LoginGraceTime

Fischer, Bill Bill.Fischer at qwest.com
Sat Jan 14 09:45:41 EST 2006


The code certainly looks different (the line I changed last time is no
longer there to change :), but the result seems to be the same.

Here's the output from the server:
$ /scratch2/openssh-exec/sbin/sshd -f /scratch2/openssh/etc/sshd_config
-De
Server listening on :: port 66.
Server listening on 0.0.0.0 port 66.
Generating 768 bit RSA key.
RSA key generation complete.
Connection from 10.1.1.1 port 33559
Failed none for root from 10.1.1.1 port 33559 ssh2
Found matching RSA key: a7:0d:cf:e0:8a:df:a6:7a:4d:2e:1b:5b:fa:34:b4:85
Postponed publickey for root from 10.1.1.1 port 33559 ssh2
Found matching RSA key: a7:0d:cf:e0:8a:df:a6:7a:4d:2e:1b:5b:fa:34:b4:85
Accepted publickey for root from 10.1.1.1 port 33559 ssh2
Accepted publickey for root from 10.1.1.1 port 33559 ssh2
Timeout before authentication for 10.1.1.1

That's VERBOSE level.  The problem doesn't occur in any of the DEBUG
levels since the login timer is disabled when in debug mode.  If the
debug output would be helpful, I could change the code to enable the
timeout when in debug mode.

The connection still works fine if I rename the id_[rd]sa* files in
~/.ssh on the client side.

For what it's worth, adding a call to verbose in the authenticated:
block of sshd.c shows that the authenticated: block is indeed getting
executed.   And adding a signal(SIGALRM, SIG_IGN) will cause the
connection to remain up, but of course means all future SIGALRM's will
be ignored, which may be less than desirable and if you ever need to set
up another SIGALRM, that would almost certainly be bad news.  Sure seems
like the system is flat our ignoring the alarm(0) call.

Not sure where else to look.

-Bill.



-----Original Message-----
From: Damien Miller [mailto:djm at mindrot.org] 
Sent: Friday, January 13, 2006 3:36 PM
To: Fischer, Bill
Cc: openssh-unix-dev at mindrot.org
Subject: Re: LoginGraceTime

Fischer, Bill wrote:
> Hello,
> 
> We've found some undesirable behavior with respect to LoginGraceTime.

> A minor code change in session.c seems to clear it up, but now I'm 
> asking for help in better understanding the problem and determining if

> there any unexpected side effects of the change.

Hi Bill,

There have been some changes in this area recently. Could you try one of
the snapshot releases at:

ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/snapshot

an let us know if the problem is still evident?

Thanks,
Damien Miller




More information about the openssh-unix-dev mailing list