On Thu, 24 May 2018, Daniel Wagner wrote:
> Hi,
>
> I upgraded for one of our products the SSH server to the portal OpenSSH
> 7.7p1 release. While testing I observed a change in the behavior for
> expired passwords.
>
> The commit 7c8568576071 ("upstream: switch over to the new
> authorized_keys options API and") dropped the 'allowed pty' option when
> the password has expired. By adding this hack here, I got it
> back to the old behavior:
I think it's probably okay to allow the PTY in restricted sessions
generally.
The global PermitTTY option as well as any authorized_keys options will
still apply.
Does this solve your problem?
diff --git a/auth.c b/auth.c
index 63366768..4fc95457 100644
--- a/auth.c
+++ b/auth.c
@@ -1080,6 +1080,7 @@ auth_restrict_session(struct ssh *ssh)
/* A blank sshauthopt defaults to permitting nothing */
restricted = sshauthopt_new();
+ restricted->permit_pty_flag = 1;
restricted->restricted = 1;
if (auth_activate_options(ssh, restricted) != 0)
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
