OpenSSH_4.3p1 configure patch
Darren Tucker
dtucker at zip.com.au
Wed Feb 8 00:15:35 EST 2006
On Tue, Feb 07, 2006 at 01:55:01PM +0100, Corinna Vinschen wrote:
> I found a better solution which doesn't require an #ifdef:
>
> --- auth2.c.ORIG 2006-02-07 13:53:11.561136300 +0100
> +++ auth2.c 2006-02-07 13:51:08.992832300 +0100
> @@ -243,7 +243,8 @@ userauth_finish(Authctxt *authctxt, int
> #endif /* _UNICOS */
>
> /* Log before sending the reply */
> - auth_log(authctxt, authenticated, method, " ssh2");
> + if (!use_privsep)
> + auth_log(authctxt, authenticated, method, " ssh2");
>
> if (authctxt->postponed)
> return;
>
> Is that ok?
I think that will stop logging of some auth attempts entirely when
privsep is on (eg those that don't require a monitor call, such as
failed pubkey attempts).
Eg, compare "sshd -D -e -p 2022 -o maxauthtries=2" with and without the
patch.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list