.78AA327CDB3@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=672 Summary: vis.h is not #includ'ed in OpenBSD 3.1 build of OpenSSH portable 3.7p1 Product: Portable OpenSSH Version: 3.7p1 Platform: ix86 OS/Version: OpenBSD Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: grace at flipt.com CC: grace at flipt.com Adding #include to includes.h fixed the problem. The lack of the included file broke log.c during the build. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 09:20:29 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 09:20:29 +1000 (EST) Subject: [Bug 657] Priv seperation causes setreuid error Message-ID: <20030917232029.96C5627C1A8@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=657 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Priv seperation causes |Priv seperation causes |segfault |setreuid error ------- Additional Comments From dtucker at zip.com.au 2003-09-18 09:20 ------- Try adding: #define SETEUID_BREAKS_SETUID 1 #define BROKEN_SETREUID 1 #define BROKEN_SETREGID 1 to your config.h and recompiling (don't re-run configure) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 09:22:13 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 09:22:13 +1000 (EST) Subject: [Bug 643] sshd bus faults (64bit) or segfaults (32bit) when reading /etc/default/login Message-ID: <20030917232213.B09E727C1A8@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=643 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|sshd bus faults on 64-bit |sshd bus faults (64bit) or |SPARCs when reading |segfaults (32bit) when |/etc/default/login |reading /etc/default/login ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 09:29:33 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 09:29:33 +1000 (EST) Subject: [Bug 672] vis.h is not #includ'ed in OpenBSD 3.1 build of OpenSSH portable 3.7p1 Message-ID: <20030917232933.5986727C23F@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=672 jason at devrandom.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From jason at devrandom.org 2003-09-18 09:29 ------- Double entry of same issue *** This bug has been marked as a duplicate of 671 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 09:29:38 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 09:29:38 +1000 (EST) Subject: [Bug 671] vis.h is not #includ'ed in OpenBSD 3.1 build of OpenSSH portable 3.7p1 Message-ID: <20030917232938.2F79227C298@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=671 ------- Additional Comments From jason at devrandom.org 2003-09-18 09:29 ------- *** Bug 672 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 10:17:54 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 10:17:54 +1000 (EST) Subject: [Bug 657] Priv seperation causes setreuid error Message-ID: <20030918001754.BC04F27C1A7@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=657 mgamble at eol.ca changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From mgamble at eol.ca 2003-09-18 10:17 ------- That fixed it. Perhaps that should be noted somewhere? Perhaps a README.BSDi file? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 10:19:26 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 10:19:26 +1000 (EST) Subject: [Bug 673] skeychallenge call has 4 args in NetBSD Message-ID: <20030918001926.9069A27C1A7@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=673 Summary: skeychallenge call has 4 args in NetBSD Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: NetBSD Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: eravin at panix.com The skeychallenge() call has four arguments in NetBSD: int skeychallenge(struct skey *mp, const char *name, char *ss, size_t sslen); OpenSSH does not know about the 4th argument, so when you build with --with-skey, the compile fails. If I put this into config.h: #define skeychallenge(a,b,c) skeychallenge(a,b,c,sizeof(c)) then compilation is successful. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 10:51:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 10:51:43 +1000 (EST) Subject: [Bug 674] permanently_set_uid() doesn't work on BSDI 4.0.1 Message-ID: <20030918005143.9BDAE27C195@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=674 Summary: permanently_set_uid() doesn't work on BSDI 4.0.1 Product: Portable OpenSSH Version: 3.7p1 Platform: ix86 OS/Version: BSDI Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: jsr at dexter.mi.org On BSDI 4.0.1, sshd answers the port but closes the connection before negotiation is complete. Replacing the permanently_set_uid() function in uidswap.c with the one from 3.6.1p2 fixed the problem for BSDI. harry:/home/u/jsr/development/exper/openssh-3.7.1p1(8)# ./sshd -d debug1: sshd version OpenSSH_3.7.1p1 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: setgroups() failed: Invalid argument socket: Protocol not supported debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 192.168.200.50 port 35982 debug1: Client protocol version 2.0; client software version OpenSSH_3.7.1p1 debug1: match: OpenSSH_3.7.1p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.7.1p1 debug1: permanently_set_uid: 30/13 setreuid 30: Operation not permitted debug1: Calling cleanup 0x8065214(0x0) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 10:53:29 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 10:53:29 +1000 (EST) Subject: [Bug 658] inet_ntoa.h missing Message-ID: <20030918005329.B0D9B27C195@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=658 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From dtucker at zip.com.au 2003-09-18 10:53 ------- *** This bug has been marked as a duplicate of 649 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 10:53:33 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 10:53:33 +1000 (EST) Subject: [Bug 649] The source file "inet_ntoa.h" is unavailable. Message-ID: <20030918005333.8917C27C3C9@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=649 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rick at oit.gatech.edu ------- Additional Comments From dtucker at zip.com.au 2003-09-18 10:53 ------- *** Bug 658 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 11:00:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 11:00:14 +1000 (EST) Subject: [Bug 668] ssh truncates long banner message Message-ID: <20030918010014.7836A27C1A2@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=668 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 11:00 ------- Created an attachment (id=419) --> (http://bugzilla.mindrot.org/attachment.cgi?id=419&action=view) Don't use logit() for banner How about something like the attached patch? (WARNING: almost entirely untested) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 11:05:37 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 11:05:37 +1000 (EST) Subject: [Bug 648] Cannot login using SecureCRT since openssh 3.7p1 Message-ID: <20030918010537.C17D127C1A2@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=648 ------- Additional Comments From mouring at eviladmin.org 2003-09-18 11:05 ------- >It looks like the PAM support in this release is broken, (at least on some >configurations) as using MD5 is only a workaround... I'm not seeing how --with-md5-password implies broken --with-pam. Pam is now a run-time option. Therefor if you do 'UsePam no' it will failback to trying to handle the /etc/shadow password directly. If you use md5.. you need to tell OpenSSH about it. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 11:13:01 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 11:13:01 +1000 (EST) Subject: [Bug 648] Cannot login using SecureCRT since openssh 3.7p1 Message-ID: <20030918011301.6762C27C198@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=648 ------- Additional Comments From simon at igrin.co.nz 2003-09-18 11:12 ------- >I'm not seeing how --with-md5-password implies broken --with-pam. Pam is now >a run-time option. Therefor if you do 'UsePam no' it will failback to trying >to handle the /etc/shadow password directly. Not sure I understand your comment, or that it even makes sense. For me, PAM authentication no longer works when it worked fine under 3.4p1. Thats why I refer to it as broken. (Please see my attached debug output) UsePam no in sshd_config did not help either. > If you use md5.. you need to >tell OpenSSH about it. Well we use PAM, its only because PAM support isn't working that I resorted to trying MD5 support. How exactly is one supposed to enable MD5 support when building RPM's ? The supplied openssh.spec file doesn't provide a way to do it without hacking the SPEC as I did. At the end of the day, the PAM support is still broken in 3.7.1p1 on my systems...(I've had a couple of emails from people saying they're also having the same problem) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 11:28:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 11:28:39 +1000 (EST) Subject: [Bug 669] Putty / SecureCRT connections fail to authenticate Message-ID: <20030918012839.275E227C303@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=669 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 11:28 ------- Are you using PAM? Can you make sure "keyboard-interactive" authentication is enabled in your client? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 11:33:48 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 11:33:48 +1000 (EST) Subject: [Bug 657] Priv seperation causes setreuid error Message-ID: <20030918013348.8237628ADCF@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=657 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Additional Comments From dtucker at zip.com.au 2003-09-18 11:33 ------- The bug shouldn't be closed until we fix configure to automatically define those. What does configure report for the "system type" for your BSDi box? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 11:40:22 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 11:40:22 +1000 (EST) Subject: [Bug 674] permanently_set_uid() doesn't work on BSDI 4.0.1 Message-ID: <20030918014022.9269827C1B0@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=674 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From dtucker at zip.com.au 2003-09-18 11:40 ------- Please see bug #657 for BSDi fixes *** This bug has been marked as a duplicate of 657 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 11:40:27 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 11:40:27 +1000 (EST) Subject: [Bug 657] Priv seperation causes setreuid error Message-ID: <20030918014027.480D527C1D1@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=657 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsr at dexter.mi.org ------- Additional Comments From dtucker at zip.com.au 2003-09-18 11:40 ------- *** Bug 674 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 12:57:30 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 12:57:30 +1000 (EST) Subject: [Bug 668] ssh truncates long banner message Message-ID: <20030918025730.3B28927C74B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=668 ------- Additional Comments From dpb at bl.com 2003-09-18 12:57 ------- Works for me, almost. I didn't need a blank line at the bottom of the banner file before. The login message appears on the same line as the last line in the file. If there is a blank line on the bottom everything appears the same. Now that I know where to look the new code is the same as the old 3.6p2 code. The newline must have come from elsewhere. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 13:05:05 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 13:05:05 +1000 (EST) Subject: [Bug 14] Can't change expired /etc/shadow password without PAM Message-ID: <20030918030505.53E9927C274@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=14 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 13:05 ------- Since people have asked about it, there's a patch against 3.7.1p1 here: http://www.zip.com.au/~dtucker/openssh/openssh-3.7.1p1-pwexp24.patch ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla-daemon at mindrot.org Thu Sep 18 13:27:45 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 13:27:45 +1000 (EST) Subject: [Bug 675] cipher.c error when building against openssl 0.9.5a on Mandrake 7.2 Message-ID: <20030918032745.01C0C27C198@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=675 Summary: cipher.c error when building against openssl 0.9.5a on Mandrake 7.2 Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: bill.bacher at ruffalocody.com I'm getting an error when I try to compile 3.7.1p1 source on a Mandrake 7.2 server with OpenSSL 0.9.5a: ./configure --with-tcp-wrappers ... OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /usr/local/etc Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/catX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin Manpage format: cat DNS support: no PAM support: no KerberosV support: no Smartcard support: no S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: yes BSD Auth support: no Random number source: OpenSSL internal ONLY Host: i686-pc-linux-gnu Compiler: gcc Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized Preprocessor flags: Linker flags: Libraries: -lwrap -lutil -lz -lnsl -lcrypto -lcrypt make .... gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c cipher.c cipher.c:68: warning: initialization from incompatible pointer type cipher.c:69: warning: initialization from incompatible pointer type cipher.c:73: warning: initialization from incompatible pointer type cipher.c:74: warning: initialization from incompatible pointer type cipher.c:75: warning: initialization from incompatible pointer type cipher.c:76: warning: initialization from incompatible pointer type cipher.c: In function `cipher_init': cipher.c:230: warning: assignment discards qualifiers from pointer target type cipher.c:209: warning: unused variable `klen' cipher.c: In function `cipher_get_keycontext': cipher.c:403: warning: comparison of distinct pointer types lacks a cast cipher.c: In function `cipher_set_keycontext': cipher.c:418: warning: comparison of distinct pointer types lacks a cast gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c cipher-aes.c cipher-aes.c: In function `ssh_rijndael_init': cipher-aes.c:50: warning: assignment from incompatible pointer type cipher-aes.c: In function `ssh_rijndael_cbc': cipher-aes.c:78: warning: assignment from incompatible pointer type cipher-aes.c: In function `ssh_rijndael_cleanup': cipher-aes.c:116: warning: assignment from incompatible pointer type cipher-aes.c: In function `ssh_rijndael_iv': cipher-aes.c:129: warning: assignment from incompatible pointer type cipher-aes.c: In function `evp_rijndael': cipher-aes.c:147: warning: assignment from incompatible pointer type cipher-aes.c:148: warning: assignment from incompatible pointer type cipher-aes.c:149: warning: assignment from incompatible pointer type cipher-aes.c:151: structure has no member named `flags' cipher-aes.c:151: `EVP_CIPH_CBC_MODE' undeclared (first use in this function) cipher-aes.c:151: (Each undeclared identifier is reported only once cipher-aes.c:151: for each function it appears in.) cipher-aes.c:151: `EVP_CIPH_VARIABLE_LENGTH' undeclared (first use in this function) cipher-aes.c:152: `EVP_CIPH_ALWAYS_CALL_INIT' undeclared (first use in this function) cipher-aes.c:152: `EVP_CIPH_CUSTOM_IV' undeclared (first use in this function) make: *** [cipher-aes.o] Error 1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 13:43:44 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 13:43:44 +1000 (EST) Subject: [Bug 670] SunOS 4.1.2 libs do not contain strtoul, used in moduli.c Message-ID: <20030918034344.D4F3C27C18D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=670 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 13:43 ------- I don't think strtol is an acceptable substitute. It should be relatively easy to use OpenBSD's strtoul in openbsd-compat: http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/strtoul.c ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 13:56:31 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 13:56:31 +1000 (EST) Subject: [Bug 670] SunOS 4.1.2 libs do not contain strtoul, used in moduli.c Message-ID: <20030918035631.53B7A27C1B5@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=670 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 13:56 ------- Created an attachment (id=420) --> (http://bugzilla.mindrot.org/attachment.cgi?id=420&action=view) Add strtoul in openbsd-compat/ Please try the attached patch. Note that you will need to run "autoconf" to rebuild configure. If you don't have autoconf, you can use this file: http://www.zip.com.au/~dtucker/openssh/configure-strtoul.gz , just replace the configure from 3.7.1p1 with it. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 13:59:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 13:59:14 +1000 (EST) Subject: [Bug 668] ssh truncates long banner message Message-ID: <20030918035914.4958827C1B5@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=668 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 13:59 ------- Just change sshconnect2.c line 369 from fprintf(stderr, "%s", fmtbuf); to fprintf(stderr, "%s\n", fmtbuf); ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 14:10:27 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 14:10:27 +1000 (EST) Subject: [Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together Message-ID: <20030918041027.53EF127C1AE@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=667 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 14:10 ------- >From the sshd_config man page: UsePAM Enables PAM authentication (via challenge-response) and session set up. If you enable this, you should probably disable PasswordAuthentication. If you enable then you will not be able to run sshd as a non-root user. What happens if you disable PasswordAuthentication and use keyboard-interactive on the clients? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 15:38:50 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 15:38:50 +1000 (EST) Subject: [Bug 669] Putty / SecureCRT connections fail to authenticate Message-ID: <20030918053850.C5B6927C27B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=669 ------- Additional Comments From kari at wabbits.org 2003-09-18 15:38 ------- I'm using PAM and unable to find such definition from putty. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 16:20:49 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 16:20:49 +1000 (EST) Subject: [Bug 669] Putty / SecureCRT connections fail to authenticate Message-ID: <20030918062049.57ECF27C19C@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=669 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 16:20 ------- I've got PuTTY v0.53b here and it's: Connection -> SSH -> Auth -> Attempt "keyboard-interactive" authentication (SSH2) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 17:22:36 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 17:22:36 +1000 (EST) Subject: [Bug 649] The source file "inet_ntoa.h" is unavailable. Message-ID: <20030918072236.5B6F527C1AA@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=649 openssh at roumenpetrov.info changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From openssh at roumenpetrov.info 2003-09-18 17:22 ------- *** This bug has been marked as a duplicate of 650 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 17:22:41 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 17:22:41 +1000 (EST) Subject: [Bug 650] fix for build problem on IRIX 6.5 Message-ID: <20030918072241.E61DE27C1C7@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=650 openssh at roumenpetrov.info changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pas50 at cam.ac.uk ------- Additional Comments From openssh at roumenpetrov.info 2003-09-18 17:22 ------- *** Bug 649 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 17:26:17 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 17:26:17 +1000 (EST) Subject: [Bug 668] ssh truncates long banner message Message-ID: <20030918072617.1FB4527C1A0@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=668 ------- Additional Comments From djm at mindrot.org 2003-09-18 17:26 ------- Hang on, that undoes the fix for bug #225 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 17:30:02 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 17:30:02 +1000 (EST) Subject: [Bug 669] Putty / SecureCRT connections fail to authenticate Message-ID: <20030918073002.1AD7827C1A0@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=669 kari at wabbits.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From kari at wabbits.org 2003-09-18 17:29 ------- I'm not sure which version of putty I was using, but as I upgraded the newest one, this "keyboard-interactive" appeared and now it works so this wasn't sshd-problem after all. Lesson learned: update your software more often:) Thanks. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 17:37:18 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 17:37:18 +1000 (EST) Subject: [Bug 668] ssh truncates long banner message Message-ID: <20030918073718.2282E27C194@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=668 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #419 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-09-18 17:37 ------- Created an attachment (id=421) --> (http://bugzilla.mindrot.org/attachment.cgi?id=421&action=view) check options.loglevel and use fprintf Damn, you're right. I thought that looked strangely familiar. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 17:47:53 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 17:47:53 +1000 (EST) Subject: [Bug 647] Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam Message-ID: <20030918074753.54B2527C193@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=647 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 17:47 ------- Created an attachment (id=422) --> (http://bugzilla.mindrot.org/attachment.cgi?id=422&action=view) Set options->use_pam to 0 if USE_PAM is not set On a related note, options.use_pam is set even unless overridden by the UsePAM directive, which doesn't happen if PAM support isn't compiled in. This means, for example, that things like this (from auth.c) don't happen when PAM support is disabled: #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) if (!options.use_pam) spw = getspnam(pw->pw_name); Hey! That might be the cause of some of our mystery segfaults on Solaris 2.6! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 17:57:49 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 17:57:49 +1000 (EST) Subject: [Bug 676] auth-pam.c trashes stack in sshpam_thread_conv() with more than one message Message-ID: <20030918075749.7D38A27C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=676 Summary: auth-pam.c trashes stack in sshpam_thread_conv() with more than one message Product: Portable OpenSSH Version: 3.7p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: security Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: paul.a.bolton at bt.com If a PAM module has more than one message set in a single conversation, hence more than one response, auth-pam.c will start trashing the stack. This was run on Solaris 8 with patch 108993-22. This had been noticed as we were experiencing SIGBUS faults from sshd. The problem seems to be in sshpam_thread_conv() in that the 3rd argument (struct pam_response **resp) is treated as a array of pointers to struct pam_response and not a pointer to an array of struct pam_response. This only occurs if the PAM module has more than one response. Obviously, as the responses are from the unauthenticated user and in effect start trampling on the stack (first to go is the msg struct) that this could be exploitable. Code will be attached of the change. As for whether this could be exploitable, I haven't looked into this side of the problem sufficiently to answer this. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 18:01:13 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 18:01:13 +1000 (EST) Subject: [Bug 676] auth-pam.c trashes stack in sshpam_thread_conv() with more than one message Message-ID: <20030918080113.22A5627C37E@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=676 ------- Additional Comments From paul.a.bolton at bt.com 2003-09-18 18:01 ------- Created an attachment (id=423) --> (http://bugzilla.mindrot.org/attachment.cgi?id=423&action=view) change references to the PAM resp structure as described in the bug ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 18:19:38 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 18:19:38 +1000 (EST) Subject: [Bug 652] PermitEmptyPasswords option silently ignored Message-ID: <20030918081938.7C83F27C4A9@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=652 ------- Additional Comments From djm at mindrot.org 2003-09-18 18:19 ------- Created an attachment (id=424) --> (http://bugzilla.mindrot.org/attachment.cgi?id=424&action=view) Fix empty password auth Its a bug. Try this attached patch or wait for the next portable release. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 18:23:59 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 18:23:59 +1000 (EST) Subject: [Bug 677] sshd exits upon a connection attempt Message-ID: <20030918082359.2EFDE27C217@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=677 Summary: sshd exits upon a connection attempt Product: Portable OpenSSH Version: 3.7.1p1 Platform: MIPS OS/Version: IRIX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: Al.Smith at gold.net sshd from 3.7p1 and 3.7.1p1 on irix exit with exitcode 255 when receiving an incoming connection. No core dump is generated. Debug log is attached. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 18:25:10 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 18:25:10 +1000 (EST) Subject: [Bug 652] PermitEmptyPasswords option silently ignored Message-ID: <20030918082510.5466627C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=652 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 18:26:09 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 18:26:09 +1000 (EST) Subject: [Bug 677] sshd exits upon a connection attempt Message-ID: <20030918082609.1364627C4C7@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=677 ------- Additional Comments From Al.Smith at gold.net 2003-09-18 18:26 ------- Created an attachment (id=425) --> (http://bugzilla.mindrot.org/attachment.cgi?id=425&action=view) sshd debug output ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 18:30:02 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 18:30:02 +1000 (EST) Subject: [Bug 677] sshd exits upon a connection attempt Message-ID: <20030918083002.0A4B827C2FC@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=677 ------- Additional Comments From Al.Smith at gold.net 2003-09-18 18:29 ------- Last lines of output from slogin are: debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 debug1: SSH2_MSG_KEXINIT sent Connection closed by 192.168.0.2 debug1: Calling cleanup 0x10022e10(0x0) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 18:40:19 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 18:40:19 +1000 (EST) Subject: [Bug 647] Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam Message-ID: <20030918084019.3F53A27C1A1@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=647 ------- Additional Comments From djm at mindrot.org 2003-09-18 18:40 ------- Maybe it should just default to 0 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 18:57:45 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 18:57:45 +1000 (EST) Subject: [Bug 647] Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam Message-ID: <20030918085745.3C83B27C18D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=647 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 18:57 ------- That was my first thought, but most of the options go through this "-1 = unset" -> set from config -> apply default if -1 process. I assumed there was a reason for it, so left it that way. