AIX remote root logins
Darren Tucker
dtucker at zip.com.au
Sun Oct 13 18:10:42 EST 2002
Ben Lindstrom wrote:
> Send a patch.. I'll add it to the AIX queue.
OK... this patch only calls loginrestricted on AIX if:
a) the user logging in isn't root (so root logins can be disabled via
telnet but permitted or denied via PermitRootLogin).
b) sshd *is* running as root since loginrestricted will fail if sshd
isn't (or isn't a member of group "security").
See: http://bugzilla.mindrot.org/show_bug.cgi?id=383 for details.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
Index: auth.c
===================================================================
RCS file: /cvs/openssh/auth.c,v
retrieving revision 1.58
diff -u -r1.58 auth.c
--- auth.c 21 Sep 2002 15:26:53 -0000 1.58
+++ auth.c 13 Oct 2002 06:28:23 -0000
@@ -202,7 +202,13 @@
}
#ifdef WITH_AIXAUTHENTICATE
- if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
+ /*
+ * Don't check loginrestrictions() for root account (use
+ * PermitRootLogin to control logins via ssh), or if running as
+ * non-root user (since loginrestrictions will always fail).
+ */
+ if ( (pw->pw_uid != 0) && (geteuid() == 0) &&
+ loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
if (loginmsg && *loginmsg) {
/* Remove embedded newlines (if any) */
char *p;
More information about the openssh-unix-dev
mailing list