On Mon, 29 May 2017, Devang Modi wrote: > Dear Sir, > I wish to highlight a security limitation for OpenSSH/PAM. > > Issue is attached with openssh-server-5.3p1-122.el6.x86_64 > and pam-1.1.1-24.el6.x86_64. Or Both. This is a really old OpenSSH release https://www.openssh.com/releasenotes.html#5.3 says it's 7.5 years old. This is what the current version does: [djm@haru ssh]$ ssh ::1 djm@::1's password: ^C [djm@haru ssh]$ tail -2 /var/log/authlog May 30 10:01:10 fuyu sshd[11899]: Connection from ::1 port 27606 on ::1 port 22 May 30 10:01:12 fuyu sshd[11899]: Connection closed by authenticating user djm ::1 port 27606 [preauth] authlog being where OpenBSD sends auth.info syslog messages. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