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 19:01:27 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 19:01:27 +1000 (EST) Subject: [Bug 677] sshd exits upon a connection attempt Message-ID: <20030918090127.424A127C1A9@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=677 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From dtucker at zip.com.au 2003-09-18 19:01 ------- *** This bug has been marked as a duplicate of 659 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 19:01:32 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 19:01:32 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030918090132.B541E27C1D4@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Al.Smith at gold.net ------- Additional Comments From dtucker at zip.com.au 2003-09-18 19:01 ------- *** Bug 677 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 19:05:58 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 19:05:58 +1000 (EST) Subject: [Bug 676] auth-pam.c trashes stack in sshpam_thread_conv() with more than one message Message-ID: <20030918090558.B529A27C1AE@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=676 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- groupset|0 |256 ------- Additional Comments From djm at mindrot.org 2003-09-18 19:05 ------- Please don't use context diffs, unified diffs are much easier to read. Marking bug private ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 19:06:47 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 19:06:47 +1000 (EST) Subject: [Bug 676] auth-pam.c trashes stack in sshpam_thread_conv() with more than one message Message-ID: <20030918090647.0093A27C1AE@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=676 ------- Additional Comments From djm at mindrot.org 2003-09-18 19:06 ------- Created an attachment (id=426) --> (http://bugzilla.mindrot.org/attachment.cgi?id=426&action=view) Don't clobber pam replies Maybe this ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 19:08:34 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 19:08:34 +1000 (EST) Subject: [Bug 643] sshd bus faults (64bit) or segfaults (32bit) when reading /etc/default/login Message-ID: <20030918090834.0A43E27C200@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=643 ------- Additional Comments From the_murple at gmx.de 2003-09-18 19:08 ------- while the workaround is fine if you know at compile time, that /etc/default/login is not existing or not readable, it creates problems, if this is changed at a later time. E.g. using the TITAN system hardening scripts sets this to non-user-readable. login to sshd will silently fail without an explanation. Had a hard time figuring out the cause of this. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 19:08:44 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 19:08:44 +1000 (EST) Subject: [Bug 677] sshd exits upon a connection attempt Message-ID: <20030918090844.42E3627C3C2@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=677 ------- Additional Comments From Al.Smith at gold.net 2003-09-18 19:08 ------- Already tried the patch included in bug #659; no joy. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 19:44:24 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 19:44:24 +1000 (EST) Subject: [Bug 643] sshd bus faults (64bit) or segfaults (32bit) when reading /etc/default/login Message-ID: <20030918094424.2696627C1E3@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=643 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 19:44 ------- Agreed about the work-around, but attachment id #410 seems to solve it properly for me (tested Solaris 8, sun4m, unreadable and missing file). If /etc/default/login is not readable by the user, you won't get the settings in it, though. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 20:32:04 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 20:32:04 +1000 (EST) Subject: [Bug 676] auth-pam.c trashes stack in sshpam_thread_conv() with more than one message Message-ID: <20030918103204.6767B27C194@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=676 ------- Additional Comments From paul.a.bolton at bt.com 2003-09-18 20:32 ------- That works. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 21:08:10 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 21:08:10 +1000 (EST) Subject: [Bug 640] Error when trying to run make on openssh-3.7p1 with AIX 4.3.3 Message-ID: <20030918110810.848A627C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=640 ------- Additional Comments From peter at pjsc.de 2003-09-18 21:08 ------- Got a similar compile problem with AIX 5.1 and gcc 2.9 In file included from ../openbsd-compat/port-aix.h:35, from ../openbsd-compat/openbsd-compat.h:166, from ../includes.h:173, from bsd-arc4random.c:25: /usr/include/sys/audit.h:271: parse error before `0200' /usr/include/sys/audit.h:286: parse error before `}' make: 1254-004 The error code from the last command is 1. The patch did solve the problem ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 21:28:57 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 21:28:57 +1000 (EST) Subject: [Bug 678] PermitEmptyPasswords broken Message-ID: <20030918112857.79BDB27C197@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=678 Summary: PermitEmptyPasswords broken Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: cj10 at cam.ac.uk Even if the PermitEmptyPasswords option is specified in sshd_config, auth-none authentication does not succeed for a user with an empty password. This is due to a simple coding error in auth-passswd.c. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 21:32:36 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 21:32:36 +1000 (EST) Subject: [Bug 678] PermitEmptyPasswords broken Message-ID: <20030918113236.F371327C1D7@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=678 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From djm at mindrot.org 2003-09-18 21:32 ------- *** This bug has been marked as a duplicate of 652 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 21:32:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 21:32:42 +1000 (EST) Subject: [Bug 652] PermitEmptyPasswords option silently ignored Message-ID: <20030918113242.68F8927C1E2@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=652 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cj10 at cam.ac.uk ------- Additional Comments From djm at mindrot.org 2003-09-18 21:32 ------- *** Bug 678 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 21:33:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 21:33:14 +1000 (EST) Subject: [Bug 678] PermitEmptyPasswords broken Message-ID: <20030918113314.1AEE127C246@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=678 ------- Additional Comments From cj10 at cam.ac.uk 2003-09-18 21:33 ------- Created an attachment (id=427) --> (http://bugzilla.mindrot.org/attachment.cgi?id=427&action=view) patch to auth-passwd.c in 3.7.1p1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 23:34:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 23:34:43 +1000 (EST) Subject: [Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) Message-ID: <20030918133443.103C527C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=653 ------- Additional Comments From Ole.H.Nielsen at fysik.dtu.dk 2003-09-18 23:34 ------- I have tried Martin Mokrejs' workaround: Edit openssh-3.7.1p1/config.h to have as follows: /* Define if your platform breaks doing a seteuid before a setuid */ #define SETEUID_BREAKS_SETUID /* Define if your setreuid() is broken */ #define BROKEN_SETREUID /* Define if your setregid() is broken */ #define BROKEN_SETREGID This solves the problem on our systems as well (Tru64 UNIX 5.1A and 4.0F) ! One mustn't edit acconfig.h and then run configure; it's required to edit config.h as above *after* the configure step. To the developers: The final bugfix seemingly needs to define the 3 above lines for the OSF/1 operating system (Tru64 UNIX). I wonder why this wasn't necessary prior to version 3.7 ? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 23:41:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 23:41:56 +1000 (EST) Subject: [Bug 662] memory leak in authfile.c Message-ID: <20030918134156.33BB327C1A9@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=662 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From markus at openbsd.org 2003-09-18 23:41 ------- thanks, applied ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 23:44:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 23:44:40 +1000 (EST) Subject: [Bug 660] buffer_free should reset buffer->alloc Message-ID: <20030918134440.4BD2827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=660 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From markus at openbsd.org 2003-09-18 23:44 ------- thanks, applied. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 23:46:31 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 23:46:31 +1000 (EST) Subject: [Bug 656] ConnectTimeout option broken Message-ID: <20030918134631.7EB6C27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=656 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From markus at openbsd.org 2003-09-18 23:46 ------- thanks, applied ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 23:49:48 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 23:49:48 +1000 (EST) Subject: [Bug 657] Priv seperation causes setreuid error Message-ID: <20030918134948.1622927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=657 ------- Additional Comments From markus at openbsd.org 2003-09-18 23:49 ------- it should be this: Host: i386-pc-bsdi4.3.1 same for other bsd/os versions. e.g 4.3, 4.2, 4.0.2 and probably 5.0, but i did not test. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 18 23:57:27 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 18 Sep 2003 23:57:27 +1000 (EST) Subject: [Bug 657] Priv seperation causes setreuid error Message-ID: <20030918135727.246E227C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=657 ------- Additional Comments From markus at openbsd.org 2003-09-18 23:57 ------- bsdos 5.0 (all patches) needs the same defines. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 01:11:36 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 01:11:36 +1000 (EST) Subject: [Bug 640] Error when trying to run make on openssh-3.7p1 with AIX 4.3.3 Message-ID: <20030918151136.4755E27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=640 Alan.Vidmar at Colorado.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From Alan.Vidmar at Colorado.edu 2003-09-19 01:11 ------- The patch to port-aix.h did in fact fix the problem. Thanks, Alan ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 01:47:10 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 01:47:10 +1000 (EST) Subject: [Bug 679] fatal: buffer_append_space with compression enabled in putty Message-ID: <20030918154710.22D4327C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=679 Summary: fatal: buffer_append_space with compression enabled in putty Product: Portable OpenSSH Version: 3.7.1p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: chopin+sshzilla at sgh.waw.pl When compression is enabled in Putty (0.53b), sshd accepts the keys, username, password and then exits, leaving in logs: fatal: buffer_append_space: alloc 10506240 not supported Turning off compression in Putty allows to login normally. It used to work at least with 3.1p1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 02:06:00 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 02:06:00 +1000 (EST) Subject: [Bug 657] Priv seperation causes setreuid error Message-ID: <20030918160600.2877027C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=657 ------- Additional Comments From root at nk.ca 2003-09-19 02:05 ------- Here is what I am getting 1) doctor.nl2k.ab.ca//etc/mail$ sshd -d -d -d debug2: read_server_config: filename /usr/contrib/etc/sshd_config debug1: sshd version OpenSSH_3.7.1p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /usr/contrib/etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /usr/contrib/etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: setgroups() failed: Invalid argument debug1: Bind to port 22 on ::. debug1: Bind to port 22 on 0.0.0.0. Bind to port 22 on 0.0.0.0 failed: Address already in use. Cannot bind any address. You have new mail in /var/mail/root doctor.nl2k.ab.ca//etc/mail$ 2) doctor.nl2k.ab.ca/~$less typescriot typescriot: No such file or directory doctor.nl2k.ab.ca/~$less typescript Script started on Wed Sep 17 06:20:55 2003 doctor.nl2k.ab.ca/~$ssh -v -2 -i ~doctor/.ssh/id_rsa -l doctor uucp OpenSSH_3.7.1p1, SSH protocols 1.5/2.0, OpenSSL 0.9.6j [engine] 10 Apr 2003 debug1: Reading configuration data /usr/contrib/etc/ssh_config^M debug1: Connecting to uucp [204.209.81.3] port 22.^M debug1: Connection established.^M debug1: identity file /usr/home/doctor/.ssh/id_rsa type 1^M debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p1^M debug1: match: OpenSSH_3.7.1p1 pat OpenSSH*^M debug1: Enabling compatibility mode for protocol 2.0^M debug1: Local version string SSH-2.0-OpenSSH_3.7.1p1^M debug1: SSH2_MSG_KEXINIT sent^M Connection closed by 204.209.81.3^M debug1: Calling cleanup 0x80608b0(0x0)^M doctor.nl2k.ab.ca/~$exit exit Script done on Wed Sep 17 06:21:34 2003 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 02:23:46 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 02:23:46 +1000 (EST) Subject: [Bug 646] Bogus askpass URL Message-ID: <20030918162346.31D5327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=646 ------- Additional Comments From jmknoble at pobox.com 2003-09-19 02:23 ------- The proper link to x11-ssh-askpass has been the following for some time: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/ An alternate link is: http://www.jmknoble.net/software/x11-ssh-askpass/ (See announcement of last stable release: http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100093189232584&w=2 ). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 02:26:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 02:26:42 +1000 (EST) Subject: [Bug 680] different behavior for pam ssh-1 vs ssh-2 client Message-ID: <20030918162642.3CF7227C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=680 Summary: different behavior for pam ssh-1 vs ssh-2 client Product: Portable OpenSSH Version: 3.7p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: doug at will.to openssh3.7 and above have different behavior with respect to pam when connecting from an ssh-2 or ssh-1 client. When connection comes from ssh-2 client, the server calls the appropriate pam modules and authenticates fine. When a connection comes from ssh-1 client, it does not. (auth failed). This worked in 3.6.1p1 for what it's worth (no difference in behavior) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 02:37:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 02:37:39 +1000 (EST) Subject: [Bug 681] inet_ntoa.h is missing Message-ID: <20030918163739.1FF5127C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=681 Summary: inet_ntoa.h is missing Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: dustman at cvrti.utah.edu Compiling on Irix 6.5.17 and I get this error: (cd openbsd-compat && make) cc -g -I. -I.. -I. -I./.. -I/usr/local/ssl/include -I/usr/local/include -DHAVE_CONFIG_H -c inet_ntoa.c cc-1005 cc: ERROR File = inet_ntoa.c, Line = 46 The source file "inet_ntoa.h" is unavailable. #include "inet_ntoa.h" ^ 1 catastrophic error detected in the compilation of "inet_ntoa.c". ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 02:55:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 02:55:39 +1000 (EST) Subject: [Bug 680] different behavior for pam ssh-1 vs ssh-2 client Message-ID: <20030918165539.2EF6127C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=680 ------- Additional Comments From doug at will.to 2003-09-19 02:55 ------- Created an attachment (id=428) --> (http://bugzilla.mindrot.org/attachment.cgi?id=428&action=view) ssh-1 client connect - fails auth (same user) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 02:56:20 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 02:56:20 +1000 (EST) Subject: [Bug 680] different behavior for pam ssh-1 vs ssh-2 client Message-ID: <20030918165620.105B827C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=680 ------- Additional Comments From doug at will.to 2003-09-19 02:56 ------- Created an attachment (id=429) --> (http://bugzilla.mindrot.org/attachment.cgi?id=429&action=view) ssh2 client connect - pam session works (debug3) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 04:05:00 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 04:05:00 +1000 (EST) Subject: [Bug 682] UseDNS option name can be inaccurate if alternative name service is in use Message-ID: <20030918180500.23B4527C30F@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=682 Summary: UseDNS option name can be inaccurate if alternative name service is in use Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P5 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: djast at cs.toronto.edu The UseDNS option causes the OpenSSH daemon to perform a lookup of the remote hostname (via getnameinfo() and/or getaddrinfo()) in certain appropriate circumstances. Although this is typically a DNS lookup, these routines could be using a different name service such as /etc/hosts or NIS/NIS+. In such cases, the name of the option is misleading. Moreover, there are some diagnostics within canohost.c which assume that getnameinfo() is using DNS (e.g., "Nasty PTR record...") ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 04:16:34 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 04:16:34 +1000 (EST) Subject: [Bug 683] INSTALL file still refers to --with-ipv4-default Message-ID: <20030918181634.703AB27C300@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=683 Summary: INSTALL file still refers to --with-ipv4-default Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P5 Component: Documentation AssignedTo: openssh-bugs at mindrot.org ReportedBy: djast at cs.toronto.edu The "--with-ipv4-default" option has apparently been removed from OpenSSH (it no longer appears in configure.ac), but the INSTALL file still refers to it. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 04:20:41 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 04:20:41 +1000 (EST) Subject: [Bug 684] ssh cannot access keys stored in agent Message-ID: <20030918182041.693AC27C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=684 Summary: ssh cannot access keys stored in agent Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: philipp at open.ch It seems the ssh command in 3.7.1p1 can no longer access SSH keys stored in the ssh-agent. The exact same configuration has worked in 3.6.1p2 and any previous version. When connecting to a host, the key-passphrase is always requested, even when the key was previously added to the agent. Other observations: - this is a client only issue. - authentication works for user root, but not for normal users - ssh-keysign is setuid root and is enabled in ssh_config - I can reproduce this on all hosts running OpenSSH 3.7.1p1 $ ssh-agent bash $ ssh-add /home/phk/.ssh/id_dsa $ ssh -vvv myhost [...] debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/phk/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-dss blen 433 debug2: input_userauth_pk_ok: fp a1:04:99:61:03:22:7e:79:20:fd:57:57:2c:7c:a8:98 debug3: sign_and_send_pubkey debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type Enter passphrase for key '/home/phk/.ssh/id_dsa': ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 05:59:50 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 05:59:50 +1000 (EST) Subject: [Bug 670] SunOS 4.1.2 libs do not contain strtoul, used in moduli.c Message-ID: <20030918195950.846F027C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=670 ------- Additional Comments From nforrester at whoi.edu 2003-09-19 05:59 ------- The patch seems to fix the problem nicely. Thanks. As I do not have autoconf on that machine, I did use your alternate configure. patch http://bugzilla.mindrot.org/show_bug.cgi?id=668 ------- Additional Comments From dpb at bl.com 2003-09-19 06:51 ------- It is now a perfect fix, thank you. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 07:39:58 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 07:39:58 +1000 (EST) Subject: [Bug 640] Error when trying to run make on openssh-3.7p1 with AIX 4.3.3 Message-ID: <20030918213958.4A06827C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=640 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Additional Comments From dtucker at zip.com.au 2003-09-19 07:39 ------- Please don't close the bug until the fix is in the tree. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 07:41:52 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 07:41:52 +1000 (EST) Subject: [Bug 679] fatal: buffer_append_space with compression enabled in putty Message-ID: <20030918214152.4EEDC27C1A8@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=679 ------- Additional Comments From dtucker at zip.com.au 2003-09-19 07:41 ------- I have seen similar issue resolved by upgrading zlib to 1.1.4. What version are you using? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 08:21:20 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 08:21:20 +1000 (EST) Subject: [Bug 679] fatal: buffer_append_space with compression enabled in putty Message-ID: <20030918222120.3721E27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=679 ------- Additional Comments From chopin+sshzilla at sgh.waw.pl 2003-09-19 08:21 ------- Interesting tip. After upgrading zlib to 1.1.4 (and recompiling openssh) it works again. Thanks. Perhaps it's better to document that zlib 1.1.4 is required? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 08:35:47 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 08:35:47 +1000 (EST) Subject: [Bug 679] fatal: buffer_append_space with compression enabled in putty Message-ID: <20030918223547.5CF4727C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=679 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement ------- Additional Comments From dtucker at zip.com.au 2003-09-19 08:35 ------- Good idea, I think we should do that. Please leave the bug open for now, we'll close it when we update the docs. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 11:32:51 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 11:32:51 +1000 (EST) Subject: [Bug 685] cipher.c error when building against OpenSSL 0.9.7b on RedHat 7.3 Message-ID: <20030919013251.6710D27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=685 Summary: cipher.c error when building against OpenSSL 0.9.7b on RedHat 7.3 Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: dean at mrdltd.ca I'm getting the following error when trying to compile 3.7.1p1 source on a RedHat 7.3 box with OpenSSL 0.9.7b. On the same machine with OpenSSL 0.9.6h installed, it compiles fine... ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-privsep-user=sshd ... OpenSSH has been configured with the following options: User binaries: /usr/bin System binaries: /usr/sbin Configuration files: /etc/ssh Askpass program: /usr/libexec/ssh-askpass Manual pages: /usr/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin Manpage format: doc DNS support: no PAM support: no KerberosV support: no Smartcard support: no S/KEY support: no TCP Wrappers support: no MD5 password support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: yes BSD Auth support: no Random number source: OpenSSL internal ONLY Host: i686-pc-linux-gnu Compiler: gcc Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized Preprocessor flags: Linker flags: Libraries: -lutil -lz -lnsl -lcrypto -lcrypt make ... gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. - DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" - D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" - D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" - D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" - D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" - DSSH_RAND_HELPER=\"/usr/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c cipher.c cipher.c:68: warning: initialization from incompatible pointer type cipher.c:69: warning: initialization from incompatible pointer type cipher.c:73: warning: initialization from incompatible pointer type cipher.c:74: warning: initialization from incompatible pointer type cipher.c:75: warning: initialization from incompatible pointer type cipher.c:76: warning: initialization from incompatible pointer type cipher.c:84: error: `EVP_aes_128_cbc' undeclared here (not in a function) cipher.c:84: error: initializer element is not constant cipher.c:84: error: (near initialization for `ciphers[8].evptype') cipher.c:84: error: initializer element is not constant cipher.c:84: error: (near initialization for `ciphers[8]') cipher.c:85: error: `EVP_aes_192_cbc' undeclared here (not in a function) cipher.c:85: error: initializer element is not constant cipher.c:85: error: (near initialization for `ciphers[9].evptype') cipher.c:85: error: initializer element is not constant cipher.c:85: error: (near initialization for `ciphers[9]') cipher.c:86: error: `EVP_aes_256_cbc' undeclared here (not in a function) cipher.c:86: error: initializer element is not constant cipher.c:86: error: (near initialization for `ciphers[10].evptype') cipher.c:86: error: initializer element is not constant cipher.c:86: error: (near initialization for `ciphers[10]') cipher.c:88: error: `EVP_aes_256_cbc' undeclared here (not in a function) cipher.c:88: error: initializer element is not constant cipher.c:88: error: (near initialization for `ciphers[11].evptype') cipher.c:88: error: initializer element is not constant cipher.c:88: error: (near initialization for `ciphers[11]') cipher.c:90: error: initializer element is not constant cipher.c:90: error: (near initialization for `ciphers[12]') cipher.c:91: error: initializer element is not constant cipher.c:91: error: (near initialization for `ciphers[13]') cipher.c:92: error: initializer element is not constant cipher.c:92: error: (near initialization for `ciphers[14]') cipher.c:94: error: initializer element is not constant cipher.c:94: error: (near initialization for `ciphers[15]') cipher.c: In function `cipher_get_keycontext': cipher.c:403: warning: comparison of distinct pointer types lacks a cast cipher.c:407: error: structure has no member named `cipher_data' cipher.c: In function `cipher_set_keycontext': cipher.c:418: warning: comparison of distinct pointer types lacks a cast cipher.c:420: error: structure has no member named `cipher_data' make: *** [cipher.o] Error 1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 11:54:16 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 11:54:16 +1000 (EST) Subject: [Bug 685] cipher.c error when building against OpenSSL 0.9.7b on RedHat 7.3 Message-ID: <20030919015416.7367F27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=685 ------- Additional Comments From dtucker at zip.com.au 2003-09-19 11:54 ------- Please check configure's output to see which OpenSSL version it's finding. I think you're picking up an OpenSSL version from the system headers, in which case you need to use: $ ./configure --with-ssl-dir=/usr/local/ssl (or wherever your OpenSSL is installed). Maybe the "OpenSSH has been configured with the following options" output should include OpenSSL version? