AIX issues

Steven Bade sbade at austin.ibm.com
Mon Jul 29 23:22:39 EST 2002


Mark.... At least on 5.1, openSSH is supported by IBM via it's AIX 
support channels.  You might want to also take these up via a PMR or 2...

Mark Grennan wrote:

> Hello everyone, 
> 
> I have been given the task of working out a number of issues with
> OpenSSH for my company (Hertz). 
> 
> I have been following the mailing list for several days now and I'm
> beginning to compile a list of who is working on what.  To make my task
> faster, it would nice if the people working on the following issues
> would drop me a email before I start to rewrite their code and get it
> wrong. :-)
> 
> I am dealing with AIX 4.3.3, AIX 5.x, and OpenSSH 2.5.1p1 and 2.9.9p2. 
> I'm sure some of these issues have been fixed. 
> 
> The issues are:
> 
>     1. Allows login even though the password has expired either from age
>     or after being reset by a security analyst.
>     
>     2. Doesn't update AIX's "failed login count", consequently the ID is
>     not locked after 5 invalid login attempts.
>     
>     3. Doesn't record the failed login in AIX's failedlogin log.
>     
>     4. Doesn't post logged in users to the wtmp file causing it to
>     appear as if no one is logged in.
>     
>     5. Corrupts the file that stores the last login date for users
>     making it impossible to lock or remove accounts for inactivity.
>     
>     6. Doesn't honor the /etc/ftpusers to restrict sftp access. Any
>     users can use ftp through SSH.
>     
>     7. Syslog entries for SSH login don't differentiate between SSH,
>     SFTP, or other tunneled logins.
>     
>     8. OpenSSH doesn't show user logouts in syslog like F-Secure does.
>     
> My first step is to move both envirements to 3.4p1 and retest.
> 
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> 


-- 
Steven A. Bade
UNIX Network Security Cryptographic Strategy and Development Architecture
sbade at austin.ibm.com
T/L 678-4799
(512)-838-4799

--
To convert from Hogsheads to Cubic Feet - Multiply by 8.4219

"Two-way communication is necessary to proactively facilitate acceptance
and involvement and to get insights about the journey it takes to get where
we want"

this mess is so big and so bad and so tall,
we cannot clean it up, there is no way at all
(Cat in the Hat)






More information about the openssh-unix-dev mailing list