A Feature Request

Damien Miller djm at mindrot.org
Tue May 30 10:05:13 AEST 2017


On Mon, 29 May 2017, Devang Modi wrote:

> Dear Sir,
> I wish to highlight a security limitation for OpenSSH/PAM.
> 
> Issue is attached with openssh-server-5.3p1-122.el6.x86_64
> and pam-1.1.1-24.el6.x86_64. Or Both.

This is a really old OpenSSH release
https://www.openssh.com/releasenotes.html#5.3 says it's 7.5 years old.

This is what the current version does:

[djm at haru ssh]$ ssh ::1
djm@::1's password: 
^C
[djm at haru ssh]$ tail -2 /var/log/authlog
May 30 10:01:10 fuyu sshd[11899]: Connection from ::1 port 27606 on ::1 port 22
May 30 10:01:12 fuyu sshd[11899]: Connection closed by authenticating user djm ::1 port 27606 [preauth]

authlog being where OpenBSD sends auth.info syslog messages.

-d


More information about the openssh-unix-dev mailing list