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 12:04:25 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 12:04:25 +1000 (EST) Subject: [Bug 686] sshd dies by non-root account session Message-ID: <20030919020425.6DE4927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=686 Summary: sshd dies by non-root account session Product: Portable OpenSSH Version: 3.7.1p1 Platform: MIPS OS/Version: IRIX Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: yuki at sse.co.jp CC: yuki at sse.co.jp A sshd built by IRIX v6.5.19m with c99 (MIPSPro v7.4) dies when non-root user account establishes a session with openssh client. This does not occurs when root establishes a session. I found a problem in uidswap.c, and made a patch to fix this problem. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 12:10:46 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 12:10:46 +1000 (EST) Subject: [Bug 686] sshd dies by non-root account session Message-ID: <20030919021046.07C3127C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=686 ------- Additional Comments From yuki at sse.co.jp 2003-09-19 12:10 ------- Created an attachment (id=430) --> (http://bugzilla.mindrot.org/attachment.cgi?id=430&action=view) patch for sshd v3.7.1p1 under IRIX Audit environment Apply this patch as follows; % gzcat openssh-3.7.1p1.tar.gz | tar xf - % cd openssh-3.7.1p1 % patch < somewhere/patch.withIRIXAudit Maybe some code cleaning up would be required, but this can correct the problem temporally. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 12:17:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 12:17:14 +1000 (EST) Subject: [Bug 686] sshd dies by non-root account session Message-ID: <20030919021714.7105727C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=686 ------- Additional Comments From dtucker at zip.com.au 2003-09-19 12:17 ------- Do the #defines in bug #659 solve it without this patch? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 12:56:10 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 12:56:10 +1000 (EST) Subject: [Bug 686] sshd dies by non-root account session Message-ID: <20030919025610.4606527C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=686 ------- Additional Comments From yuki at sse.co.jp 2003-09-19 12:56 ------- I could fix my problem without appling the patch for bug #659. (Sorry, I didnot refer bug #659 report during fixing this problem.) I found sshd's UID is changed by setsatid() in openbsd-compat/port-irix.c, the stored old UID must be changed by setsatid() again. So, my answer is "Yes, but I know nothing about bug #659". ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 13:27:10 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 13:27:10 +1000 (EST) Subject: [Bug 679] fatal: buffer_append_space with compression enabled in putty Message-ID: <20030919032710.8905027C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=679 ------- Additional Comments From dtucker at zip.com.au 2003-09-19 13:27 ------- Should we have configure enforce a minimum level of zlib? Versions previous to 1.1.4 have security problems anyway. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 14:52:33 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 14:52:33 +1000 (EST) Subject: [Bug 687] sshd segfaults under Solaris 2.6 Message-ID: <20030919045233.4D41E27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=687 Summary: sshd segfaults under Solaris 2.6 Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: critical Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: siegert at sfu.ca The segmentation fault seems to occur in auth-pam.c in sshpam_thread on the sshpam_err = pam_authenticate(sshpam_handle, 0); line. I attach truss output as well as gdb traces from the parent and the child. - the segfault only appears on Solaris 2.6, the code runs fine under Solaris 8 and 9 (same configuration) - patch #422, http://bugzilla.mindrot.org/show_bug.cgi?id=647, is applied (although this patch should be irrelevant in our configuration since we do have pam enabled) - the segfault occurs with and without privsep - the segfault does not occur under version 3.6.1p2 (with the same configuration) with the recent patches applied ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 14:58:06 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 14:58:06 +1000 (EST) Subject: [Bug 687] sshd segfaults under Solaris 2.6 Message-ID: <20030919045806.1D8D727C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=687 ------- Additional Comments From siegert at sfu.ca 2003-09-19 14:58 ------- Created an attachment (id=431) --> (http://bugzilla.mindrot.org/attachment.cgi?id=431&action=view) truss output and gdb traces ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 16:25:28 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 16:25:28 +1000 (EST) Subject: [Bug 671] vis.h is not #includ'ed in OpenBSD 3.1 build of OpenSSH portable 3.7p1 Message-ID: <20030919062528.2761B27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=671 ------- Additional Comments From djm at mindrot.org 2003-09-19 16:25 ------- Created an attachment (id=433) --> (http://bugzilla.mindrot.org/attachment.cgi?id=433&action=view) Fix vis.h problem Please try this. You will need to run autoconf-2.5x after you apply the patch and then reconfigure. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 16:31:49 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 16:31:49 +1000 (EST) Subject: [Bug 683] INSTALL file still refers to --with-ipv4-default Message-ID: <20030919063149.36AC027C193@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=683 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2003-09-19 16:31 ------- Fixed - thanks! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 16:34:41 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 16:34:41 +1000 (EST) Subject: [Bug 642] Can't build build OpenSSH 3.7 on OpenBSD 3.0 Message-ID: <20030919063441.23D5527C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=642 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Additional Comments From djm at mindrot.org 2003-09-19 16:34 ------- OpenSSH 3.7 is not supported on older OpenBSD. You can use portable OpenSSH, but beware bug #671 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 16:37:16 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 16:37:16 +1000 (EST) Subject: [Bug 680] different behavior for pam ssh-1 vs ssh-2 client Message-ID: <20030919063716.231F727C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=680 ------- Additional Comments From djm at mindrot.org 2003-09-19 16:37 ------- Could you send a "ssh -1v" trace from the client? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 16:41:31 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 16:41:31 +1000 (EST) Subject: [Bug 661] Duplicate check for basename Message-ID: <20030919064131.0C6C827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=661 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2003-09-19 16:41 ------- Applied to development branch (not patch branch). Thanks! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 16:50:27 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 16:50:27 +1000 (EST) Subject: [Bug 666] 'BatchMode yes' makes ssh(1) look for /usr/local/etc/ssh_known_hosts Message-ID: <20030919065027.1518B27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=666 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From djm at mindrot.org 2003-09-19 16:50 ------- This is correct behaviour. In BatchMode, you don't get asked if you want to add the key. The error message is correct. The key is not "wrong", it is absent entirely. If you are complaining about the authentication failure in the debug trace, that has nothing to do with BatchMode and nothing to do with known_hosts. (I was expecting rather more from bug #666) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 16:54:59 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 16:54:59 +1000 (EST) Subject: [Bug 681] inet_ntoa.h is missing Message-ID: <20030919065459.28FEB27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=681 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2003-09-19 16:54 ------- Just remove the '#include "inet_ntoa.h"' line in openbsd-compat/inet_ntoa.c and recompile. This fix will be in the next release ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 16:58:47 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 16:58:47 +1000 (EST) Subject: [Bug 641] Allow disabling of GTK2 within the RPM build process. Message-ID: <20030919065847.1B78E27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=641 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2003-09-19 16:58 ------- Applied to development (but not patch) branch. Thanks! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 17:00:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 17:00:42 +1000 (EST) Subject: [Bug 632] PAM conversation function does not return when connection is aborted Message-ID: <20030919070042.18E3A27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=632 ------- Additional Comments From djm at mindrot.org 2003-09-19 17:00 ------- We call pam_end indirectly via a fatal_cleanup in 3.7.x. Perhaps this should change. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 17:06:41 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 17:06:41 +1000 (EST) Subject: [Bug 646] Bogus askpass URL Message-ID: <20030919070641.5E2C627C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=646 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2003-09-19 17:06 ------- Fixed. Thanks! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 17:48:18 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 17:48:18 +1000 (EST) Subject: [Bug 245] SSH can not log out under Solaris 2.6 Message-ID: <20030919074818.AB75027C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=245 ------- Additional Comments From w.turland at uws.edu.au 2003-09-19 17:48 ------- In case anyone finds this again, I had a similar problem, reporting: Sep 19 16:51:06 wallace sshd[13159]: [ID 800047 local0.error] error: open /dev/tty failed - could not set controlling tty: Permission denied It turned out to be insufficient permissions on /dev/tty. Should be crw-rw-rw- ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 20:19:34 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 20:19:34 +1000 (EST) Subject: [Bug 688] keylogin not successful Message-ID: <20030919101934.0A42327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=688 Summary: keylogin not successful Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: paul.a.bolton at bt.com Tested on Solaris 8 HW02/02 SPARC fully patched with latest recommended set. On 3.6.1p2 openssh would correctly authenticate via the PAM framework against all modules. 3.7p1 and 3.7.1p1 logins do not successfully perform a keylogin via the pam_dhkeys.so.1 module. This results in the users not having correctly set creds in the keyserv and therefore cannot authenticate against "sec=dh" shares or other services requiring DH authentication. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 20:23:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 20:23:56 +1000 (EST) Subject: [Bug 688] keylogin not successful Message-ID: <20030919102356.25F6327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=688 ------- Additional Comments From paul.a.bolton at bt.com 2003-09-19 20:23 ------- Created an attachment (id=434) --> (http://bugzilla.mindrot.org/attachment.cgi?id=434&action=view) pam_dhkeys debug option This shows that the module is not finding any keys from NIS+. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 20:47:52 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 20:47:52 +1000 (EST) Subject: [Bug 640] Error when trying to run make on openssh-3.7p1 with AIX 4.3.3 Message-ID: <20030919104752.6191E27C1E4@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=640 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-19 20:47 ------- The actual cause is spaces from after "\" in the AIX system headers audit.h and proc.h, which gcc 2.x doesn't like. Note that the patch #401 will fix the problem on AIX < 5.2 by not including those headers. If you need to build on 5.2 I suggest using a newer gcc, but if you can't then remove the trailing spaces from: /usr/include/sys/audit.h lines 287 and 293 /usr/include/sys/proc.h lines 729 and 730 Anyway, have committed patch to HEAD and the 3.7 branch. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 20:57:55 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 20:57:55 +1000 (EST) Subject: [Bug 643] sshd bus faults (64bit) or segfaults (32bit) when reading /etc/default/login Message-ID: <20030919105755.C165B27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=643 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-19 20:57 ------- Have committed patch to both HEAD and 3.7 branch. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 21:16:20 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 21:16:20 +1000 (EST) Subject: [Bug 657] Priv seperation causes setreuid error Message-ID: <20030919111620.0311327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=657 ------- Additional Comments From dtucker at zip.com.au 2003-09-19 21:16 ------- Created an attachment (id=435) --> (http://bugzilla.mindrot.org/attachment.cgi?id=435&action=view) Add defines to configure.ac for BSDi Please try the attached patch. You will need to run autoconf to rebuild configure. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 21:43:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 21:43:39 +1000 (EST) Subject: [Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) Message-ID: <20030919114339.662FC27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=653 ------- Additional Comments From dtucker at zip.com.au 2003-09-19 21:43 ------- Created an attachment (id=436) --> (http://bugzilla.mindrot.org/attachment.cgi?id=436&action=view) Add defines to configure for Digital Unix Please try the attached patch. You will need to run "autoconf" to rebuild configure. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 22:53:27 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 22:53:27 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030919125327.5570927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 ------- Additional Comments From dtucker at zip.com.au 2003-09-19 22:53 ------- Patch #414 looks pretty good, but I have one question: is BROKEN_GETADDRINFO appropriate for all IRIXes? It'll disable IPv6 support. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 23:34:04 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 23:34:04 +1000 (EST) Subject: [Bug 689] Improper reverse IP lookup Message-ID: <20030919133404.27D3B27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=689 Summary: Improper reverse IP lookup Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: berkvist at miser.umass.edu When logging into my servers via SSH, the /var/messages log shows the following message after a successful ssh login: 'Nasty PTR Record "dublin.miser.priv" is set for 10.168.1.25, ignoring' Now, this is the correct local domain and IP for my laptop, and I _can_ get into the server, but it shouldn't be complaining. The full extent of the problem became obvious this morning - one of my users attempted to ssh from one server to another (something he does on a daily basis). His attempts were rejected, and the following was in the logs of the 2nd server: 'userauth_hostbased mismatch: client sends stratus.miser.umass.edu, but we resolve 128.119.162.230 to 128.119.162.230'. Oops! Instead of returning a name for the IP, it returns the IP again. Not going to make reverse lookups possible with that procedure. I think the problem lies in canohost.c - line 97. Possibly there's a bug in the code. When checking the man page for getaddrinfo(), I see two problems with it. One is that the first argument should be "ntop" instead of "name" and the other is that the second argument should probably be NULL and instead it's a pointer to a string containing the digit zero. In the meantime, things will work but one extra check (doing a forward lookup on the name returned by a reverse lookup on the adddress of the client) will not be done. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 23:37:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 23:37:08 +1000 (EST) Subject: [Bug 675] cipher.c error when building against openssl 0.9.5a on Mandrake 7.2 Message-ID: <20030919133708.1D24C27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=675 ------- Additional Comments From dtucker at zip.com.au 2003-09-19 23:37 ------- Info provide by Martin Vermeer (martin.vermeer at hut.fi): The latest openssh didn't build for me apparently because of my old openssl (openssl-0.9.5a-2.6.x installed as rpm). I managed to fix and get it working, however. The fix is as follows (sorry for not having a patch -- if this is of interest to you I could checkout the CVS and make one): 1) in cipher-aes.c add the stanza #if OPENSSL_VERSION_NUMBER < 0x00906000L #define SSH_OLD_EVP #endif to the beginning of the file (under #include "includes.h") 2) in cipher-ctr.c do the same (under #include "xmalloc.h") 3) in cipher-3des1.c, do the same 4) in cipher-ctr.c line 97, replace key_len by buf_len [Is this right? No idea. key_len doesn't compile.] 5) in cipher-ctr.c, add the following conditional around 'flags': #ifndef SSH_OLD_EVP aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; #endif That's it. Apparently this was never tested as RH 6.2 is getting old :-( - Martin V ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 23:57:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 23:57:14 +1000 (EST) Subject: [Bug 675] cipher.c build error with openssl 0.9.5a Message-ID: <20030919135714.2D2D627C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=675 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|Linux |All Platform|ix86 |All Summary|cipher.c error when building|cipher.c build error with |against openssl 0.9.5a on |openssl 0.9.5a |Mandrake 7.2 | ------- Additional Comments From dtucker at zip.com.au 2003-09-19 23:57 ------- This applies to other platforms with OpenSSL 0.9.5, not just Mandrake. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 19 23:57:29 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 19 Sep 2003 23:57:29 +1000 (EST) Subject: [Bug 690] sftp quoted filename parsing bug in get and put commands Message-ID: <20030919135729.27BB027C193@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=690 Summary: sftp quoted filename parsing bug in get and put commands Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sftp AssignedTo: openssh-bugs at mindrot.org ReportedBy: admorten at umich.edu When doing a get or put of a quoted filename, sftp misinterprets the location of the terminating quote. In sftp-int.c, when the terminating quote is located, the path is NUL terminated, but the location counter is not updated, causing the source filename's end quote to be interpreted as the opening quote of a destination filename. This causes 'get "filename"' to fail with an Unterminated quote error, and causes 'get "src-filename" "dest-filename"' to write src-filename to a file named " " rather than dest-filename. Unquoted transfer commands--e.g., get src-filename dest-filename-- are not affected. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 00:03:51 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 00:03:51 +1000 (EST) Subject: [Bug 690] sftp quoted filename parsing bug in get and put commands Message-ID: <20030919140351.2E8E527C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=690 ------- Additional Comments From admorten at umich.edu 2003-09-20 00:03 ------- Created an attachment (id=437) --> (http://bugzilla.mindrot.org/attachment.cgi?id=437&action=view) Patch fixing increment bug in get_pathname function of sftp-int.c ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 00:11:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 00:11:08 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030919141108.3041F27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 ------- Additional Comments From bugzilla-openssh at thewrittenword.com 2003-09-20 00:11 ------- According to the mailing list, BROKEN_GETADDRINFO isn't required on all IRIX systems. How about we leave it out for now. I'll try to come up with an automated test for a broken getaddrinfo. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 02:34:23 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 02:34:23 +1000 (EST) Subject: [Bug 648] Cannot login using SecureCRT since openssh 3.7p1 Message-ID: <20030919163423.6BF0C27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=648 ------- Additional Comments From tim at newmoonnine.com 2003-09-20 02:34 ------- A workaround: securecrt-->properties-->authentication-->TIS Correct method or not, I've seen it work fine for both putty and securecrt. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 02:53:35 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 02:53:35 +1000 (EST) Subject: [Bug 645] Configure mis-identifies setresgid Message-ID: <20030919165335.208A027C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=645 ------- Additional Comments From tim at newmoonnine.com 2003-09-20 02:53 ------- I've got the same issue on an old x86 RedHat box with a 2.0.35 kernel. The box is scheduled to retire soon (for like 3 years now). Not important, to me anyway, but these comments may or may not help others. 3.6.1p2 works fine. If it seems a worthy cause I can post the output of strace or perform other tests. gcc-2.7.2.3-13 glibc-2.0.7-19 # gcc setresgidtest.c # ./a.out setresgid returned -1, errno 0 setresuid returned -1, errno 38 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 03:38:22 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 03:38:22 +1000 (EST) Subject: [Bug 684] ssh cannot access keys stored in agent Message-ID: <20030919173822.3B0EF27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=684 mdelan at computer.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mdelan at computer.org ------- Additional Comments From mdelan at computer.org 2003-09-20 03:38 ------- It seems that the problem isn't that ssh can't use the agent, but rather that it's trying to use the keys listed in ssh_config directly first, then falling back to the keys in the agent. Hitting enter at the passphrase prompt enough times to cycle through the valid ssh_config listed keys causes the login to succeed. If there are no valid keys listed in ssh_config, but there are keys in the agent we get the expected behavior. It's as though ssh is trying keys in the exact opposite order it's supposed to. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 05:12:03 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 05:12:03 +1000 (EST) Subject: [Bug 684] ssh cannot access keys stored in agent Message-ID: <20030919191203.2BCB227C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=684 philipp at open.ch changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |normal ------- Additional Comments From philipp at open.ch 2003-09-20 05:12 ------- Hm, you're right. In my local client configuration $HOME/.ssh/config, I have keys defined like this: IdentityFile ~/.ssh/id_dsa IdentityFile ~/.ssh/identity These are the same entries I have in the global ssh_config. When I comment out the lines above in $HOME/.ssh/config authentication works fine. Now, here's the interesting part: if *both* config files ($HOME/.ssh/config and ssh_config) list the IdentityFile lines involving a "~" as a placeholder for $HOME, I get the effect with the passphrase request. If one of the files refers to the IdentityFile using "$HOME" for the homedirectory, such as IdentityFile $HOME/.ssh/id_dsa IdentityFile $HOME/.ssh/identity it works fine. It may be as simple as to say: Don't use tilde as a placeholder for $HOME in the 3.7.1p1 config files anymore? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 06:59:13 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 06:59:13 +1000 (EST) Subject: [Bug 691] All connections aborts Message-ID: <20030919205913.5744E27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=691 Summary: All connections aborts Product: Portable OpenSSH Version: 3.7.1p1 Platform: MIPS OS/Version: IRIX Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: d.guy at free.fr On IRIX 6.5.13f with cc (v7.3.1.3) or gcc (v 3.0.4) With patch 659 and 650, compilation is ok. Sshd daenom run on the system, but all connections aborts. whith "LogLevel DEBUG3" in sshd_config on the server and ssh -vvv 'ip adress' on the client. Last masseges are : on client : connection close by : "ip adress" debug1: Calling cleanup 0x1002dc30(0x0) on server : debug3: mm_request_receive entering (after this nothing else about sshd) NB Excuse me for my english. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 08:32:18 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 08:32:18 +1000 (EST) Subject: [Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail Message-ID: <20030919223218.30E5627C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=125 jrj at purdue.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #192 is|0 |1 obsolete| | Attachment #355 is|0 |1 obsolete| | ------- Additional Comments From jrj at purdue.edu 2003-09-20 08:32 ------- Created an attachment (id=438) --> (http://bugzilla.mindrot.org/attachment.cgi?id=438&action=view) Gzip'd tar file with patches and documentation through 3.7.1p1 This version of the patch applies against 3.7.1p1. See the README in the tar file for complete details. