Re: SSH 1.x and 2.x Daemon

From: KuRuPTioN (kuruptionat_private)
Date: Mon Jan 25 1999 - 12:22:03 PST

Next message: dorqus maximus: "Re: Win98 Crash?"

Previous message: Jim Bourne: "Re: SSH 1.x and 2.x Daemon"
Maybe in reply to: KuRuPTioN: "SSH 1.x and 2.x Daemon"
Next in thread: Linux Mailing Lists: "Re: SSH 1.x and 2.x Daemon"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello again.

I have been brainstorming with a few people and I have found a solution to
the problem I was experiencing.  This solution works in both SSH 1.2.26 (not
1.2.27, as I was delusional that day) and SSH 2.0.11.

In SSH 1.2.26 adding the -DHAVE_STRUCT_SPWD_EXPIRE to the Makefile in the
top of the SSH tree with fix the problem.

In SSH 2.0.11 adding the same -DHAVE_STRUCT_SPWD_EXPIRE to
ssh-2.0.11/lib/sshsession/Makefile.  In both case, I added it to the 'defs
=' section and it worked fine, but maybe there is a cleaner way to do this.

In regards to -with-login, I have tried it and gotten errors not allowing me
to login at all.  I do not remember the exact problem, but I know it did not
work.  (I am too lazy right now to replicate the error).

Thanks to everyone who responded and lent me a hand.

Raymond T Sundland


-----Original Message-----
From:	Linux Mailing Lists [mailto:linuxat_private]
Sent:	Monday, January 25, 1999 2:40 PM
To:	BUGTRAQat_private
Cc:	kuruptionat_private
Subject:	Re: SSH 1.x and 2.x Daemon


Hello,

> > There seems to be incomplete code in the SSH daemon in both versions
1.2.27
> > and 2.0.11 (only tested).  The bug simply allows users who with expired
> > accounts (in /etc/shadow) to continue to login even though other such
> > services such as ftp and telnet deny access.  Here is the log using
1.2.27
> > (but the same happens with 2.0.11).
>
>         This is not the case with ssh 1.1.26 running on FreeBSD 2.2.8
>         If I expire an account:
>         Expire [month day year]: January 1, 1999
>         Then when I try to ssh in I just get:
>         Permission denied.


There's a configure parameter to use the "usual" /bin/login program
instead of the login procedure implemented with ssh:

  --with-login[=PATH]     Use login -f to finish login connections.

On one hand, a possible fix (temporal, of course) is to compile sshd with
support for /bin/login. The features of the shadow-suite will be back.

On the other hand, SSH 1.2.26 seems to implement the expiration date of
accounts (grep expire sshd.c), but I don't know if it does it ok.

Greetings,

							Sergio

Next message: dorqus maximus: "Re: Win98 Crash?"
Previous message: Jim Bourne: "Re: SSH 1.x and 2.x Daemon"
Maybe in reply to: KuRuPTioN: "SSH 1.x and 2.x Daemon"
Next in thread: Linux Mailing Lists: "Re: SSH 1.x and 2.x Daemon"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:30:58 PDT