SSH using the login binary
Livengood, Edward
Edward.Livengood at CommerceBank.com
Sat Sep 16 02:11:34 EST 2000
Thank you. That lead me to what I was looking for.
Ed
Information Security
-----Original Message-----
From: Gregory Leblanc [mailto:GLeblanc at cu-portland.edu]
Sent: Thursday, September 14, 2000 5:08 PM
To: 'Livengood, Edward'; 'openssh-unix-dev at mindrot.org'
Subject: RE: SSH using the login binary
> -----Original Message-----
> From: Livengood, Edward [mailto:Edward.Livengood at CommerceBank.com]
>
> This may not be the place to pose this question so forgive me
> if I should
> send this somewhere else.
>
> I have noticed that SSH2 appears to check user's password against the
> password file without executing login. We are using a
> security application
> that replaces the login binary to perform its own security
> checks on login,
> i.e.. is suspend user ids that have failed to use a
> successful password.
> Since SSH2 doesn't use the login binary that was replaced it
> bypasses our
> security product. I was wondering if this would be difficult
> to change, and
> if not where in the source code I would have to go to make
> such a change?
Now I'm not an expert, bus isn't this what the "UseLogin" parameter in
sshd_config is supposed to do? The man page for sshd has more information.
Greg
More information about the openssh-unix-dev
mailing list