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 08:55:32 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 08:55:32 +1000 (EST) Subject: [Bug 638] scp: wrong exit status Message-ID: <20030919225532.30A5427C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=638 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED ------- Additional Comments From markus at openbsd.org 2003-09-20 08:55 ------- patch applied. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 09:23:41 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 09:23:41 +1000 (EST) Subject: [Bug 692] Can't make OpenSSH-3.7.1p1 on OpenBSD 3.0 Message-ID: <20030919232341.2675227C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=692 Summary: Can't make OpenSSH-3.7.1p1 on OpenBSD 3.0 Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: OpenBSD Status: NEW Severity: critical Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: szedula at mindspring.com "make" terminates with message: log.c: In function `do_log': log.c:393: warning: implicit declaration of function `strnvis' log.c:393: `VIS_SAFE' undeclared (first use in this function) log.c:393: (Each undeclared identifier is reported only once log.c:393: for each function it appears in.) log.c:393: `VIS_OCTAL' undeclared (first use in this function) *** Error code 1 I found both "VIS_SAFE" and "VIS_OCTAL" in /usr/include: cd /usr/include grep VIS_SAFE *.h vis.h:#define VIS_SAFE 0x20 /* only encode "unsafe" characters */ grep VIS_OCTAL *.h vis.h:#define VIS_OCTAL 0x01 /* use octal \ddd format */ So I used this "configure": ./configure -prefix=/usr -sysconfdir=/etc -bindir=/usr/bin -sbindir=/usr/sbin -includedir=/usr/include To match OpenBSD 3.0 locations and use "/usr/include" Got the same error so I preceeded "configure" with: setenv CFLAGS -I/usr/include And got this in "configure" output: Compiler flags: -I/usr/include -Wall -Wpointer-arith -Wno-uninitialized Reran "make" and got the same error message. Even though the "gcc" statement is: gcc -I/usr/include -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/libexec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c log.c ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 09:27:37 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 09:27:37 +1000 (EST) Subject: [Bug 692] Can't make OpenSSH-3.7.1p1 on OpenBSD 3.0 Message-ID: <20030919232737.9852927C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=692 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From djm at mindrot.org 2003-09-20 09:27 ------- Don't people check the bug list before adding new ones? *** This bug has been marked as a duplicate of 671 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 09:27:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 09:27:43 +1000 (EST) Subject: [Bug 671] vis.h is not #includ'ed in OpenBSD 3.1 build of OpenSSH portable 3.7p1 Message-ID: <20030919232743.2799927C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=671 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |szedula at mindspring.com ------- Additional Comments From djm at mindrot.org 2003-09-20 09:27 ------- *** Bug 692 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 10:10:24 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 10:10:24 +1000 (EST) Subject: [Bug 693] Missing definitions in configure scripts Message-ID: <20030920001024.2F61927C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=693 Summary: Missing definitions in configure scripts Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: other Status: NEW Severity: normal Priority: P4 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: david.haughton at ncr.com The symbols SETEUID_BREAKS_SETUID, BROKEN_SETREUID, and BROKEN_SETREGID are not defined by the configure script. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 10:13:16 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 10:13:16 +1000 (EST) Subject: [Bug 693] Missing definitions in configure scripts Message-ID: <20030920001316.1FE1E27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=693 ------- Additional Comments From david.haughton at ncr.com 2003-09-20 10:13 ------- Created an attachment (id=439) --> (http://bugzilla.mindrot.org/attachment.cgi?id=439&action=view) Code diff of proposed fix ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 12:02:25 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 12:02:25 +1000 (EST) Subject: [Bug 691] All connections aborts Message-ID: <20030920020225.E622927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=691 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE Summary|All connections aborts |All connections aborts ------- Additional Comments From dtucker at zip.com.au 2003-09-20 12:02 ------- *** This bug has been marked as a duplicate of 659 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 12:02:31 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 12:02:31 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030920020231.520D427C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |d.guy at free.fr ------- Additional Comments From dtucker at zip.com.au 2003-09-20 12:02 ------- *** Bug 691 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 12:52:49 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 12:52:49 +1000 (EST) Subject: [Bug 694] build fails: missing inet_ntoa.h on IRIX 6.3 and gcc 3.2.2 Message-ID: <20030920025249.3FF8827C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=694 Summary: build fails: missing inet_ntoa.h on IRIX 6.3 and gcc 3.2.2 Product: Portable OpenSSH Version: 3.7.1p1 Platform: MIPS OS/Version: IRIX Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: rd36 at randydavis.cc CC: rd36 at randydavis.cc 3.7p1 and 3.7.1p1 fail to build on IRIX 6.3 (note: IRIX 6.3) using gcc 3.2.2 on an SGI O2. 3.6.1p1 builds without any problem. Error: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. - I/usr/local/ssl/include -I/usr/local/include -DHAVE_CONFIG_H -c inet_ntoa.c inet_ntoa.c:46:23: inet_ntoa.h: No such file or directory make[1]: *** [inet_ntoa.o] Error 1 make[1]: Leaving directory `/usr2/admin/src/security/openssh-3.7.1p1/openbsd- compat' make: *** [openbsd-compat/libopenbsd-compat.a] Error 2 Copying the inet_ntoa.h file in from the 3.6.1p1 release seems to fix it, and allow it to compile without errors. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 13:02:03 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 13:02:03 +1000 (EST) Subject: [Bug 694] build fails: missing inet_ntoa.h on IRIX 6.3 and gcc 3.2.2 Message-ID: <20030920030203.1495427C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=694 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From dtucker at zip.com.au 2003-09-20 13:02 ------- See also bug #659 for IRIX issues. *** This bug has been marked as a duplicate of 650 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 13:02:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 13:02:08 +1000 (EST) Subject: [Bug 650] fix for build problem on IRIX 6.5 Message-ID: <20030920030208.75B6027C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=650 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rd36 at randydavis.cc ------- Additional Comments From dtucker at zip.com.au 2003-09-20 13:02 ------- *** Bug 694 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 22:15:05 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 22:15:05 +1000 (EST) Subject: [Bug 684] ssh cannot access keys stored in agent Message-ID: <20030920121505.ABC4927C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=684 ------- Additional Comments From mdelan at computer.org 2003-09-20 22:15 ------- Created an attachment (id=440) --> (http://bugzilla.mindrot.org/attachment.cgi?id=440&action=view) patch to remove duplicate identity file keys ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 20 23:17:04 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 20 Sep 2003 23:17:04 +1000 (EST) Subject: [Bug 684] ssh cannot access keys stored in agent Message-ID: <20030920131704.67BF427C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=684 ------- Additional Comments From mdelan at computer.org 2003-09-20 23:17 ------- Actually, it's $HOME that isn't expanding, not ~: debug2: key: /home/mdelan/.ssh/id_rsa (65630) debug2: key: $HOME/.ssh/identity (0) debug2: key: $HOME/.ssh/id_rsa (0) debug2: key: $HOME/.ssh/id_dsa (0) debug2: key: /home/mdelan/.ssh/identity (0) debug2: key: /home/mdelan/.ssh/id_dsa (0) The real problem is that if the same key is loaded more than once through IdentityFile statements, either because different listed files contain the same key, or the same file has been listed more than once (e.g. global and user ssh_config files contain the same IdentityFile statements), and that key also exists in the agent, then we end up with multiple copies of that key in the authctx list - one tagged as being an agent key, the other(s) not. userauth_pubkey() does offer the public key for the copy in the agent first, but due to the way it manipulates the authctx list, when input_userauth_pk_ok() goes to do the private key side of the exchange, it finds one of the non-agent copies first and uses that - hence the passphrase prompt. The patch in attachment #440 is a fairly quick hack to eliminate duplicate keys obtained from IdentityFiles during the setup phase of pubkey_prepare(), prior to the routine that orders the identities. Just checking for extra duplicates of agent keys in the next loop down might be a slicker solution, but at the moment, I can't quite figure out how to manipulate the TAILQ_* macros correctly to do that. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sun Sep 21 00:36:25 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sun, 21 Sep 2003 00:36:25 +1000 (EST) Subject: [Bug 684] ssh cannot access keys stored in agent Message-ID: <20030920143625.11A6427C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=684 ------- Additional Comments From markus at openbsd.org 2003-09-21 00:36 ------- this should work, but i don't know how portable TAILQ_FOREACH_REVERSE IS: Index: sshconnect2.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/sshconnect2.c,v retrieving revision 1.124 diff -u -r1.124 sshconnect2.c --- sshconnect2.c 25 Aug 2003 10:33:33 -0000 1.124 +++ sshconnect2.c 20 Sep 2003 14:25:30 -0000 @@ -445,7 +445,7 @@ debug2("input_userauth_pk_ok: fp %s", fp); xfree(fp); - TAILQ_FOREACH(id, &authctxt->keys, next) { + TAILQ_FOREACH_REVERSE(id, &authctxt->keys, next, idlist) { if (key_equal(key, id->key)) { sent = sign_and_send_pubkey(authctxt, id); break; folly% #define TAILQ_FOREACH_REVERSE(var, head, field, headname) \ for((var) = TAILQ_LAST(head, headname); \ (var) != TAILQ_END(head); \ (var) = TAILQ_PREV(var, headname, field)) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sun Sep 21 02:03:55 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sun, 21 Sep 2003 02:03:55 +1000 (EST) Subject: [Bug 684] ssh cannot access keys stored in agent Message-ID: <20030920160355.02BBA27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=684 ------- Additional Comments From philipp at open.ch 2003-09-21 02:03 ------- I have applied Mike's patch (#440) and it works great, thanks a lot! Your explanation about the duplicate keys makes perfect sense. Until you have found the most suitable solution to put into the next OpenSSH version, I will run with the patch for now and forget about the $HOME and tilde stuff. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sun Sep 21 12:02:11 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sun, 21 Sep 2003 12:02:11 +1000 (EST) Subject: [Bug 684] ssh cannot access keys stored in agent Message-ID: <20030921020211.4C3FD27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=684 ------- Additional Comments From mdelan at computer.org 2003-09-21 12:02 ------- Markus's patch also works - tested on Solaris & Linux. His is probably the cleaner fix. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 00:55:09 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 00:55:09 +1000 (EST) Subject: [Bug 675] cipher.c build error with openssl 0.9.5a Message-ID: <20030921145509.1F2B127C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=675 ------- Additional Comments From bill.bacher at ruffalocody.com 2003-09-22 00:55 ------- The changes suggested by Darren Tucker did the trick. I was able to build successfully. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 01:09:11 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 01:09:11 +1000 (EST) Subject: [Bug 688] keylogin not successful Message-ID: <20030921150911.788AA27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=688 ------- Additional Comments From paul.a.bolton at bt.com 2003-09-22 01:09 ------- After looking at the problem today, I believe I have found the source of the problem. auth-pam.c spawns processes in order to perform the authentication and credential setting in sub-processes. The workaround I have used is to force the use of USE_POSIX_THREADS and use -lpthread. As an example. in.telnetd will call pam_sm_authenticate() and then fork. Using the same PAM handle, the child will then perform a pam_sm_setcred() and then exec to the shell. What sshd is doing is the main process (A) initializes the PAM framework, then by simulating "pthreads" process A spawns a process B. Process B performs the pam_sm_authenticate(). Sometime later A spawns a process C. Process C performs the pam_sm_setcred(). Then A spawns D to exec and become the shell. pam_sm_setcred (according to truss) seems to also be called in D. The problem is that any module specific data set calling pam_sm_authenticate() and pam_sm_setcred() are in separate copies of the PAM handle (i.e. in B,C,D). It seems that there is something that is set at each stage that the other components rely upon. Most likely it is becuase the password is stored in B (via pam_set_item(...,PAM_AUTHTOK,...)), and hence C or D cannot perform the keylogin (in pam_sm_setcred) as the password is not present in the module data defined via the PAM handle. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 02:54:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 02:54:42 +1000 (EST) Subject: [Bug 695] Cannot change password in PAM NIS+ environment Message-ID: <20030921165442.CD9BE27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=695 Summary: Cannot change password in PAM NIS+ environment Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: paul.a.bolton at bt.com When their password expires, NIS+ users are prompted to change their password. Upon entering the correct creds the session terminates and the password is not changed. Typically a "Permission denied" or "NIS+ system error" is generated. Either normal "telnet" connections or password resets by administrators are required in order to allow the user to log in successfully. In session.c do_pam_chauthtok() is a) called before do_pam_setcred(), and b) do_pam_chauthtok() does not set the real UID to the target user. (effective stays as UID=0). If these changes are made, the credential update works for both NIS+ and local accounts. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 04:02:57 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 04:02:57 +1000 (EST) Subject: [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Message-ID: <20030921180257.845D627C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=696 Summary: PAM modules getting bypassed when connecting from f- secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Product: Portable OpenSSH Version: 3.7.1p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: minor Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: swamitj at yahoo.com Openssh 3.7.1p1 and 3.7p1 were complied with PAM support. When we try to connect in(to the openssh 3.7.1p1/3.7p1 server) from F-Secure ssh clients the PAM modules are totally getting bypassed. Is there a way to fix this? However there are no problems connecting in from Openssh clients(PAM works fine) The options that were used here were similar to the options used to compile openssh 3.6p1. No problems are encountered when connecting to a 3.6p1 server either from openssh client or a f-secure ssh client. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 10:01:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 10:01:40 +1000 (EST) Subject: [Bug 684] ssh cannot access keys stored in agent Message-ID: <20030922000140.A1B9227C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=684 mdelan at computer.org changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #440 is|0 |1 obsolete| | ------- Additional Comments From mdelan at computer.org 2003-09-22 10:01 ------- Created an attachment (id=441) --> (http://bugzilla.mindrot.org/attachment.cgi?id=441&action=view) patch to test that identity has been offered On further reflection, aside from Markus's concern about the portability of TAILQ_FOREACH_REVERSE, I see another problem with that fix: it's still assuming a particular order of &authctxt->keys. Some future change to the way userauth_pubkey() manipulates that list could re-introduce the bug. Checking that id->tried is set for the identity in addition to key_equal() within the loop seems the more robust solution. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 10:08:26 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 10:08:26 +1000 (EST) Subject: [Bug 684] ssh cannot access keys stored in agent Message-ID: <20030922000826.2D62027C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=684 ------- Additional Comments From djm at mindrot.org 2003-09-22 10:08 ------- We don't need to worry about the portability of TAILQ_FOREACH_REVERSE. For portable OpenSSH we always use a local copy of OpenBSD's sys/queue.h (and sys/tree.h too). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 10:09:47 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 10:09:47 +1000 (EST) Subject: [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Message-ID: <20030922000947.12C4927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=696 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From djm at mindrot.org 2003-09-22 10:09 ------- Read the comment next to UsePAM in sshd_config. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 10:57:29 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 10:57:29 +1000 (EST) Subject: [Bug 685] cipher.c error when building against OpenSSL 0.9.7b on RedHat 7.3 Message-ID: <20030922005729.4693E27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=685 ------- Additional Comments From jason at devrandom.org 2003-09-22 10:57 ------- Created an attachment (id=442) --> (http://bugzilla.mindrot.org/attachment.cgi?id=442&action=view) Quickie patch to report OpenSSL header version. Adds the following line to the 'configure' out put: OpenSSL Header Version: 9060af (OpenSSL 0.9.6j 10 Apr 2003) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 11:00:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 11:00:39 +1000 (EST) Subject: [Bug 685] cipher.c error when building against OpenSSL 0.9.7b on RedHat 7.3 Message-ID: <20030922010039.2B79A27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=685 ------- Additional Comments From jason at devrandom.org 2003-09-22 11:00 ------- Try patching your OpenSSH source tree with the patch on this bug. It'll report the OpenSSL version that autoconf is finding during configuration. See if what autoconf is finding matches what you think it should be finding. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 11:00:50 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 11:00:50 +1000 (EST) Subject: [Bug 644] "make clean" fails when building outside of source tree Message-ID: <20030922010050.3602227C19A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=644 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-22 11:00 ------- Thanks for the report, the patch has been applied to HEAD and the 3.7 branch. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 11:08:36 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 11:08:36 +1000 (EST) Subject: [Bug 665] sshd doesn't work on Mac OS X Message-ID: <20030922010836.180BF27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=665 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-22 11:08 ------- Thanks, patch applied to HEAD and the 3.7 branch. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 11:22:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 11:22:14 +1000 (EST) Subject: [Bug 657] Priv seperation causes setreuid error Message-ID: <20030922012214.2F89827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=657 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-22 11:22 ------- Thanks for the report. This has been fixed (both in HEAD and the 3.7 branch). Please try tomorrow's snapshot (which you can get from one of the mirrors) and see if it works correctly out-of-the-box. http://www.openssh.com/portable.html#mirrors ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 11:28:17 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 11:28:17 +1000 (EST) Subject: [Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) Message-ID: <20030922012817.1843A27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=653 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-22 11:28 ------- Thanks for the report, this has been fixed (in HEAD and the 3.7 branch). Please test tomorrow's snapshot. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 11:32:01 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 11:32:01 +1000 (EST) Subject: [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Message-ID: <20030922013201.511EF27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=696 swamitj at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WORKSFORME | ------- Additional Comments From swamitj at yahoo.com 2003-09-22 11:31 ------- PasswordAuthentication is set to no and UsePAM is set to yes on the sshd_config file Running sshd in debug mode while trying to connect in , shows PAM modules being invoked while coming in from openssh clients but not from f-secure. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 11:33:27 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 11:33:27 +1000 (EST) Subject: [Bug 645] Configure mis-identifies setresgid Message-ID: <20030922013327.17EDC27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=645 ------- Additional Comments From dtucker at zip.com.au 2003-09-22 11:33 ------- It looks like that test program catches the problem (the fact that it doesn't compile in comment #3 is good since we want to detect a failure). Any volunteers to do a patch and test it? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 11:39:11 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 11:39:11 +1000 (EST) Subject: [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Message-ID: <20030922013911.6017427C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=696 ------- Additional Comments From dtucker at zip.com.au 2003-09-22 11:39 ------- Are your F-Secure clients configured to use keyboard-interactive authentication? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 11:41:32 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 11:41:32 +1000 (EST) Subject: [Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together Message-ID: <20030922014132.E625C27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=667 ------- Additional Comments From jason at devrandom.org 2003-09-22 11:41 ------- This bug caught my eye because I'm a big supporter of LDAP authentication. If I set PasswordAuthentication=No in sshd_config then PuTTY doesn't login regardless of the UsePAM setting. I tried using both an LDAP-served user and a /etc/passwd|shadow user with UsePAM=yes and UsePAM=no and as long as PasswordAuthentication=No then PuTTY won't log in. Could this be an error with PuTTY? Just for fun I tried F-Secure's SSH client (for OpenVMS) and everything worked fine with PasswordAuthentication=No and UsePAM=yes and F-Secure verbosely prints it's using keyboard-interactive. Interestingly though UsePAM=no and PasswordAuthentcation=no breaks F-Secure. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 11:41:35 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 11:41:35 +1000 (EST) Subject: [Bug 693] Missing definitions in configure scripts Message-ID: <20030922014135.75B7927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=693 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-22 11:41 ------- Thanks, patch applied to both HEAD and the 3.7 branch. Please test tomorrow's snapshot. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 11:51:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 11:51:40 +1000 (EST) Subject: [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Message-ID: <20030922015140.332B827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=696 ------- Additional Comments From jason at devrandom.org 2003-09-22 11:51 ------- F-Secure SSH client for me (on OpenVMS) works fine with UsePAM=yes and PasswordAuthentication=no for the ssh client: SYS$ ssh2 "jmccormick at rowan" Keyboard-interactive: Password: Authentication successful. [jmccormick at rowan jmccormick]$ My F-Secure install by default seems to be using keyboard-interactive as I'm not explicitly enabling it anywhere. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 12:11:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 12:11:43 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030922021143.22B8727C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 ------- Additional Comments From dtucker at zip.com.au 2003-09-22 12:11 ------- Patch applied to HEAD and the 3.7 branch, with the exception of the BROKEN_GETADDRINFO part. Please update this bug when you have a working test. Can someone confirm whether or not those defines are required for IRIX 5? It's not included in the patch. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 12:15:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 12:15:08 +1000 (EST) Subject: [Bug 650] fix for build problem on IRIX 6.5 Message-ID: <20030922021508.2939127C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=650 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-22 12:15 ------- This has been fixed in both HEAD and 3.7 a few days ago. Please try a snapshot. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 12:23:00 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 12:23:00 +1000 (EST) Subject: [Bug 685] cipher.c error when building against OpenSSL 0.9.7b on RedHat 7.3 Message-ID: <20030922022300.8EF4327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=685 dean at mrdltd.ca changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From dean at mrdltd.ca 2003-09-22 12:22 ------- The configure script's output prior to the patch output the OpenSSL lib and header versions, and since it reported 0.9.7b I thought nothing of it, but prior to applying the patch I found the older libs and headers located in the /usr (/lib & /include) directory. Upon replacing them with the 0.9.7b ones OpenSSH compiles fine, so I have not had a chance or a need for the patch, but it seems as though the configure script reports one version of libs/headers but uses another, even when using the --with-ssl-dir=/usr/local/ssl directive. I consider this resolved, and 90% my machine's problem, but it seems strange that the two different versions were never reported by the configure script at all, although and it sounds like the patch might address this issue. