Portable OpenSSH Solaris UseLogin Issue

Loomis, Rip GILBERT.R.LOOMIS at saic.com
Tue Dec 19 06:10:14 EST 2000


Aarggh.

Telnetd has the necessary audit initialization
code (and generation of login/logout
audit events) written in by Sun.
The "best" fix (IMHO) is to do the
audit initialization within OpenSSH,
in the same way that OpenSSH needs to
do it for SGI IRIX, etc., and in the
same way that telnetd does it for
Solaris.

I have code (which was written for a
previous customer against "commercial"
SSH 1.2.27) that correctly implements
all the audit initialization stuff for
Solaris.  I've been trying to make the
time to integrate the code into OpenSSH
for several months, but Real Work keeps
intruding.

Does someone want the existing (not real
pretty but workable) code against 1.2.27
as a starting point?  If not then I'll
try to make time in the next couple of
weeks, but trying to make time hasn't
historically seemed to work.

The biggest stumbling block when I last
went in to integrate the code was that
(IIRC) OpenSSH calls one "session
initialization" function which is common
to both the ssh client and sshd.  This
caused some problems...but I'll excavate
my codebase again now and take another
look this afternoon.

Rip Loomis		Voice Number: (410) 953-6874
--------------------------------------------------------
Senior Security Engineer
Center for Information Security Technology
Science Applications International Corporation
http://www.cist.saic.com



> -----Original Message-----
> From: Markus Friedl [mailto:Markus.Friedl at informatik.uni-erlangen.de]
> Sent: Monday, December 18, 2000 3:03 AM
> To: Jonathan Fortin
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: Portable OpenSSH Solaris UseLogin Issue
> 
> 
> does telnetd call login?  how does telnetd call login?
> 
> On Sun, Dec 17, 2000 at 05:23:05PM -0500, Jonathan Fortin wrote:
> > In order to use solaris's BSM (Basic security module) also 
> called c2 audit,
> > which logs specific kernel calls depending on your audit_control,
> > I would need to use login(1) to log users exec calls and 
> whatnot because
> > Portable OpenSSH does not have <bsm/audit.h> support, now 
> that would mean I
> > would have to enable Uselogin in sshd_config in order for 
> that to work.
> 





More information about the openssh-unix-dev mailing list