sshd does not flush PAM messages

Ondřej Velíšek ondrejvelisek at gmail.com
Thu Dec 13 20:14:22 AEDT 2018


Hi,

I would like to report a problem. It seems OpenSSH server does not flush PAM
messages unless it is a prompt or the PAM terminates. I've tried it with
OpenSSH and Dropbear clients. I tested my own PAM module which simply
sends a non-prompting message and sleeps. Used raw C and Python PAM
bridge. Both the same results.
sshd -V
OpenSSH_7.2p2 Ubuntu-4ubuntu2.6, OpenSSL 1.0.2g  1 Mar 2016

steps:
- create PAM which sends PAM_TEXT_INFO message and then executes sleep(10)
- configure sshd to use it and run the server
- try to connect with client
- ssh display nothing until 10 sec

Is it intentional? I believe it should not be. There are
authentication methods which do not need to prompt the user. For example
OAuth2 Device code method.

cheers

Ondrej


More information about the openssh-unix-dev mailing list