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 12:37:55 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 12:37:55 +1000 (EST) Subject: [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Message-ID: <20030922023755.32B4327C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=696 ------- Additional Comments From swamitj at yahoo.com 2003-09-22 12:37 ------- Yes the clients are configured to use keyboard-interactive. The same client connects fine to a 3.6p1 server(no problems with PAM) but has problems talking with 3.7p1 or 3.7.1p1. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 13:14:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 13:14:08 +1000 (EST) Subject: [Bug 685] cipher.c error when building against OpenSSL 0.9.7b on RedHat 7.3 Message-ID: <20030922031408.1891327C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=685 ------- Additional Comments From dtucker at zip.com.au 2003-09-22 13:14 ------- There was a bug with some versions of gcc where "-I" header search paths got appended not prepended to the search list. Details escape me at the moment but it's probably in gcc's bugzilla somewhere. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 13:15:26 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 13:15:26 +1000 (EST) Subject: [Bug 686] sshd dies by non-root account session Message-ID: <20030922031526.119BA27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=686 ------- Additional Comments From dtucker at zip.com.au 2003-09-22 13:15 ------- Please try tomorrow's snapshot. The patch from bug #659 has been applied, so if the snapshot works as-is, please close the bug. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 13:30:09 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 13:30:09 +1000 (EST) Subject: [Bug 679] fatal: buffer_append_space with compression enabled in putty Message-ID: <20030922033009.B52B727C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=679 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-22 13:30 ------- Thanks, have updated INSTALL to require 1.1.4. Configure does not enforce it, though. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 17:42:28 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 17:42:28 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030922074228.9442A27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 ------- Additional Comments From Al.Smith at gold.net 2003-09-22 17:42 ------- I just wanted to note that patch 414 does not address the issue that was reported in bugs 677 and 691. Given the situation that the 3.7 releases correct a security issue, it would be nice if us folks running IRIX were able to upgrade from 3.6.1p2. 677 and 691 are arguably duplicates of each other, but, in my humble opinion, neither are duplicates of 659. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 17:52:35 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 17:52:35 +1000 (EST) Subject: [Bug 697] ending slash is not used Message-ID: <20030922075235.96B6727C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=697 Summary: ending slash is not used Product: Portable OpenSSH Version: 3.7.1p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sftp-server AssignedTo: openssh-bugs at mindrot.org ReportedBy: ramses at smeyers.be C:\temp>psftp login as: Using username "". @'s password: Remote working directory is /var/spool/rmon-server/guy.leroy psftp> get 2003* /var/spool/rmon-server/guy.leroy2003*: no such file or directory psftp> cd /var/spool/rmon-server/guy.leroy Remote directory is now /var/spool/rmon-server/guy.leroy psftp> get 2003* /var/spool/rmon-server/guy.leroy2003*: no such file or directory psftp> pwd Remote directory is /var/spool/rmon-server/guy.leroy psftp> so he doesn't do /var/spool/rmon-server/guy.leroy/2003* ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 17:54:48 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 17:54:48 +1000 (EST) Subject: [Bug 695] Cannot change password in PAM NIS+ environment Message-ID: <20030922075448.315E327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=695 ------- Additional Comments From paul.a.bolton at bt.com 2003-09-22 17:54 ------- ... although it still does not work with logons to the root master. Seem to be getting a "corrupted window" when negotiating with rpc.nispasswdd. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 18:24:30 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 18:24:30 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030922082430.3351D27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 ------- Additional Comments From Al.Smith at gold.net 2003-09-22 18:24 ------- ...or at least it doesn't address the issue, until the realisation dawns that a patched configure.ac has no effect whatsoever on re-running ./configure && make, unless the changes introduced by the patch to configure.ac have been applied by some means to 'configure' itself. This was not obvious, but has now been filed away as an insight into the autoconfig stuff. Anyway, please disregard my earlier statement. :) Everything is now working as it should. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 21:00:18 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 21:00:18 +1000 (EST) Subject: [Bug 685] cipher.c error when building against OpenSSL 0.9.7b on RedHat 7.3 Message-ID: <20030922110018.0F25327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=685 jason at devrandom.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Additional Comments From jason at devrandom.org 2003-09-22 21:00 ------- Is the patch here appropriate for inclusion in configure.ac to print the OpenSSL version in summary report? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 21:00:53 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 21:00:53 +1000 (EST) Subject: [Bug 698] fixed bug in calling pam_setcred Message-ID: <20030922110053.22B9527C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=698 Summary: fixed bug in calling pam_setcred Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: postadal at suse.cz The enviroment variable KRB5CCNAME is worst set before calling pam_setcred. It is the reason why kerberos auth throught krb tickets doesn't work. The patch to fix follow. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 21:04:15 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 21:04:15 +1000 (EST) Subject: [Bug 698] fixed bug in calling pam_setcred Message-ID: <20030922110415.1C68927C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=698 ------- Additional Comments From postadal at suse.cz 2003-09-22 21:04 ------- Created an attachment (id=443) --> (http://bugzilla.mindrot.org/attachment.cgi?id=443&action=view) fix of this bug This patch fixed the bug by inserting "FILE:" string to the begin of enviroment variable KRB5CCNAME. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 22:38:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 22:38:56 +1000 (EST) Subject: [Bug 699] server broke connection without message Message-ID: <20030922123856.9CCA327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=699 Summary: server broke connection without message Product: Portable OpenSSH Version: 3.7.1p1 Platform: MIPS OS/Version: IRIX Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: penalva at cines.fr The sshd broke all connections (root or other uid) without any messages. I try to run the server and the client with traces, but there's nothing, only a "cleanup" message. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 22:41:25 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 22:41:25 +1000 (EST) Subject: [Bug 699] server broke connection without message Message-ID: <20030922124125.9CC1727C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=699 ------- Additional Comments From penalva at cines.fr 2003-09-22 22:41 ------- Created an attachment (id=444) --> (http://bugzilla.mindrot.org/attachment.cgi?id=444&action=view) trace of the sshd -ddd (server side) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 22:43:17 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 22:43:17 +1000 (EST) Subject: [Bug 699] server broke connection without message Message-ID: <20030922124317.4A45527C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=699 ------- Additional Comments From penalva at cines.fr 2003-09-22 22:43 ------- Created an attachment (id=445) --> (http://bugzilla.mindrot.org/attachment.cgi?id=445&action=view) trace of the ssh -vvv -l (client side) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 22:46:44 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 22:46:44 +1000 (EST) Subject: [Bug 699] server broke connection without message Message-ID: <20030922124644.3579C27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=699 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From dtucker at zip.com.au 2003-09-22 22:46 ------- If you apply the patch from bug #659 you will need to run "autoconf" or wait until tomorrow's snapshot (ie 20030923 or higher). ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/snapshot/ *** This bug has been marked as a duplicate of 659 *** *** This bug has been marked as a duplicate of 659 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 22:46:50 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 22:46:50 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030922124650.E648B27C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |penalva at cines.fr ------- Additional Comments From dtucker at zip.com.au 2003-09-22 22:46 ------- *** Bug 699 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 22:49:18 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 22:49:18 +1000 (EST) Subject: [Bug 700] PAM support broken in 3.7.1p1 Message-ID: <20030922124918.BE1F227C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=700 Summary: PAM support broken in 3.7.1p1 Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: bryan.finn at data.slu.se PAM support which worked up to version 3.6 is broken in version 3.7.1p1. Does not seem to be SSH client dependent. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 23:06:27 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 23:06:27 +1000 (EST) Subject: [Bug 701] With 'PermitRootPassword without-password' set, root w/pass can still log in with a using 'keyboard-int/pam' Message-ID: <20030922130627.33C5627C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=701 Summary: With 'PermitRootPassword without-password' set, root w/pass can still log in with a using 'keyboard-int/pam' Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: jfh at cise.ufl.edu When the directive PermitRootLogin is specified as 'without-password', root can still log in with a password using the 'keyboard-interactive/pam' method and possibly others. The fix is to permit only certain methods to allow root logins, and deny the rest. The patch I will be providing currently only allows root to login with the 'publickey' method. Others can be added as necessary, but as methods are added in the future they will default to not allowing root to login when PermitRootLogin is set to 'without-password' unless specified in this routine. (This is different from the patch I sent to the list which allowed root to login with all methods except those explicitly denied). This may warrant a security announcement as there may be sites with PermitRootLogin set to 'without-password' who are using PAM for logins and who are unaware that root can still log in with a password. Also, the following code in auth-password.c #ifndef HAVE_CYGWIN if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) ok = 0; #endif seems to prevent the auth.c:auth_root_allowed() routine from ever being called, meaning that the following log line in auth.c doesn't get called: logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr()); When the code in auth-passwd.c is commented out, auth.c:auth_root_allowed() gets run properly. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 23:10:30 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 23:10:30 +1000 (EST) Subject: [Bug 701] With 'PermitRootPassword without-password' set, root w/pass can still log in with a using 'keyboard-int/pam' Message-ID: <20030922131030.1D6E327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=701 ------- Additional Comments From jfh at cise.ufl.edu 2003-09-22 23:10 ------- Created an attachment (id=446) --> (http://bugzilla.mindrot.org/attachment.cgi?id=446&action=view) Allows only 'publickey' method when 'PermitRootLogin' is set to 'without-password' ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 23:17:26 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 23:17:26 +1000 (EST) Subject: [Bug 701] With 'PermitRootPassword without-password' set, root w/pass can still log in with a using 'keyboard-int/pam' Message-ID: <20030922131726.1BDE127C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=701 ------- Additional Comments From markus at openbsd.org 2003-09-22 23:17 ------- the problem is that login via PAM might be anything, so the pam modules have to restrict things. what should be done if pam auth might be s/key? then "without-passwd" should allow login? or not? i think that if pam is used then pam has to be configured properly. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 23:21:18 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 23:21:18 +1000 (EST) Subject: [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Message-ID: <20030922132118.4EA3827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=696 ------- Additional Comments From swamitj at yahoo.com 2003-09-22 23:21 ------- The same problem has been noticed on Secure CRT and Putty clients as well. The only client that seems to work so far is the openssh client. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 23:42:58 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 23:42:58 +1000 (EST) Subject: [Bug 701] With 'PermitRootPassword without-password' set, root w/pass can still log in with a using 'keyboard-int/pam' Message-ID: <20030922134258.352C127C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=701 ------- Additional Comments From markus at openbsd.org 2003-09-22 23:42 ------- patch looks good. will work on something similar. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 23:49:30 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 23:49:30 +1000 (EST) Subject: [Bug 701] With 'PermitRootPassword without-password' set, root w/pass can still log in with a using 'keyboard-int/pam' Message-ID: <20030922134930.2F6E027C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=701 ------- Additional Comments From jfh at cise.ufl.edu 2003-09-22 23:49 ------- Perhaps then, the wording of the sshd_config(8) man page should be modified somewhat: Change If this option is set to ``without-password'' password authentication is disabled for root. to If this option is set to ``without-password'', logins via the OpenSSH password authentication method are disabled for root. Other authentication methods (e.g., PAM) may still allow root to login via a password. Would anyone be interested in a 'publickey' setting for the 'PermitRootLogin' directive? I should be able to code one up in the next day or so. This would remove any ambiguity and lock down logins to publickey only. (Sorry if this is a dup -- I responded via email to Markus' first comment and it didn't show up -- I'm obviously Bugzilla-impaired :->) Jim ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 22 23:49:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 22 Sep 2003 23:49:42 +1000 (EST) Subject: [Bug 699] server broke connection without message Message-ID: <20030922134942.2985627C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=699 penalva at cines.fr changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|DUPLICATE | ------- Additional Comments From penalva at cines.fr 2003-09-22 23:49 ------- After the patch from bug#659, there's a pb during the build : /usr/local/bin/make gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I/usr/local/include -I. -I.. -I. -I./.. -I/usr/local/ssl/include -I/usr/local/pub/tcp_wrappers_7.6 -I/usr/local/include -DHAVE_CONFIG_H -c bsd-arc4random.c In file included from ../openbsd-compat/openbsd-compat.h:160, from ../includes.h:173, from bsd-arc4random.c:25: ../openbsd-compat/fake-rfc2553.h:141: conflicting types for `gai_strerror' /usr/include/netdb.h:147: previous declaration of `gai_strerror' make: *** [bsd-arc4random.o] Error 1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 00:02:16 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 00:02:16 +1000 (EST) Subject: [Bug 699] server broke connection without message Message-ID: <20030922140216.0F2FE27C1BC@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=699 ------- Additional Comments From dtucker at zip.com.au 2003-09-23 00:02 ------- Did you run "autoconf" to rebuild configure before running "./configure && make"? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 00:42:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 00:42:40 +1000 (EST) Subject: [Bug 699] server broke connection without message Message-ID: <20030922144240.7B16827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=699 ------- Additional Comments From penalva at cines.fr 2003-09-23 00:42 ------- Yes, autoconf, then ./configure with options. And before the autoconf, a good make clean. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 01:40:53 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 01:40:53 +1000 (EST) Subject: [Bug 645] Configure mis-identifies setresgid Message-ID: <20030922154053.692EB27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=645 ------- Additional Comments From tim at newmoonnine.com 2003-09-23 01:40 ------- I am willing to try the patch if it makes sense to you. setresgidtest.c compiled fine on my target sys (as a non root user too), but fails to execute properly (comment 4). Otherwise the system has the same symptoms the original poster described. (builds fine, but all logins fail with authentication failed errors). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 02:09:11 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 02:09:11 +1000 (EST) Subject: [Bug 645] Configure mis-identifies setresgid Message-ID: <20030922160911.2FF9127C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=645 ------- Additional Comments From tim at newmoonnine.com 2003-09-23 02:09 ------- correction: "but all logins fail with authentication failed errors" is wrong -that was another unrelated issue. "fatal: setresgid nnn: Function not implemented" is the reported error. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 02:55:11 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 02:55:11 +1000 (EST) Subject: [Bug 702] dont call userauth_finish after auth2_challenge_stop Message-ID: <20030922165511.B7B7C27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=702 Summary: dont call userauth_finish after auth2_challenge_stop Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: paul.a.bolton at bt.com Very occasionally users are experiencing sessions bailing on authentication with a "fatal: ssh_msg_send: write". After some analysis is seems that the common factor is a Solaris account management module is printing a message via the conversation function (e.g. Your password will expire in 7 days...). It looks as if in auth2-chall.c in input_userauth_info_response() is the culprit. auth2_challenge_stop() will eventually cause sshpam_free_ctx() to be called in auth-pam.c, which will free ctxt. This contains important file descriptors for the conversation function, which get closed before the free (which is correct). userauth_finish() can call do_account() if PAM is enabled. As auth2_challenge_stop() is getting called beforehand, if the module generates messages invalid references for FD's are found (probably because the memory has been malloc'ed again no SEGV) and the error detailed above is activated. It seems that it is possible to call auth2_challenge_stop() after userauth_finish(). However there are a few comments in the code I have seen that I don't like in relation to doing this. I will attach a patch with this bug. Please can you advise on any possible issues in doing this, as the change would probably need more sanity checking. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 02:57:59 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 02:57:59 +1000 (EST) Subject: [Bug 702] dont call userauth_finish after auth2_challenge_stop Message-ID: <20030922165759.843A827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=702 ------- Additional Comments From paul.a.bolton at bt.com 2003-09-23 02:57 ------- Created an attachment (id=447) --> (http://bugzilla.mindrot.org/attachment.cgi?id=447&action=view) call auth2_challenge_stop after userauth_finish Biggest concern (at present) along with the comments in the original bug submission is the comment " may set authctxt->postponed" for auth2_challenge_start. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 04:11:35 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 04:11:35 +1000 (EST) Subject: [Bug 702] dont call userauth_finish after auth2_challenge_stop Message-ID: <20030922181135.B04F827C19A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=702 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #447 is|0 |1 obsolete| | ------- Additional Comments From markus at openbsd.org 2003-09-23 04:11 ------- Created an attachment (id=448) --> (http://bugzilla.mindrot.org/attachment.cgi?id=448&action=view) alternative patch. perhaps something like this? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 04:18:44 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 04:18:44 +1000 (EST) Subject: [Bug 702] dont call userauth_finish after auth2_challenge_stop Message-ID: <20030922181844.1B25927C19A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=702 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #448 is|0 |1 obsolete| | ------- Additional Comments From markus at openbsd.org 2003-09-23 04:18 ------- Created an attachment (id=449) --> (http://bugzilla.mindrot.org/attachment.cgi?id=449&action=view) call userauth_finish early i don't see, why userauth finish cannot be called early.... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 04:31:19 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 04:31:19 +1000 (EST) Subject: [Bug 702] dont call userauth_finish after auth2_challenge_stop Message-ID: <20030922183119.154AF27C193@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=702 ------- Additional Comments From paul.a.bolton at bt.com 2003-09-23 04:31 ------- That would be the way to maintain that part of the original logic. My concern is in the form of the question "should we act upon the potentially changed value of authctxt->postponed within the same call to input_userauth_info_response() ?" Looking at auth2_challenge_stop() seems to suggest (on the face of it) the original patch would be correct, as this function removes a callback from the dispatch table and frees the kbdintctxt memory. The patch avoids adding more (potentially unnecessary) variables into the code. So, is it a case that it is safe to do, or was the original comment a warning against doing what I have just described? Obviously, if no-one can answer that, then play safe and go with the change to the patch that you have submitted. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 04:37:17 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 04:37:17 +1000 (EST) Subject: [Bug 702] dont call userauth_finish after auth2_challenge_stop Message-ID: <20030922183717.1B69127C193@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=702 ------- Additional Comments From paul.a.bolton at bt.com 2003-09-23 04:37 ------- I dont think you can call userauth_finish() early as auth2_challenge_start will call the init_ctx. So for PAM this is sshpam_init_ctx(), which will set up PAM including calling pam_start(). Calling any PAM function before pam_start() is bad. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 05:33:26 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 05:33:26 +1000 (EST) Subject: [Bug 690] sftp quoted filename parsing bug in get and put commands Message-ID: <20030922193326.7828627C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=690 admorten at umich.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |openbsd, patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 06:35:50 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 06:35:50 +1000 (EST) Subject: [Bug 703] non-interactive commands fail on solaris 8 Message-ID: <20030922203550.1F2E027C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=703 Summary: non-interactive commands fail on solaris 8 Product: Portable OpenSSH Version: 3.7.1p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: doke at udel.edu non-interactive commands fail in PAM tty check on solaris 8. Not all systems are affected. It seems to depend on the system PAM patches. Problem does not occur on Solaris 9. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 06:37:53 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 06:37:53 +1000 (EST) Subject: [Bug 703] non-interactive commands fail on solaris 8 Message-ID: <20030922203753.3961E27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=703 ------- Additional Comments From doke at udel.edu 2003-09-23 06:37 ------- Created an attachment (id=450) --> (http://bugzilla.mindrot.org/attachment.cgi?id=450&action=view) patch to fix problem ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 06:57:12 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 06:57:12 +1000 (EST) Subject: [Bug 703] non-interactive commands fail on solaris 8 Message-ID: <20030922205712.2796327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=703 ------- Additional Comments From doke at udel.edu 2003-09-23 06:57 ------- Some PAM modules in Solaris 8 require the tty to be set. So sshd sets it to "ssh". However, some versions of Solaris 8 PAM require the tty to begin with "/dev/". Changing auth-pam.c to use "/dev/console", or "/dev/ssh", fixes it. