On Thu, 24 May 2018, Daniel Wagner wrote: > Hi, > > I upgraded for one of our products the SSH server to the portal OpenSSH > 7.7p1 release. While testing I observed a change in the behavior for > expired passwords. > > The commit 7c8568576071 ("upstream: switch over to the new > authorized_keys options API and") dropped the 'allowed pty' option when > the password has expired. By adding this hack here, I got it > back to the old behavior: I think it's probably okay to allow the PTY in restricted sessions generally. The global PermitTTY option as well as any authorized_keys options will still apply. Does this solve your problem? diff --git a/auth.c b/auth.c index 63366768..4fc95457 100644 --- a/auth.c +++ b/auth.c @@ -1080,6 +1080,7 @@ auth_restrict_session(struct ssh *ssh) /* A blank sshauthopt defaults to permitting nothing */ restricted = sshauthopt_new(); + restricted->permit_pty_flag = 1; restricted->restricted = 1; if (auth_activate_options(ssh, restricted) != 0) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev