[Bug 3566] New: Password expiry warning is printed multiple times when UsePAM is set to yes

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Apr 24 20:57:55 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3566

            Bug ID: 3566
           Summary: Password expiry warning is printed multiple times when
                    UsePAM is set to yes
           Product: Portable OpenSSH
           Version: 8.8p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: PAM support
          Assignee: unassigned-bugs at mindrot.org
          Reporter: sshedi at vmware.com

Created attachment 3692
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3692&action=edit
Show pam messages only on failure

When UsePAM is set to yes in sshd_config and if a user password is
about to expire, it gets printed two times while doing ssh login.

Sample output:

```
root at ph4dev:~ # sshpass -p changeme ssh root at localhost
Warning: your password will expire in 2 days.
Warning: your password will expire in 2 days.
Last login: Mon Apr 24 15:47:41 2023 from 127.0.0.1
 15:48:55 up  1:32,  2 users,  load average: 0.00, 0.00, 0.00
root at ph4dev:~ #
```

I reproduced this with "openssh-8.8p1" and I believe this affects all
versions >= 8.4p1

Following commit is the cause of the issue.

https://github.com/openssh/openssh-portable/commit/ed6bef77f5bb5b8f9ca2914478949e29f2f0a780

This whole pam message echoing portion looks redundant because it is
already done at
https://github.com/openssh/openssh-portable/blob/master/auth-pam.c#L529

I am attaching a patch to fix this issue as well but not sure if it is
correct.

Please let me know if I need to raise a PR in github.

-
Shedi

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list