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 07:50:06 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 07:50:06 +1000 (EST) Subject: [Bug 704] 3.7.1p1 does not compile on FreeBSD 4.2 Message-ID: <20030922215006.8473F27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=704 Summary: 3.7.1p1 does not compile on FreeBSD 4.2 Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: FreeBSD Status: NEW Severity: critical Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: john at firstbase.com ./configure [snip] make [snip snip snip] gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -DSSHDIR=\"/usr/loc al/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAUL T=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/s ftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_S SH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HE LPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c cipher.c cipher.c:68: warning: initialization from incompatible pointer type cipher.c:69: warning: initialization from incompatible pointer type cipher.c:73: warning: initialization from incompatible pointer type cipher.c:74: warning: initialization from incompatible pointer type cipher.c:75: warning: initialization from incompatible pointer type cipher.c:76: warning: initialization from incompatible pointer type cipher.c: In function `cipher_init': cipher.c:230: warning: assignment discards qualifiers from pointer target type cipher.c:209: warning: unused variable `klen' cipher.c: In function `cipher_get_keycontext': cipher.c:403: warning: comparison of distinct pointer types lacks a cast cipher.c: In function `cipher_set_keycontext': cipher.c:418: warning: comparison of distinct pointer types lacks a cast gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -DSSHDIR=\"/usr/loc al/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAUL T=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/s ftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_S SH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HE LPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c cipher-aes.c cipher-aes.c: In function `ssh_rijndael_init': cipher-aes.c:50: warning: assignment from incompatible pointer type cipher-aes.c: In function `ssh_rijndael_cbc': cipher-aes.c:78: warning: assignment from incompatible pointer type cipher-aes.c: In function `ssh_rijndael_cleanup': cipher-aes.c:116: warning: assignment from incompatible pointer type cipher-aes.c: In function `ssh_rijndael_iv': cipher-aes.c:129: warning: assignment from incompatible pointer type cipher-aes.c: In function `evp_rijndael': cipher-aes.c:147: warning: assignment from incompatible pointer type cipher-aes.c:148: warning: assignment from incompatible pointer type cipher-aes.c:149: warning: assignment from incompatible pointer type cipher-aes.c:151: structure has no member named `flags' cipher-aes.c:151: `EVP_CIPH_CBC_MODE' undeclared (first use in this function) cipher-aes.c:151: (Each undeclared identifier is reported only once cipher-aes.c:151: for each function it appears in.) cipher-aes.c:151: `EVP_CIPH_VARIABLE_LENGTH' undeclared (first use in this funct ion) cipher-aes.c:152: `EVP_CIPH_ALWAYS_CALL_INIT' undeclared (first use in this func tion) cipher-aes.c:152: `EVP_CIPH_CUSTOM_IV' undeclared (first use in this function) *** Error code 1 Stop in /usr/local/src/openssh-3.7.1p1. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 12:32:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 12:32:39 +1000 (EST) Subject: [Bug 700] PAM support broken in 3.7.1p1 Message-ID: <20030923023239.34B4F27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=700 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From djm at mindrot.org 2003-09-23 12:32 ------- This is not a bug report. We are not telepathic. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 12:54:59 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 12:54:59 +1000 (EST) Subject: [Bug 675] cipher.c build error with openssl 0.9.5a Message-ID: <20030923025459.7865E27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=675 ------- Additional Comments From djm at mindrot.org 2003-09-23 12:54 ------- Created an attachment (id=451) --> (http://bugzilla.mindrot.org/attachment.cgi?id=451&action=view) Try to fix old OpenSSL problems Please try this patch. It includes most of the changes discussed. If it breaks, please post a compilation log. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 14:33:05 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 14:33:05 +1000 (EST) Subject: [Bug 675] cipher.c build error with openssl 0.9.5a Message-ID: <20030923043305.37AAF27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=675 ------- Additional Comments From tim at multitalents.net 2003-09-23 14:33 ------- Created an attachment (id=452) --> (http://bugzilla.mindrot.org/attachment.cgi?id=452&action=view) regression test log Your patch builds on UnixWare 7.1.1 using --with-ssl-dir=/usr/local/openssl-0.9.5a but it fails regression tests. Test log attached ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 15:45:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 15:45:42 +1000 (EST) Subject: [Bug 697] ending slash is not used Message-ID: <20030923054542.8891E27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=697 mouring at eviladmin.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From mouring at eviladmin.org 2003-09-23 15:45 ------- This sounds like a psftp.exe issue. It has no bearing on OpenSSH. Please contact them. Nor can I reproduce this on any platform I run sftp-server with the latest release of psftp.exe ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 16:08:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 16:08:08 +1000 (EST) Subject: [Bug 704] 3.7.1p1 does not compile on FreeBSD 4.2 Message-ID: <20030923060808.A858A27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=704 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From djm at mindrot.org 2003-09-23 16:08 ------- *** This bug has been marked as a duplicate of 675 *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 16:08:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 16:08:14 +1000 (EST) Subject: [Bug 675] cipher.c build error with openssl 0.9.5a Message-ID: <20030923060814.8552827C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=675 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |john at firstbase.com ------- Additional Comments From djm at mindrot.org 2003-09-23 16:08 ------- *** Bug 704 has been marked as a duplicate of this bug. *** ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 16:26:12 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 16:26:12 +1000 (EST) Subject: [Bug 675] cipher.c build error with openssl 0.9.5a Message-ID: <20030923062612.84DCC27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=675 ------- Additional Comments From djm at mindrot.org 2003-09-23 16:26 ------- Created an attachment (id=453) --> (http://bugzilla.mindrot.org/attachment.cgi?id=453&action=view) Disable CTR modes for old OpenSSL This diff (incremental to the last) just disables the CTR modes for older OpenSSL. I think we should do this for no, unless someone interested steps forward to make it work. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 17:38:20 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 17:38:20 +1000 (EST) Subject: [Bug 702] dont call userauth_finish after auth2_challenge_stop Message-ID: <20030923073820.39E7527C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=702 paul.a.bolton at bt.com changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #447 is|1 |0 obsolete| | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 17:38:49 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 17:38:49 +1000 (EST) Subject: [Bug 702] dont call userauth_finish after auth2_challenge_stop Message-ID: <20030923073849.4AF5227C18D@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=702 paul.a.bolton at bt.com changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #448 is|1 |0 obsolete| | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 17:39:19 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 17:39:19 +1000 (EST) Subject: [Bug 702] dont call userauth_finish after auth2_challenge_stop Message-ID: <20030923073919.0981C27C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=702 paul.a.bolton at bt.com changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #449 is|0 |1 obsolete| | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 17:44:12 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 17:44:12 +1000 (EST) Subject: [Bug 700] PAM support broken in 3.7.1p1 Message-ID: <20030923074412.30AFD27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=700 bryan.finn at data.slu.se changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 17:50:48 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 17:50:48 +1000 (EST) Subject: [Bug 700] PAM support broken in 3.7.1p1 Message-ID: <20030923075048.0A49027C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=700 ------- Additional Comments From bryan.finn at data.slu.se 2003-09-23 17:50 ------- OS = SunOS 5.8 Generic_108528-21 sun4u sparc SUNW,Ultra-4 PAM debug trace: Sep 19 10:19:21 alfa.stud.slu.se pam_pwdfile[4898]: [ID 115474 auth.error] wrong password for user l03mahe1 Sep 19 10:19:21 alfa.stud.slu.se dtlogin[4898]: [ID 427203 auth.debug] pam_authenticate: error Authentication failed Specify further information required (without snide "telepathic" comments please) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 17:59:31 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 17:59:31 +1000 (EST) Subject: [Bug 697] ending slash is not used Message-ID: <20030923075931.1CC8D27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=697 ramses at smeyers.be changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From ramses at smeyers.be 2003-09-23 17:59 ------- we use the latest psftp.exe, from the site, and it worked perfectly in the past with an openssh 3.6.1p2, now, with upgrading to 3.7.1p1, we introduced this problem.... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 20:07:32 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 20:07:32 +1000 (EST) Subject: [Bug 702] dont call userauth_finish after auth2_challenge_stop Message-ID: <20030923100732.1377B27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=702 ------- Additional Comments From markus at openbsd.org 2003-09-23 20:07 ------- yes, my last patch was broken. when authentication fails and postpone is not set, then we need to call challenge_start _before_ userauth_finish because _start will set postpone if it sends a packet to the client. if this is the case then userauth_finish will behave different and send _no_ failure packet. so the patch 448 or 447 are better. however, the comments in the code need to explain the mess better. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 20:58:01 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 20:58:01 +1000 (EST) Subject: [Bug 705] Compiler warnings in auth-pam.c Message-ID: <20030923105801.367DC27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=705 Summary: Compiler warnings in auth-pam.c Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: paul.a.bolton at bt.com Compiler warnings in auth-pam.c when building on Solaris 8 HW02/02. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 20:59:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 20:59:14 +1000 (EST) Subject: [Bug 705] Compiler warnings in auth-pam.c Message-ID: <20030923105914.183FC27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=705 ------- Additional Comments From paul.a.bolton at bt.com 2003-09-23 20:59 ------- Created an attachment (id=455) --> (http://bugzilla.mindrot.org/attachment.cgi?id=455&action=view) Fix for compiler warnings Needs testing against other PAM frameworks and Solaris 8 and prior without Solaris 9 PAM backport patch. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 23:04:37 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 23:04:37 +1000 (EST) Subject: [Bug 706] newlines missing in PAM conversations Message-ID: <20030923130437.33E0827C1F2@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=706 Summary: newlines missing in PAM conversations Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Solaris Status: NEW Severity: minor Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: paul.a.bolton at bt.com >From the manpage pam_start(3PAM): "It is the responsibility of the conversation function to strip off NEWLINE characters for PAM_PROMPT_ECHO_OFF and PAM_PROMPT_ECHO_ON message styles, and to add NEWLINE char- acters (if appropriate) for PAM_ERROR_MSG and PAM_TEXT_INFO message styles." In auth-pam.c sshpam_thread_conv() and sshpam_query() in the PAM_ERROR_MSG and PAM_TEXT_INFO messages do not append a newline. pam_chauthtok_conv() does. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 23:06:45 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 23:06:45 +1000 (EST) Subject: [Bug 706] newlines missing in PAM conversations Message-ID: <20030923130645.36FFC27C1B6@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=706 ------- Additional Comments From paul.a.bolton at bt.com 2003-09-23 23:06 ------- Created an attachment (id=458) --> (http://bugzilla.mindrot.org/attachment.cgi?id=458&action=view) fix ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 23:07:22 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 23:07:22 +1000 (EST) Subject: [Bug 553] configure fails to acknowledge availability of utimes() Message-ID: <20030923130722.1347627C230@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=553 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-23 23:07 ------- 3.7p1, 3.7.1p1 and 3.7.1p2 are all built with autoconf 2.52 so do not have this problem. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 23:07:27 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 23:07:27 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030923130727.C8E8C27C232@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 Bug 627 depends on bug 553, which changed state. Bug 553 Summary: configure fails to acknowledge availability of utimes() http://bugzilla.mindrot.org/show_bug.cgi?id=553 What |Old Value |New Value ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 23:08:47 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 23:08:47 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030923130847.22C7A27C1B6@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-23 23:08 ------- 3.7p1 has been and gone... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 23:16:15 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 23:16:15 +1000 (EST) Subject: [Bug 675] cipher.c build error with openssl 0.9.5a Message-ID: <20030923131615.22C9D27C1B6@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=675 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-23 23:16 ------- This has been fixed in 3.7.1p2: - (djm) Enable build with old OpenSSL again ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 23 23:22:02 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 23 Sep 2003 23:22:02 +1000 (EST) Subject: [Bug 699] server broke connection without message Message-ID: <20030923132202.3BB1B27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=699 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-23 23:22 ------- This is fixed in 3.7.1p2: - (dtucker) [configure.ac openbsd-compat/fake-rfc2553.c openbsd-compat/fake-rfc2553.h] Bug #659: Test for and handle systems with where gai_strerror is defined as "const char *". Part of patch supplied by bugzilla-openssh at thewrittenword.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 00:43:39 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 00:43:39 +1000 (EST) Subject: [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Message-ID: <20030923144339.DEAB727C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=696 swamitj at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|minor |major ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 00:58:36 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 00:58:36 +1000 (EST) Subject: [Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail Message-ID: <20030923145836.9A26427C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=125 Brian.King at xwave.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Brian.King at xwave.com ------- Additional Comments From Brian.King at xwave.com 2003-09-24 00:58 ------- I've tried applying the latest patch to 3.7.1p2. It doesn't seem to compile. Undefined first referenced symbol in file solaris_audit_success sshd.o solaris_audit_save_name auth.o solaris_audit_nologin session.o solaris_audit_save_port sshd.o solaris_audit_maxtrys auth1.o solaris_audit_logout sshlogin.o solaris_audit_not_console auth1.o solaris_audit_save_command session.o solaris_audit_save_pw auth.o solaris_audit_bad_pw auth1.o solaris_audit_save_ttyn session.o solaris_audit_save_host sshd.o ld: fatal: Symbol referencing errors. No output written to sshd collect2: ld returned 1 exit status make: *** [sshd] Error 1 I've looked for the symbols in all the libraries in /lib and can't find those. I assumed they should have been in /lib/libbsm.so, but none of those symbols contain the "solaris_" prefix. Most have _similar_ sounding symbols in the library, but some do not. Am I missing a required library? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 01:30:36 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 01:30:36 +1000 (EST) Subject: [Bug 707] missing banner file now prints empty line Message-ID: <20030923153036.5997F27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=707 Summary: missing banner file now prints empty line Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P5 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: Al.Smith at gold.net New in 3.7p1 and above, if the banner file is missing then sshd will send a banner to an SSH2 client, containing a newline. auth2_read_banner() correctly returns a NULL if the file is missing, but this is lost in the privsep: if in auth2-none.c the PRIVSEP() is removed from auth2_read_banner() then everything works fine. Upon further analysis I came to the conclusion that mm_answer_auth2_read_banner() will return either a banner string, or an empty string. It will never return NULL, so presumably mm_auth2_read_banner() will also never return NULL to its caller in userauth_banner(). A patch will be attached. It could be better. And a better solution is to just not point UseBanner to an non-existant file! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 01:31:44 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 01:31:44 +1000 (EST) Subject: [Bug 707] missing banner file now prints empty line Message-ID: <20030923153144.8F38527C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=707 ------- Additional Comments From Al.Smith at gold.net 2003-09-24 01:31 ------- Created an attachment (id=459) --> (http://bugzilla.mindrot.org/attachment.cgi?id=459&action=view) patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 01:42:45 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 01:42:45 +1000 (EST) Subject: [Bug 690] sftp quoted filename parsing bug in get and put commands Message-ID: <20030923154245.2A0E727C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=690 admorten at umich.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 01:43:44 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 01:43:44 +1000 (EST) Subject: [Bug 690] sftp quoted filename parsing bug in get and put commands Message-ID: <20030923154344.1B6AB27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=690 ------- Additional Comments From admorten at umich.edu 2003-09-24 01:43 ------- Fixed in OpenSSH 3.7.1p2. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 02:14:31 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 02:14:31 +1000 (EST) Subject: [Bug 708] Remote forward: Connect from privileged port if originator connected from privileged port Message-ID: <20030923161431.28FE227C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=708 Summary: Remote forward: Connect from privileged port if originator connected from privileged port Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P4 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: Robert.Dahlem at siemens.com Got a daemon which checks if connections are originated from a privileged port (below 1024) to make sure originator has UID==0. Need a way to emulate this when forwarding ports through secure tunnels. Implemented ssh option -Q as extension to option -R. With -Q ssh tries to connect from a port below IPPORT_RESERVED if originator port was below IPPORT_RESERVED. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 02:17:22 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 02:17:22 +1000 (EST) Subject: [Bug 708] Remote forward: Connect from privileged port if originator connected from privileged port Message-ID: <20030923161722.270D727C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=708 ------- Additional Comments From Robert.Dahlem at siemens.com 2003-09-24 02:17 ------- Created an attachment (id=460) --> (http://bugzilla.mindrot.org/attachment.cgi?id=460&action=view) proposed patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 02:41:50 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 02:41:50 +1000 (EST) Subject: [Bug 709] refresh_progress_meter() appends null bytes Message-ID: <20030923164150.18B7F27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=709 Summary: refresh_progress_meter() appends null bytes Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: minor Priority: P4 Component: scp AssignedTo: openssh-bugs at mindrot.org ReportedBy: Robert.Dahlem at siemens.com Since 3.7.1p1 refresh_progress_meter() appends a null byte every time the progress meter is updated. This is quite disturbing on terminals which skip to the next line when a null byte is written to the last column. It is an off-by-one-bug: win_size is the string length including terminating null byte, so atomicio() must not write more than win_size-1 bytes to stdout. Perhaps strlen(buf) would be better than win_size-1 ... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 02:42:35 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 02:42:35 +1000 (EST) Subject: [Bug 709] refresh_progress_meter() appends null bytes Message-ID: <20030923164235.1CC8927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=709 ------- Additional Comments From Robert.Dahlem at siemens.com 2003-09-24 02:42 ------- Created an attachment (id=461) --> (http://bugzilla.mindrot.org/attachment.cgi?id=461&action=view) proposed patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 03:18:32 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 03:18:32 +1000 (EST) Subject: [Bug 710] ReliantUnix: -ldl missing when libcrypto is a shared object Message-ID: <20030923171832.11BFE27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=710 Summary: ReliantUnix: -ldl missing when libcrypto is a shared object Product: Portable OpenSSH Version: -current Platform: MIPS OS/Version: other Status: NEW Severity: normal Priority: P3 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: Robert.Dahlem at siemens.com When libcrypto is only available as a shared object, configure fails to detect libcrypto ("Can't find recent OpenSSL libcrypto") under ReliantUNIX, because dlsym() is not in libc and libdl is not searched. [ReliantUNIX weirdness: dlopen() is in libc while dlsym() is in libdl] Trivial fix would be to add LIBS="$LIBS -ldl" in case of *-sni-sysv* More clever would be to try to compile with "-lcrypto" and if that doesn't work then try to compile with "-lcrypto -ldl". But that's way beyond my autoconf expertise. :-) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 03:19:18 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 03:19:18 +1000 (EST) Subject: [Bug 710] ReliantUnix: -ldl missing when libcrypto is a shared object Message-ID: <20030923171918.480CC27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=710 ------- Additional Comments From Robert.Dahlem at siemens.com 2003-09-24 03:19 ------- Created an attachment (id=462) --> (http://bugzilla.mindrot.org/attachment.cgi?id=462&action=view) the TRIVIAL fix ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 03:55:51 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 03:55:51 +1000 (EST) Subject: [Bug 655] sshd_config.5: 'GSSAPICleanupCredentials' -> '...Creds' Message-ID: <20030923175551.58EFE27C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=655 jmknoble at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|OpenBSD |All Platform|ix86 |All ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 06:40:05 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 06:40:05 +1000 (EST) Subject: [Bug 709] refresh_progress_meter() appends null bytes Message-ID: <20030923204005.4669327C26C@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=709 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From markus at openbsd.org 2003-09-24 06:40 ------- thanks, applied. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 07:25:36 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 07:25:36 +1000 (EST) Subject: [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Message-ID: <20030923212536.69FD227C2AB@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=696 ------- Additional Comments From djm at mindrot.org 2003-09-24 07:25 ------- you will have to provide more evidence. A debug trace from the server perhaps? Are you using 3.7.1p2? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 07:54:53 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 07:54:53 +1000 (EST) Subject: [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Message-ID: <20030923215453.B701927C1D2@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=696 ------- Additional Comments From swamitj at yahoo.com 2003-09-24 07:54 ------- Created an attachment (id=463) --> (http://bugzilla.mindrot.org/attachment.cgi?id=463&action=view) Debug output from the server and verbose o/p from the client side(both f-secure and openssh) Yes we upgraded to 3.7.1p2 and the problem still persists. Setting UsePAM to yes and PasswordAuthentication to no the f-secure client is not able to login to the machine at all. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 08:12:59 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 08:12:59 +1000 (EST) Subject: [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Message-ID: <20030923221259.1DCA127C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=696 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #463|application/octet-stream |text/plain mime type| | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 08:15:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 08:15:08 +1000 (EST) Subject: [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Message-ID: <20030923221508.3BF8327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=696 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From djm at mindrot.org 2003-09-24 08:15 ------- You are not even trying challenge response authentication. Try connecting using ssh protocol 2 or looking for a f-secure option "tisauthentication" or similar to enable challenge-response for protocol 1. This does work (it has been tested by a number of developers) - the problem is at the client. