Hello, > > There seems to be incomplete code in the SSH daemon in both versions 1.2.27 > > and 2.0.11 (only tested). The bug simply allows users who with expired > > accounts (in /etc/shadow) to continue to login even though other such > > services such as ftp and telnet deny access. Here is the log using 1.2.27 > > (but the same happens with 2.0.11). > > This is not the case with ssh 1.1.26 running on FreeBSD 2.2.8 > If I expire an account: > Expire [month day year]: January 1, 1999 > Then when I try to ssh in I just get: > Permission denied. There's a configure parameter to use the "usual" /bin/login program instead of the login procedure implemented with ssh: --with-login[=PATH] Use login -f to finish login connections. On one hand, a possible fix (temporal, of course) is to compile sshd with support for /bin/login. The features of the shadow-suite will be back. On the other hand, SSH 1.2.26 seems to implement the expiration date of accounts (grep expire sshd.c), but I don't know if it does it ok. Greetings, Sergio
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:31:00 PDT