openssh & delay
Giuseppe Ghibò
ghibo at mandrakesoft.com
Fri May 28 01:31:09 EST 2004
Hi, I wrote you to ask whether this patch is OK for you. I extracted
from the current debian openssh patch set.
The problem is that in a openssh 3.6.1p2
installation compiled with pam support
when one is doing an ssh connection to a 3.6.1p2 ssh server there is a
slight delay of around 3-4 seconds before one gets the login, and even
before you type the login name and password you get this message in
/var/log/messages of the remote machine
one is going to connect to:
sshd(pam_unix)[4402]: authentication failure; uid=... euid=...
tty=NODEVssh ruser= rhost=... user=...
I've noticed also that under current openssh-3.8 instead there isn't
such delay nor log entry. At the beginning I thought it was caused
to delay caused by IPV6 DNS lookups, then something
related to pam, and recently I found that such behaviour
was already reported and explained, for instance, here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=192207
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=193546
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=101157#c8
and
http://www.securityfocus.com/archive/121/326500/2003-06-18/2003-06-24/0
and depends on the attempts with EmptyPassword and pam the ssh does.
Debian uses a patch (which I extracted and attached here) which
seems working for fixing this behaviour. The openssh 3.8 seems also
using a similar solution, with:
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
in auth-passwd.c; so I was wondering if it's safe to use the
(attached) debian patch, in which case Stew/Vincent will provide
and official Mandrake openssh update.
Thanks.
Bye.
Giuseppe.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-3.6.1p2-delay.patch.gz
Type: application/x-gzip
Size: 711 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040527/5dfaabed/attachment.bin
More information about the openssh-unix-dev
mailing list