OpenSSH 3.9p1 bug, .hushlogin is ignored

Andreas M. Kirchwitz amk at
Mon Sep 6 22:12:54 EST 2004

Hello Darren! Hello OpenSSH (portable) users!

After updating from OpenSSH 3.8.1p1 to OpenSSH 3.9p1 on my
Fedora Core 2 Linux box, the "sshd" no longer respects
"~/.hushlogin" to get a quiet and silent login. Now I get
the noisy "Last login: somedate from somehost" line.

I really loved that feature. ;-)

The problem is related to a change in "session.c", function do_child().
In line 1426, the following code has been added to the portable
version of OpenSSH:

	 * PAM session modules in do_setusercontext may have
	 * generated messages, so if this in an interactive
	 * login then display them too.
	if (command == NULL)

According to the ChangeLog:
     - (dtucker) [session.c] Call display_loginmsg again after do_pam_session.
       Ensures messages from PAM modules are displayed when privsep=no.

Unfortunately, this breaks .hushlogin.

As long as I run "ssh somehost somecommand", it obviously works as
expected, but if I do "ssh somehost", I get the "Last login:" line.

If I remove the code segment, ".hushlogin" works again. (No big deal. ;-)

Although "if (command == NULL)" could be replaced by a call to
"if (!check_quietlogin(s, command))" to fix the problem, the
double access to ".hushlogin" wouldn't be good programming style.
If it's needed more than once, the result of check_quietlogin()
could be cached somewhere to avoid unnecessary access to the

However, besides this (my beloved .hushlogin ;-), OpenSSH 3.9p1 is
really good work. Keep up the good work!

	Greetings, Andreas

More information about the openssh-unix-dev mailing list