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 10:04:03 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 10:04:03 +1000 (EST) Subject: [Bug 711] 3.7.1p2 does not compile on redhat 5.1 Message-ID: <20030924000403.2D78827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=711 Summary: 3.7.1p2 does not compile on redhat 5.1 Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: john at firstbase.com ./configure [snip] makegcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. -I/usr/local/ssl/include -DHAVE_CONFIG_H -c readpassphrase.c readpassphrase.c: In function `readpassphrase': readpassphrase.c:117: warning: implicit declaration of function `write' readpassphrase.c:119: warning: implicit declaration of function `read' [snip] ranlib libopenbsd-compat.a make[1]: Leaving directory `/usr/local/src/openssh-3.7.1p2/openbsd-compat' gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/i nclude -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_S ERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/lib exec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR= \"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE _CONFIG_H -c authfd.c authfd.c: In function `ssh_request_reply': authfd.c:125: `write' undeclared (first use this function) authfd.c:125: (Each undeclared identifier is reported only once authfd.c:125: for each function it appears in.) authfd.c:137: warning: implicit declaration of function `read' make: *** [authfd.o] Error 1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 15:02:24 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 15:02:24 +1000 (EST) Subject: [Bug 712] ssh does not properly utilize OS specified authentication methods on AIX Message-ID: <20030924050224.169D127C1FA@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=712 Summary: ssh does not properly utilize OS specified authentication methods on AIX Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org ReportedBy: phoenix at internetstatic.com AIX allows for the possibility of using other authentication methods to login to the system in any user definition, which are specified by auth1 and auth2. An auth field set to SYSTEM refers to the internal, normal shadow passworded files on the system. However, other methods can be specified under /etc/security/login.cfg, and ssh ignores these. If one of these methods is in use, ssh allows a single space, or even any key sequence to allow anyone to access the account. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 19:19:46 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 19:19:46 +1000 (EST) Subject: [Bug 697] ending slash is not used Message-ID: <20030924091946.29FD227C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=697 ------- Additional Comments From jacobn+mindrot at chiark.greenend.org.uk 2003-09-24 19:19 ------- Note that wildcards wouldn't have worked the way you expect in PSFTP anyway (because we haven't implemented them yet). I'm looking at PSFTP to see if the bug could be there. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 19:24:45 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 19:24:45 +1000 (EST) Subject: [Bug 697] ending slash is not used Message-ID: <20030924092445.F2BB127C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=697 ------- Additional Comments From ramses at smeyers.be 2003-09-24 19:24 ------- more test samples (already with 3.7.1p2) -rw-r--r-- 1 rmon rmon 329557 Sep 23 16:20 20030921-lux01-WTS7 -rw-r--r-- 1 rmon rmon 358828 Sep 23 16:32 20030921-lux01-WTS8 drwxrwx--- 2 root system 512 Jun 19 16:33 lost+found psftp> ls 20030921-lux01-WTS8 Listing directory /var/spool/rmon-server/guy.leroy20030921-lux01-WTS8 Unable to open 20030921-lux01-WTS8: no such file or directory psftp> get 20030921-lux01-WTS8 /var/spool/rmon-server/guy.leroy20030921-lux01-WTS8: no such file or directory psftp> get /var/spool/rmon-server/guy.leroy/20030921-lux01-WTS8 /var/spool/rmon-server/guy.leroy20030921-lux01-WTS8: no such file or directory psftp> get /var/spool/rmon-server/guy.leroy//20030921-lux01-WTS8 /var/spool/rmon-server/guy.leroy20030921-lux01-WTS8: no such file or directory psftp> get /var/spool/rmon-server/guy.leroy\//20030921-lux01-WTS8 /var/spool/rmon-server/guy.leroy\/: no such file or directory psftp> ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 19:24:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 19:24:56 +1000 (EST) Subject: [Bug 712] ssh does not properly utilize OS specified authentication methods on AIX Message-ID: <20030924092456.5FB8327C198@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=712 ------- Additional Comments From dtucker at zip.com.au 2003-09-24 19:24 ------- Created an attachment (id=464) --> (http://bugzilla.mindrot.org/attachment.cgi?id=464&action=view) Move AIX password auth to port-aix.c and use authenticate's reenter Please try this patch. I've had this in a local tree for a month or so but up until now I haven't heard of anyone who actually used that functionality (and therefore would be able to test it!) Regular SYSTEM password auth still works for me (AIX 5.2 tested). What are you using non-SYSTEM auth for? It's not an eNetwork firewall is it? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 20:11:02 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 20:11:02 +1000 (EST) Subject: [Bug 711] 3.7.1p2 does not compile on redhat 5.1 Message-ID: <20030924101102.1CC0D27C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=711 ------- Additional Comments From dtucker at zip.com.au 2003-09-24 20:10 ------- Those should be defined in /usr/include/unistd.h. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 20:22:05 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 20:22:05 +1000 (EST) Subject: [Bug 710] ReliantUnix: -ldl missing when libcrypto is a shared object Message-ID: <20030924102205.6983627C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=710 ------- Additional Comments From dtucker at zip.com.au 2003-09-24 20:22 ------- Is there any harm in using -ldl when building with a static libcrypto? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 20:25:26 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 20:25:26 +1000 (EST) Subject: [Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail Message-ID: <20030924102526.9336927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=125 ------- Additional Comments From dtucker at zip.com.au 2003-09-24 20:25 ------- Try deleting openbsd-compat/*.a (or better yet, do "make clean") and rebuilding. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 21:37:54 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 21:37:54 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030924113754.1DFA927C279@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 ------- Additional Comments From michael_steffens at hp.com 2003-09-24 21:37 ------- Hi Darren, now that PAM is in distress (won't reason about why here) I think having pw hash retrieval directed to getspnam is even more desirable for all version of HP-UX. For 10.x versions still in use (10.20 presumably the vast majority) I have found OS patches containing the getwent family (not introducing it!) in libsec: 10.10 PHCO_11208 (published 1997/06/06) 10.20 PHCO_11214 (published 1997/06/09) both addressing "adding/removing users can cause getspwent(3) to loop". For 10.00 and 10.01 I had to unpack PHCO_9817 (published 1997/02/17) and examine libsec.1 using nm: _fgetspwent | 58032|extern|entry | _fgetspwent | 58128|extern|code |$CODE$ _fgetspwent_r | 73892|extern|entry | _fgetspwent_r | 73940|extern|code |$CODE$ _getspwaid | 57540|extern|entry | _getspwaid | 57612|extern|code |$CODE$ _getspwaid_r | 73016|extern|entry | _getspwaid_r | 73064|extern|code |$CODE$ _getspwent | 58528|extern|entry | _getspwent | 58576|extern|code |$CODE$ _getspwent_r | 74348|extern|entry | _getspwent_r | 74420|extern|code |$CODE$ _getspwnam | 56888|extern|entry | _getspwnam | 56936|extern|code |$CODE$ _getspwnam_r | 71548|extern|entry | _getspwnam_r | 71668|extern|code |$CODE$ _getspwuid | 57196|extern|entry | _getspwuid | 57268|extern|code |$CODE$ _getspwuid_r | 72312|extern|entry | _getspwuid_r | 72360|extern|code |$CODE$ fgetspwent | 58056|extern|entry | fgetspwent | 58128|extern|code |$CODE$ fgetspwent_r | 73916|extern|entry | fgetspwent_r | 73940|extern|code |$CODE$ getspent | 56576|extern|entry | getspent | 56648|extern|code |$CODE$ getspnam | 56752|extern|entry | getspnam | 56776|extern|code |$CODE$ getspwaid | 57564|extern|entry | getspwaid | 57612|extern|code |$CODE$ getspwaid_r | 73040|extern|entry | getspwaid_r | 73064|extern|code |$CODE$ getspwent | 58552|extern|entry | getspwent | 58576|extern|code |$CODE$ getspwent_r | 74372|extern|entry | getspwent_r | 74420|extern|code |$CODE$ getspwnam | 56912|extern|entry | getspwnam | 56936|extern|code |$CODE$ getspwnam_r | 71572|extern|entry | getspwnam_r | 71668|extern|code |$CODE$ getspwuid | 57220|extern|entry | getspwuid | 57268|extern|code |$CODE$ getspwuid_r | 72336|extern|entry | getspwuid_r | 72360|extern|code |$CODE$ So these functions are at least present. Can't test these very old ones, however, as we don't have any of them any more. All these patches are also the latest libsec patches for these platforms. My two cents are: Somebody running 10.x and not having patched OS for more than six years is likely to have more serious vulnerabilities to care for than OpenSSH. Cheers! Michael ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 21:42:36 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 21:42:36 +1000 (EST) Subject: [Bug 713] PAM and "PermitRootLogin without-password" still allows root password login Message-ID: <20030924114236.1D3F827C191@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=713 Summary: PAM and "PermitRootLogin without-password" still allows root password login Product: Portable OpenSSH Version: -current Platform: All OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: iand at ekit-inc.com With 3.7.1p1 and 3.7.1p2 (at least) on Solaris 7, 8 (at least), enabling UsePAM with "PermitRootLogin without-password" still allows root logins with password authentication. (compiled --with-pam) Disabling UsePAM works to restore expected behaviour; ie: password authentication fails as it should, which is my workaround, but I want to use PAM in the future. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 22:01:34 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 22:01:34 +1000 (EST) Subject: [Bug 713] PAM and "PermitRootLogin without-password" still allows root password login Message-ID: <20030924120134.9CCFE27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=713 ------- Additional Comments From djm at mindrot.org 2003-09-24 22:01 ------- When you use PAM you are not using password authentication anymore. You should control root auth in PAM using the pam_rootok or pam_listfile modules. perhaps we need a README.PAM file... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Wed Sep 24 22:29:24 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Wed, 24 Sep 2003 22:29:24 +1000 (EST) Subject: [Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail Message-ID: <20030924122924.6BFDE27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=125 ------- Additional Comments From Brian.King at xwave.com 2003-09-24 22:29 ------- Found it. The patch to "openbsd-compat/Makefile.in" failed (I guess because of differences between p1 & p2). I manually added the "bsd-solaris.o" to the COMPAT line, and it compiled fine. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 00:09:15 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 00:09:15 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030924140915.3529F27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 ------- Additional Comments From mouring at eviladmin.org 2003-09-25 00:09 ------- what about: xcrypt() section where we have: # elif defined(__hpux) && !defined(HAVE_SECUREWARE) if (iscomsec()) crypted = bigcrypt(password, salt); else crypted = crypt(password, salt); ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 02:08:42 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 02:08:42 +1000 (EST) Subject: [Bug 645] Configure mis-identifies setresgid Message-ID: <20030924160842.5CBFD27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=645 ------- Additional Comments From tim at newmoonnine.com 2003-09-25 02:08 ------- >From the 3.71.p2 announcement: "* Workaround problems related to unimplemented or broken setresuid/setreuid functions on several platforms." 3.7.1p2 still fails in this regard - for me. Same install as described in comment 4. Commenting both setresuid/setreuid solves this. I've only seen this issue reported here. I don't really see this as an ssh bug - maybe this should be closed. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 03:44:05 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 03:44:05 +1000 (EST) Subject: [Bug 712] ssh does not properly utilize OS specified authentication methods on AIX Message-ID: <20030924174405.0F36627C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=712 ------- Additional Comments From phoenix at internetstatic.com 2003-09-25 03:44 ------- The above patch does not address the issue. The system still accepts any keystroke(s) as an acceptable password for IDs with auth1 set to something other than SYSTEM regardless of what it should be. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 06:51:44 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 06:51:44 +1000 (EST) Subject: [Bug 712] ssh does not properly utilize OS specified authentication methods on AIX Message-ID: <20030924205144.CA96027C1EC@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=712 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #464 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-09-25 06:51 ------- Created an attachment (id=465) --> (http://bugzilla.mindrot.org/attachment.cgi?id=465&action=view) Add call to setauthdb() in auth.c The only other thing I can guess is it needs a call to setauthdb before authenticate, please try the attached patch (apply to a vanilla 3.7.1p2 tree). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 08:05:55 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 08:05:55 +1000 (EST) Subject: [Bug 710] ReliantUnix: -ldl missing when libcrypto is a shared object Message-ID: <20030924220555.3461C27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=710 ------- Additional Comments From Robert.Dahlem at siemens.com 2003-09-25 08:05 ------- Define "harm" :-) I tried the famous "Hello World!\n" program: $ cc hello.c -o hello $ ldd hello /usr/lib/libc.so $ cc hello.c -o hello -ld $ ldd hello /usr/lib/libdl.so /usr/lib/libc.so What you can see is that the dynamic linker honors -ldl by searching libdl.so for any unresolved externals each time one invokes the program. It might even map it into the processes memory. If you consider this "harm" then yes, there is harm in using -ldl when building with a static libcrypto. Personally I consider it harm increasing overall system load by building OpenSSH with a static libcrypto, that's why I built libcrypto as shared object. Name it attitude. :-) I didn't want to call it nonsense to use my trivial patch and always build with -ldl under ReliantUnix (I need it anyway). I just wanted to say I would consider it clever to avoid a superfluous -ldl when it's just that: superfluous. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 11:12:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 11:12:40 +1000 (EST) Subject: [Bug 712] ssh does not properly utilize OS specified authentication methods on AIX Message-ID: <20030925011240.90B5627C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=712 ------- Additional Comments From phoenix at internetstatic.com 2003-09-25 11:12 ------- I applied the second patch to a vanilla p2 tree, and still had the same issue. For a non-SYSTEM auth1 userID, SSH allowed any and no key sequence to be accepted. The configuration options chosen were that on Darrin Tucker's AIX SSH page. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 18:07:56 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 18:07:56 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030925080756.0CC3D27C18A@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 ------- Additional Comments From michael_steffens at hp.com 2003-09-25 18:07 ------- This remains fine in function xcrypt. Trusted systems, and only these, do use the bigcrypt hashing. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 18:09:30 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 18:09:30 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030925080930.2600C27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 ------- Additional Comments From penalva at cines.fr 2003-09-25 18:09 ------- No good news for the daily snapshot (25/09/2003). There's still the problem on Irix (6.5.18f). We can connect on root account, but when it's another uid, it stop after the password and remains unavailable. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 18:32:31 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 18:32:31 +1000 (EST) Subject: [Bug 714] MD5 passwords disabled in redhat spec file Message-ID: <20030925083231.68CDA27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=714 Summary: MD5 passwords disabled in redhat spec file Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: paolo at mighty.co.za The RedHat spec file distributed with openssh-3.7.1p2-1 fails to enable MD5 passwords (a problem now that PAM is disabled), with the result that you could lock yourself out of your own system if not careful. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 19:12:21 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 19:12:21 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030925091221.538F927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 ------- Additional Comments From dtucker at zip.com.au 2003-09-25 19:12 ------- Please attach a server-side debug (eg sshd -ddd -p 2022) for your IRIX 6.5.18f box. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 20:25:26 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 20:25:26 +1000 (EST) Subject: [Bug 633] Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Message-ID: <20030925102526.0E9CB27C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=633 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-09-25 20:25 ------- OK, I'm convinced. Patch id #386 applied to both HEAD and 3.7 branch. BTW, I've discovered how to convert to and from Trusted Mode via command line (it's /usr/lbin/tsconvert if anyone wanted to know) so I can now regression test Trusted and non-Trusted on the same box automatically. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 20:25:32 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 20:25:32 +1000 (EST) Subject: [Bug 627] [RELENG] Bugs blocking 3.7p1 Message-ID: <20030925102532.4A90C27C18B@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=627 Bug 627 depends on bug 633, which changed state. Bug 633 Summary: Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW http://bugzilla.mindrot.org/show_bug.cgi?id=633 What |Old Value |New Value ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 21:03:58 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 21:03:58 +1000 (EST) Subject: [Bug 710] ReliantUnix: -ldl missing when libcrypto is a shared object Message-ID: <20030925110358.25FF027C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=710 ------- Additional Comments From dtucker at zip.com.au 2003-09-25 21:03 ------- OK then, sounds like it's not worth the hassle of auto-detecting the need for -ldl. Any objections to patch id #462? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Thu Sep 25 23:52:48 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Thu, 25 Sep 2003 23:52:48 +1000 (EST) Subject: [Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) Message-ID: <20030925135248.51E3D27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=653 ------- Additional Comments From Ole.H.Nielsen at fysik.dtu.dk 2003-09-25 23:52 ------- I downloaded OpenSSH 3.7.1p2 and installed it on Tru64 UNIX v4.0F. I can confirm that this bug is fixed now. Another bug exists (will be reported separately): When sshd should be started from /etc/inittab, no sshd process is running upon a reboot. If I start sshd from the command-line it's OK. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 00:05:07 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 00:05:07 +1000 (EST) Subject: [Bug 715] usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful Message-ID: <20030925140507.55CCE27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=715 Summary: usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: Robert.Dahlem at siemens.com 3.7.1p1 introduced BROKEN_SETREUID/BROKEN_SETREGID and requires each and every OS to have AC_DEFINE(BROKEN_SETREUID)/AC_DEFINE(BROKEN_SETREGID) in configure.ac, otherwise - if setreuid() is indeed broken - this will break sshd for non-root users (disconnect, "fatal: : was able to restore old [e]uid"), see bug #649 (IRIX), #653 (Tru64), #665 (Mac OS X) and others. OpenSSH should not depend on untested decisions ("OS x needs BROKEN_SETREUID/BROKEN_SETREGID, OS y does not need") but instead check if the functions are broken and consider them broken until the opposite is proven, i.e.: if(geteuid() != 0) /* make sure we're root */ exit(1); /* otherwise declare setreuid() broken */ setreuid(1,1); /* try to lose UID 0 */ setuid(0); /* try to regain UID 0, must fail */ if(geteuid() != 0) /* if we're root again */ exit(1); /* setreuid() is broken */ exit(0); /* setreuid() is ok */ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 00:18:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 00:18:14 +1000 (EST) Subject: [Bug 716] OpenSSH 3.7.1p2: sshd doesn't start at reboot (Tru64 UNIX) Message-ID: <20030925141814.EF90527C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=716 Summary: OpenSSH 3.7.1p2: sshd doesn't start at reboot (Tru64 UNIX) Product: Portable OpenSSH Version: -current Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: Ole.H.Nielsen at fysik.dtu.dk The sshd daemon works correctly when started from the command line under HP/Compaq Tru64 UNIX v4.0F (thanks to the fix in [Bug 653]). The sshd is started at boot time from /etc/inittab like this: sshd::once:/usr/local/sbin/sshd This used to work fine with OpenSSH 2.1.1p4. Unfortunately, with the OpenSSH 3.7.1p2 sshd, no sshd process is running after the reboot. There are no error messages on the console, nor in any syslog files. When I login to the console and start sshd from the command line, the daemon starts and works correctly. Why won't sshd start from /etc/inittab ? Is there an alternative startup method for 3.7.1p2 ? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 00:21:26 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 00:21:26 +1000 (EST) Subject: [Bug 715] usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful Message-ID: <20030925142126.6EAF427C3CA@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=715 ------- Additional Comments From djm at mindrot.org 2003-09-26 00:21 ------- So ./configure should require root privileges? I think not... These tests expose operating system bugs, not OpenSSH bugs. We are willing to work around them, but you should complain to your OS vendor first. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 01:02:11 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 01:02:11 +1000 (EST) Subject: [Bug 716] OpenSSH 3.7.1p2: sshd doesn't start at reboot (Tru64 UNIX) Message-ID: <20030925150211.43BA027C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=716 ------- Additional Comments From mouring at eviladmin.org 2003-09-26 01:02 ------- I believe you really want: sshd:12345:respawn:/usr/sbin/sshd -D ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 01:06:10 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 01:06:10 +1000 (EST) Subject: [Bug 715] usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful Message-ID: <20030925150610.3006327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=715 ------- Additional Comments From Robert.Dahlem at siemens.com 2003-09-26 01:06 ------- The proposed check would not require root privileges, it would just sacrifice setreuid() when lacking root privileges. I didn't see the advantage of setreuid() over setuid() anyway, but that's just me lacking the knowledge. May be someone can explain this to me off-bugzilla. I agree upon your statement about who should fix OS bugs. But: we live in real world with real buggy OSs and real constraints concerning budgets for new hardware. New OS versions tend to require more/bigger hardware, old OS versions tend to be no longer under vendor maintenance. Complaining to the vendor is not always an option. What OpenSSH does at the moment is knowingly running into a bug multiple OSs have (in this case we know at least about IRIX, Tru64, Mac OS X and ReliantUnix) and leaving non-C-capable admins only the choice between vulnerable OpenSSH (3.6.1) or mal-/non-functioning OpenSSH (sshd simply disconnecting non-root users). I think the principle of least surprise should apply here, which means: if you know it might be broken, then don't use it unless you have prove it is not broken. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 01:09:48 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 01:09:48 +1000 (EST) Subject: [Bug 716] OpenSSH 3.7.1p2: sshd doesn't start at reboot (Tru64 UNIX) Message-ID: <20030925150948.2C9B727C189@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=716 ------- Additional Comments From Ole.H.Nielsen at fysik.dtu.dk 2003-09-26 01:09 ------- I do not believe your syntax: > sshd:12345:respawn:/usr/sbin/sshd -D to be valid on Tru64 UNIX. Can you please explain why the -D flag (do not become a daemon) would be a good idea ? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 01:52:51 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 01:52:51 +1000 (EST) Subject: [Bug 715] usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful Message-ID: <20030925155251.38B3A27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=715 ------- Additional Comments From mouring at eviladmin.org 2003-09-26 01:52 ------- We original saw two platforms out of our collection with this issue. After the release we learned 50% don't behave the way we expect it. Plus it has always been our policy to track "broken" interfaces and not "correct" ones. It is better logic. The issue is people not testing when we call for it. We had a good few weeks before we had to release (Shorter than I like, but life sucks). We recieved limited response (some good, some with bug fixes attached.. And we are thankful for those who help during release). However, I know all the platforms we tagged with this issue are all platforms with people (admins to C programmers) *ON THE MAILINGLIST*. I'm sorry if people expect us to have every hardware/OS under the sun, but it is impossible. Since it is an impossiblity and since neither those companies or OS communities are unwilling to support us. Then maybe we should stop breaking our backs trying to support them. