openssh & delay

Giuseppe Ghibò ghibo at mandrakesoft.com
Fri May 28 01:31:09 EST 2004


Hi, I wrote you to ask whether this patch is OK for you. I extracted
from the current debian openssh patch set.

The problem is that in a openssh 3.6.1p2
installation compiled with pam support
when one is doing an ssh connection to a 3.6.1p2 ssh server there is a 
slight delay of around 3-4 seconds before one gets the login, and even 
before you type the login name and password you get this message in 
/var/log/messages of the remote machine
one is going to connect to:

sshd(pam_unix)[4402]: authentication failure; uid=... euid=...
tty=NODEVssh ruser= rhost=...  user=...

I've noticed also that under current openssh-3.8 instead there isn't
such delay nor log entry. At the beginning I thought it was caused
to delay caused by IPV6 DNS lookups, then something
related to pam, and recently I found that such behaviour
was already reported and explained, for instance, here:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=192207
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=193546
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=101157#c8

and

http://www.securityfocus.com/archive/121/326500/2003-06-18/2003-06-24/0

and depends on the attempts with EmptyPassword and pam the ssh does.
Debian uses a patch (which I extracted and attached here) which
seems working for fixing this behaviour. The openssh 3.8 seems also
using a similar solution, with:

          if (*password == '\0' && options.permit_empty_passwd == 0)
                  return 0;

in auth-passwd.c; so I was wondering if it's safe to use the
(attached) debian patch, in which case Stew/Vincent will provide
and official Mandrake openssh update.

Thanks.
Bye.
Giuseppe.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-3.6.1p2-delay.patch.gz
Type: application/x-gzip
Size: 711 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040527/5dfaabed/attachment.bin 


More information about the openssh-unix-dev mailing list