Hello again. I have been brainstorming with a few people and I have found a solution to the problem I was experiencing. This solution works in both SSH 1.2.26 (not 1.2.27, as I was delusional that day) and SSH 2.0.11. In SSH 1.2.26 adding the -DHAVE_STRUCT_SPWD_EXPIRE to the Makefile in the top of the SSH tree with fix the problem. In SSH 2.0.11 adding the same -DHAVE_STRUCT_SPWD_EXPIRE to ssh-2.0.11/lib/sshsession/Makefile. In both case, I added it to the 'defs =' section and it worked fine, but maybe there is a cleaner way to do this. In regards to -with-login, I have tried it and gotten errors not allowing me to login at all. I do not remember the exact problem, but I know it did not work. (I am too lazy right now to replicate the error). Thanks to everyone who responded and lent me a hand. Raymond T Sundland -----Original Message----- From: Linux Mailing Lists [mailto:linuxat_private] Sent: Monday, January 25, 1999 2:40 PM To: BUGTRAQat_private Cc: kuruptionat_private Subject: Re: SSH 1.x and 2.x Daemon Hello, > > There seems to be incomplete code in the SSH daemon in both versions 1.2.27 > > and 2.0.11 (only tested). The bug simply allows users who with expired > > accounts (in /etc/shadow) to continue to login even though other such > > services such as ftp and telnet deny access. Here is the log using 1.2.27 > > (but the same happens with 2.0.11). > > This is not the case with ssh 1.1.26 running on FreeBSD 2.2.8 > If I expire an account: > Expire [month day year]: January 1, 1999 > Then when I try to ssh in I just get: > Permission denied. There's a configure parameter to use the "usual" /bin/login program instead of the login procedure implemented with ssh: --with-login[=PATH] Use login -f to finish login connections. On one hand, a possible fix (temporal, of course) is to compile sshd with support for /bin/login. The features of the shadow-suite will be back. On the other hand, SSH 1.2.26 seems to implement the expiration date of accounts (grep expire sshd.c), but I don't know if it does it ok. Greetings, Sergio
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:30:58 PDT