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 02:03:20 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 02:03:20 +1000 (EST) Subject: [Bug 716] OpenSSH 3.7.1p2: sshd doesn't start at reboot (Tru64 UNIX) Message-ID: <20030925160320.5C37827C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=716 ------- Additional Comments From mouring at eviladmin.org 2003-09-26 02:03 ------- Deamonizing needs to be disabled otherwise it confuses init. It no longer knows how to manage the process. And if this is not the right syntax for Tru64 then Tru64 is broken because inittab is an extremely old concept (pre-OSF). If you do a search on "inittab sshd -D" on google you'll see multiple documents talking about this. Multiple commentary on it. Even if you just look back through the openssh-unix-dev@ list you'll see it is the correct solution. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 02:19:03 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 02:19:03 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030925161903.BEF3527C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 ------- Additional Comments From Luc.Lalonde at polymtl.ca 2003-09-26 02:19 ------- Created an attachment (id=466) --> (http://bugzilla.mindrot.org/attachment.cgi?id=466&action=view) Debug messages (Irix 6.5.21) Server-side debug messages for Irix-6.5.21 running openssh-SNAP-20030924.tar.gz ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 02:19:36 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 02:19:36 +1000 (EST) Subject: [Bug 659] sshd failure on IRIX Message-ID: <20030925161936.15C0227C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=659 ------- Additional Comments From Luc.Lalonde at polymtl.ca 2003-09-26 02:19 ------- Created an attachment (id=467) --> (http://bugzilla.mindrot.org/attachment.cgi?id=467&action=view) Debug messages (Irix 6.5.21) Client-side debug messages for Irix-6.5.21 running openssh-SNAP-20030924.tar.gz ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 02:43:02 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 02:43:02 +1000 (EST) Subject: [Bug 715] usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful Message-ID: <20030925164302.70C7D27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=715 ------- Additional Comments From Robert.Dahlem at siemens.com 2003-09-26 02:43 ------- First of all: I didn't want to sound offensive. If I sounded that way then please excuse, it's probably due to English not being my mother tongue. I'm sorry I wasn't available for testing before the release although I'm subscribed to the mailinglist too. But please: My job is to care for bind, sendmail, httpd, squid, OpenSSH and some dozens of other packages while caring for some dozens of systems and applications in production. According to the rule "If it ain't broke: don't fix it" my policy is to upgrade only when new functions are desired or vulnerabilities get known. "I'm sorry if people expect me to test every software package pre-releases under the sun, but it is impossible". :-) I contribute ReliantUnix patches as soon as I have them. And I try to contribute opinion. In this case my opinion is that setreuid() has a long, sad story of OSs implementing it in a way OpenSSH considers broken. Well, then it seems not to be a good idea to consider it working unless someone proves it's broken. Now for something different: According to my - probably limited - knowledge setreuid(x,y) is only different from setuid(x) when x!=y. Well, then why does OpenSSH use only setreuid(x,x)? This looks like asking for trouble to me. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 02:45:07 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 02:45:07 +1000 (EST) Subject: [Bug 715] usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful Message-ID: <20030925164507.1412127C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=715 ------- Additional Comments From Robert.Dahlem at siemens.com 2003-09-26 02:45 ------- Created an attachment (id=468) --> (http://bugzilla.mindrot.org/attachment.cgi?id=468&action=view) Patch for ReliantUnix. Trying to be a little more constructive. :-) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 02:58:52 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 02:58:52 +1000 (EST) Subject: [Bug 717] AFS tokens are not generated upon login Message-ID: <20030925165852.1DFD727C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=717 Summary: AFS tokens are not generated upon login Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: IDKaufman at lbl.gov OpenSSH versions 3.7p1 through 3.7.1p2 on Solaris 2.6 and Solaris 8. Solaris 8 Kernel patched to 108528-19 (cannot patch higher due to AFS issue) Solaris 2.6 Kernel patched to 105181-35 Prior to upgrading from OpenSSH 3.6, if OpenSSH was compiled with the following flags: ./configure --with-pam --with-xauth=/usr/openwin/bin/xauth --with-tcp-wrappers --with-ssl-directory=/usr/local/ssl users could log into their machines via OpenSSH, and through PAM, an AFS token would be generated. After upgrading OpenSSH, tokens are no longer generated, and users must run klog to authenticate to AFS. Please contact me if you need more information. This issue has been discussed at OpenAFS as well: https://lists.openafs.org/pipermail/openafs-info/2003-September/010738.html Thanks for your time and consideration, Ian ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 04:50:14 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 04:50:14 +1000 (EST) Subject: [Bug 718] Compilation error on m68k-next-openstep 4.0 Message-ID: <20030925185014.2084027C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=718 Summary: Compilation error on m68k-next-openstep 4.0 Product: Portable OpenSSH Version: 3.6.1p2 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P1 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: fatomei at kachinatech.com /bin/ld: Undefined symbols: _tcsendbreak _munmap ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 11:03:26 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 11:03:26 +1000 (EST) Subject: [Bug 719] pam auth not working the same way Message-ID: <20030926010326.3157427C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=719 Summary: pam auth not working the same way Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: stevebalm2000 at yahoo.com We recently upgraded from openssh-3.6.1p2 to openssh-3.7.1p2 and are now not able to login. We rely on PAM authentication and our PAM configuration looks like this: sshd auth required /usr/lib/security/$ISA/pam_krb54.so.1 get_k4_tgt This pam module is home-grown and gets both Kerb5 and Kerb4 tickets. I've tried running sshd -d -d -d to figure out the problem here and I'm not sure what the issue is. I'll attach the debug output shortly. Here is my /etc/ssh/sshd_config: HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_dsa_key LoginGraceTime 600 IgnoreRhosts no IgnoreUserKnownHosts yes X11Forwarding yes SyslogFacility DAEMON HostbasedAuthentication yes RhostsRSAAuthentication yes Subsystem sftp /usr/local/libexec/sftp-server Where should I be looking to track this down? Does my pam.conf need to be updated for the new openssh? Does my local pam need to be modified to work with the new openssh? Also, please let me know what other information would be helpful in debugging this. Thanks. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 11:13:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 11:13:08 +1000 (EST) Subject: [Bug 719] pam auth not working the same way Message-ID: <20030926011308.28D6327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=719 ------- Additional Comments From jason at devrandom.org 2003-09-26 11:13 ------- Do you have "UsePam yes" in your sshd_config file? 3.7.1p2 by defeault configuration now ships with PAM disabled. You *must* specify "UsePam yes" in your sshd_config for PAM to work with OpenSSH. This is a change in the default behavior between 3.7.1p1 and 3.7.1p2. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 11:14:45 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 11:14:45 +1000 (EST) Subject: [Bug 719] pam auth not working the same way Message-ID: <20030926011445.22DA927C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=719 ------- Additional Comments From stevebalm2000 at yahoo.com 2003-09-26 11:14 ------- Created an attachment (id=469) --> (http://bugzilla.mindrot.org/attachment.cgi?id=469&action=view) Output from "sshd -p 30 -d -d -d" I was able to login using v3.6.1p2 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 11:17:12 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 11:17:12 +1000 (EST) Subject: [Bug 719] pam auth not working the same way Message-ID: <20030926011712.56AFA27C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=719 ------- Additional Comments From stevebalm2000 at yahoo.com 2003-09-26 11:17 ------- Created an attachment (id=470) --> (http://bugzilla.mindrot.org/attachment.cgi?id=470&action=view) Output from "sshd -p 30 -d -d -d" I was not able to login using v3.7.1p2 Btw, here is uname -a info: SunOS trouble 5.9 Generic_112233-08 sun4u sparc SUNW,Ultra-5_10 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 11:24:29 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 11:24:29 +1000 (EST) Subject: [Bug 719] pam auth not working the same way Message-ID: <20030926012429.5B4FD27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=719 ------- Additional Comments From stevebalm2000 at yahoo.com 2003-09-26 11:24 ------- I added "UsePAM yes" to sshd_config and now I get my PAM conversation prompt and my login is successful. The sshd_config that ships with 3.7.1p2 should be updated to show that "UsePAM no" is the default now. Is there any way to avoid the PAM conversation prompt and use the OpenSSH password prompt as 3.6.1p2 used to do? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Fri Sep 26 12:24:47 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Fri, 26 Sep 2003 12:24:47 +1000 (EST) Subject: [Bug 719] pam auth not working the same way Message-ID: <20030926022447.1EA4427C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=719 ------- Additional Comments From stevebalm2000 at yahoo.com 2003-09-26 12:24 ------- Also, is it possible to use privilege separation and pam at the same time? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 27 00:41:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 27 Sep 2003 00:41:43 +1000 (EST) Subject: [Bug 464] sshd seems to corrupt the wtmpx Message-ID: <20030926144143.24E2127C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=464 ------- Additional Comments From mouring at eviladmin.org 2003-09-27 00:41 ------- Created an attachment (id=471) --> (http://bugzilla.mindrot.org/attachment.cgi?id=471&action=view) Use updwtmpx for 64bit platforms that support it (no configure.ac) add a "#define HAVE_UPDWTMPX 1" into your config.h and apply this patch. Does this solve your problem? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 27 07:34:20 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 27 Sep 2003 07:34:20 +1000 (EST) Subject: [Bug 720] "UseDNS no" breaks public key login Message-ID: <20030926213420.8ABAB27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=720 Summary: "UseDNS no" breaks public key login Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: wsanders1 at yahoo.com Setting "UseDNS no" as a temporary workaround for a host that does not have PTR record breaks public key login for all hosts, even if they have valid, matching A and PTR records. A message is logged to syslog: "sshd[1235]: Authentication tried for with correct key but not from a permitted host (host=XXX.XXX.XXX.XXX, ip=XXX.XXX.XXX.XXX)." Host at IP XXX.XXX.XXX.XXX is a host that is previously able to login when UseDNS is set to "yes". If this is not the intent of the UseDNS option ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 27 09:38:51 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 27 Sep 2003 09:38:51 +1000 (EST) Subject: [Bug 719] pam auth not working the same way Message-ID: <20030926233851.9CCCF27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=719 ------- Additional Comments From djm at mindrot.org 2003-09-27 09:38 ------- No, PAM is fundamentally a challenge-response system. The old password auth code worked by ASSuMEing that there would only be a single prompt and that the prompt would be for a password. (FYI, The UsePAM entry in sshd_config has been corrected) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 27 09:40:09 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 27 Sep 2003 09:40:09 +1000 (EST) Subject: [Bug 720] "UseDNS no" breaks public key login Message-ID: <20030926234009.26C4C27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=720 ------- Additional Comments From djm at mindrot.org 2003-09-27 09:40 ------- are you talking about HostBased authentication, or user PublicKeyAuthentication? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 27 09:42:50 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 27 Sep 2003 09:42:50 +1000 (EST) Subject: [Bug 717] AFS tokens are not generated upon login Message-ID: <20030926234250.3927327C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=717 ------- Additional Comments From djm at mindrot.org 2003-09-27 09:42 ------- Does this token get passed by way of an environment variable? Right now, the new PAM code doesn't export environment variables set by the authentication subprocess. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Sat Sep 27 11:19:59 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Sat, 27 Sep 2003 11:19:59 +1000 (EST) Subject: [Bug 717] AFS tokens are not generated upon login Message-ID: <20030927011959.2EEF827C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=717 ------- Additional Comments From djm at mindrot.org 2003-09-27 11:19 ------- Created an attachment (id=472) --> (http://bugzilla.mindrot.org/attachment.cgi?id=472&action=view) Try to export environment from PAM authentication subprocess This (quick, untested) patch tries to export the PAM environment from the authentication child to the master process. I have no idea whether or not it works, as I have no PAM modules that set environment variables during the auth phase. Also, I was unsure whether all PAM modules pass their environment using PAM's internal envrionment API or using the standard unix **environ. To be paranoid I pass both :) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 29 21:48:37 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 29 Sep 2003 21:48:37 +1000 (EST) Subject: [Bug 464] sshd seems to corrupt the wtmpx Message-ID: <20030929114837.7869627C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=464 ------- Additional Comments From pere at hungry.com 2003-09-29 21:48 ------- The patch solved the problem on HP/UX 11.22 for me. :) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Mon Sep 29 22:09:28 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Mon, 29 Sep 2003 22:09:28 +1000 (EST) Subject: [Bug 716] OpenSSH 3.7.1p2: sshd doesn't start at reboot (Tru64 UNIX) Message-ID: <20030929120928.04E8827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=716 ------- Additional Comments From Ole.H.Nielsen at fysik.dtu.dk 2003-09-29 22:09 ------- Following Ben Lindstrom I changed by /etc/inittab to read: sshd:23:respawn:/usr/local/sbin/sshd -D When rebooting (or doing "init q") I get these error messages on the console: INIT: Command is respawning too rapidly. Check for possible errors. id: sshd "/usr/local/sbin/sshd -D" So with or without the -D flag, sshd version 3.7.1p2 doesn't seem to be startable from /etc/inittab on Tru64 UNIX. Version 3.6 of sshd didn't have these problems. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 00:08:08 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 00:08:08 +1000 (EST) Subject: [Bug 700] PAM support broken in 3.7.1p1 Message-ID: <20030929140808.6AD0527C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=700 ------- Additional Comments From Fergus.Donohue at dcu.ie 2003-09-30 00:08 ------- Created an attachment (id=473) --> (http://bugzilla.mindrot.org/attachment.cgi?id=473&action=view) sshd -ddd for Version 3.4 Trace output for 3.4 (which works). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 00:08:40 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 00:08:40 +1000 (EST) Subject: [Bug 700] PAM support broken in 3.7.1p1 Message-ID: <20030929140840.17A9327C1A1@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=700 ------- Additional Comments From Fergus.Donohue at dcu.ie 2003-09-30 00:08 ------- Created an attachment (id=474) --> (http://bugzilla.mindrot.org/attachment.cgi?id=474&action=view) sshd -ddd for Version 3.7.1p2 Trace output for 3.7.1p2 (which doesn't work). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 00:10:54 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 00:10:54 +1000 (EST) Subject: [Bug 700] PAM support broken in 3.7.1p1 Message-ID: <20030929141054.E945D27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=700 ------- Additional Comments From Fergus.Donohue at dcu.ie 2003-09-30 00:10 ------- I too am using PAM (pam_ldap) with Solaris 8 and am seeing the same behaviour. camac {506}# uname -a SunOS camac 5.8 Generic_108528-21 sun4u sparc SUNW,Ultra-60 camac {507}# I've attached the output from a "sshd -ddd" for both 3.4 which works and 3.7.1p2 which doesn't! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 02:19:07 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 02:19:07 +1000 (EST) Subject: [Bug 721] --with-rpngd-socket=/path/to/file seems broken Message-ID: <20030929161907.4C84A27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=721 Summary: --with-rpngd-socket=/path/to/file seems broken Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: duncan.ferguson at egg.com I moved the prndg pool to /var/spool/prndg/pool and attempted to configure OpenSSH with the above command, but always got the error "PRNG not seeded" when trying to run sshd. Leaving the prngd pool in one of the default places (/var/run/egd-pool), sshd runs without problem. Using the configure option worked in 3.4p1 and i have only just upgraded to 3.7.1p2 to find this issue. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 02:19:38 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 02:19:38 +1000 (EST) Subject: [Bug 721] --with-prngd-socket=/path/to/file seems broken Message-ID: <20030929161938.10CC727C18F@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=721 duncan.ferguson at egg.com changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|--with-rpngd- |--with-prngd- |socket=/path/to/file seems |socket=/path/to/file seems |broken |broken ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 04:51:36 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 04:51:36 +1000 (EST) Subject: [Bug 722] scp not found Message-ID: <20030929185136.AE93B27C18F@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=722 Summary: scp not found Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: scp AssignedTo: openssh-bugs at mindrot.org ReportedBy: jim.a.davidson at bt.com I have just upgraded our test solaris servers (2.6 and 8) from OpenSSH V3.4 to OpenSSH V3.7.1 and now find that when I try to use scp to the new 3.7.1 server,I get error messages scp not found.The sshd was compiled using the same options as the V3.4 one which does not exhibit this behaviour (the only option selected being --prefix=).I could use a symbolic link to say /usr/bin/scp from /bin/scp but I would prefer not to do so. Is this a bug in the 3.7.1 code and if so can someone point me in the right direction. Thanks. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 04:55:45 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 04:55:45 +1000 (EST) Subject: [Bug 722] scp not found Message-ID: <20030929185545.30B8727C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=722 mouring at eviladmin.org changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|scp not found |scp not found ------- Additional Comments From mouring at eviladmin.org 2003-09-30 04:55 ------- sshd under Solaris now honors /etc/default/login and is enabled by default. It will override anything compiled in. Are your paths set right to include that directory in /etc/default/login? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 05:05:19 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 05:05:19 +1000 (EST) Subject: [Bug 722] scp not found Message-ID: <20030929190519.46D5C27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=722 ------- Additional Comments From jim.a.davidson at bt.com 2003-09-30 05:05 ------- I didn't realise that this was now the case.I will add to PATH in /etc/default/login and see if this fixes it. Thanks. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 07:24:43 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 07:24:43 +1000 (EST) Subject: [Bug 720] "UseDNS no" breaks public key login Message-ID: <20030929212443.1016227C188@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=720 wsanders1 at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Additional Comments From wsanders1 at yahoo.com 2003-09-30 07:24 ------- Ahhh, this was a usage error. You can close this bug. "UseDNS no" stops all DNS references from occurring - I had expected it to only disable the restriction that the host's IP be findable in a PTR DNS record. What was actually happening is that from="" was in my authorized_keys file, and then "UseDNS no" prevented sshd from looking up the IP of foo. SO sshd would complain "Your host '11.22.33.44' is not permitted to use this key for login." when it also meant "key found in the authorized_keys file for but not for 11.22.33.44". The correct use of "UseDNS no" is to identify the key with 'from ="11.22.33.44"' (the double quotes are required) rather than 'from="". ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 10:01:01 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 10:01:01 +1000 (EST) Subject: [Bug 700] PAM support broken in 3.7.1p1 Message-ID: <20030930000101.258DA27C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=700 ------- Additional Comments From djm at mindrot.org 2003-09-30 10:00 ------- Try setting "PasswordAuthentication no" and "ChallengeResponseAuthentication yes" in sshd_config. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 18:59:26 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 18:59:26 +1000 (EST) Subject: [Bug 700] PAM support broken in 3.7.1p1 Message-ID: <20030930085926.A120827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=700 ------- Additional Comments From Fergus.Donohue at dcu.ie 2003-09-30 18:59 ------- That's done it, Thanks Damien. Can this be added to the documentation? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 21:10:24 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 21:10:24 +1000 (EST) Subject: [Bug 700] PAM support broken in 3.7.1p1 Message-ID: <20030930111024.6DCD527C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=700 bryan.finn at data.slu.se changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED ------- Additional Comments From bryan.finn at data.slu.se 2003-09-30 21:10 ------- Yes, thank you. Works for me too. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 22:07:01 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 22:07:01 +1000 (EST) Subject: [Bug 723] Password expire not working properly Message-ID: <20030930120701.7F49727C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=723 Summary: Password expire not working properly Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: stefan at stebo.se I have compiled openssh-3.7.1p2 with pwexp24 with following options: ./configure --prefix=/usr/local --with-pam --enable-static=yes --sysconfdir=/usr/local/etc --without-rand-helper --libdir=/usr/lib I have run some tests on password expire, and cannot get it to function properly. When I force a user to change his/hers password at next login, they get in without changing the password. When I telnet to the system it works properly. Here is a printout of selected commands: bash-2.05# pkginfo -l OBSDssh PKGINST: OBSDssh NAME: OpenSSH for Solaris CATEGORY: application ARCH: sparc VERSION: 3.7.1p2-pwexp24 BASEDIR: / PSTAMP: ps15120030924133714 INSTDATE: Sep 24 2003 13:38 STATUS: completely installed FILES: 54 installed pathnames 10 shared pathnames 5 linked files 18 directories 12 executables 1 setuid/setgid executables 12505 blocks used (approx) bash-2.05# uname -r 5.8 bash-2.05# passwd peter New password: Re-enter new password: passwd (SYSTEM): passwd successfully changed for peter bash-2.05# ssh -l peter localhost peter at localhost's password: Warning: No xauth data; using fake authentication data for X11 forwarding. Last login: Tue Sep 30 13:42:23 2003 from localhost Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001 Test by stebo Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001 Test by stebo $ Connection to localhost closed. bash-2.05# passwd -f peter bash-2.05# ssh -l peter localhost peter at localhost's password: Warning: No xauth data; using fake authentication data for X11 forwarding. Last login: Tue Sep 30 13:54:06 2003 from localhost Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001 Test by stebo Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001 Test by stebo $ Connection to localhost closed. I have no idea why this doesn't work. Would be very glad if some masterminded soul could enlighten me ;) Regards Stefan ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 22:17:02 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 22:17:02 +1000 (EST) Subject: [Bug 723] Password expire not working properly Message-ID: <20030930121702.AAD1427C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=723 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|openssh-bugs at mindrot.org |dtucker at zip.com.au Component|Build system |sshd ------- Additional Comments From dtucker at zip.com.au 2003-09-30 22:17 ------- Is HAS_SHADOW_EXPIRE undef'ed in config.h? Try adding "#define HAS_SHADOW_EXPIRE 1" to config.h and recompiling. Since that patch isn't part of OpenSSH itself (although the probable cause is), I'm re-assigning to me. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 23:31:15 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 23:31:15 +1000 (EST) Subject: [Bug 722] scp not found Message-ID: <20030930133115.1865527C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=722 jim.a.davidson at bt.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From jim.a.davidson at bt.com 2003-09-30 23:31 ------- This has fixed my problem. Is this change documented somewhere ? Thanks for the info. anyway. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. From bugzilla-daemon at mindrot.org Tue Sep 30 23:42:02 2003 From: bugzilla-daemon at mindrot.org (bugzilla-daemon at mindrot.org) Date: Tue, 30 Sep 2003 23:42:02 +1000 (EST) Subject: [Bug 722] scp not found Message-ID: <20030930134202.04E0827C187@shitei.mindrot.org> http://bugzilla.mindrot.org/show_bug.cgi?id=722 ------- Additional Comments From dtucker at zip.com.au 2003-09-30 23:42 ------- Once finished, configure will display the following warning: (If PATH is set in /etc/default/login it will be used instead. If used, ensure the path to scp is present, otherwise scp will not work.) The honouring of /etc/default/login was also mentioned in the release notes. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.