Re: openssh-portable and s/key passwords

From: Peter Pentchev (roam@ringlet.net)
Date: 06/26/02


Date: Wed, 26 Jun 2002 15:19:26 +0300
From: Peter Pentchev <roam@ringlet.net>
To: Maxim Kozin <madmax@express.ru>


On Wed, Jun 26, 2002 at 04:09:49PM +0400, Maxim Kozin wrote:
> > I'm not sure if it's relevant to FreeBSD but debian advisory
> > http://www.debian.org/security/2002/dsa-134
> > says:
> >
> > * keyboard interactive authentication does not work with privilege seperation.
> > Most noticable for Debian users this breaks PAM modules which need a PAM conversation
> > function (like the OPIE module).
>
> Problem: setup openssh + pam(some self-write module)
> When I don't create full chroot enviromnet in /usr/local/empty,
> sshd -d -d -d fail in start_pam.
> All symbol in my_pam.so must be resolved on privsep step, because
> copy in chroot all need libs,/etc/pam.conf and /etc/passwd
> Now I can see, that pam started, make succefuly auth.
> BUt session disconected with diagnostic:
> debug3: monitor_read: checking request 24
> debug3: mm_send_keystate: Finished sending state
> monitor_read: unsupported request: 24
> debug1: Calling cleanup 0x806d98c(0x0)
>
> "Request type 24" is some about tty/pty ?

Could you try creating the tty* and possibly the pty* device nodes in
the chroot environment's /dev?

G'luck,
Peter

-- 
Peter Pentchev	roam@ringlet.net	roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence claims to be an Epimenides paradox, but it is lying.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Relevant Pages

  • Re: openssh-portable and s/key passwords
    ... > I'm not sure if it's relevant to FreeBSD but debian advisory ... > Most noticable for Debian users this breaks PAM modules which need a PAM conversation ... debug3: monitor_read: checking request 24 ...
    (FreeBSD-Security)
  • Re: openssh-portable and s/key passwords
    ... I'm not sure if it's relevant to FreeBSD but debian advisory ... Most noticable for Debian users this breaks PAM modules which need a PAM conversation ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • FreeBSD Security Advisory FreeBSD-SA-06:09.openssh
    ... For general information regarding FreeBSD Security Advisories, ... Privilege separation is a mechanism used by OpenSSH to protect itself ... OpenSSH to fork a child process to handle calls to the PAM framework. ... The following command will show a list of orphaned PAM processes: ...
    (Bugtraq)
  • FreeBSD Security Advisory FreeBSD-SA-06:09.openssh
    ... For general information regarding FreeBSD Security Advisories, ... Privilege separation is a mechanism used by OpenSSH to protect itself ... OpenSSH to fork a child process to handle calls to the PAM framework. ... The following command will show a list of orphaned PAM processes: ...
    (FreeBSD-Security)
  • [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:09.openssh
    ... For general information regarding FreeBSD Security Advisories, ... Privilege separation is a mechanism used by OpenSSH to protect itself ... OpenSSH to fork a child process to handle calls to the PAM framework. ... The following command will show a list of orphaned PAM processes: ...
    (freebsd-announce)