Re: Password change required but no TTY available

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, 25 May 2018, Daniel Wagner wrote:

> Hi Damien,
> 
> On 05/25/2018 02:37 AM, Damien Miller wrote:
> > I think it's probably okay to allow the PTY in restricted sessions
> > generally.
> > 
> > The global PermitTTY option as well as any authorized_keys options will
> > still apply.
> > 
> > Does this solve your problem?
> > 
> > diff --git a/auth.c b/auth.c
> > index 63366768..4fc95457 100644
> > --- a/auth.c
> > +++ b/auth.c
> > @@ -1080,6 +1080,7 @@ auth_restrict_session(struct ssh *ssh)
> >  
> >  	/* A blank sshauthopt defaults to permitting nothing */
> >  	restricted = sshauthopt_new();
> > +	restricted->permit_pty_flag = 1;
> >  	restricted->restricted = 1;
> >  
> >  	if (auth_activate_options(ssh, restricted) != 0)
> 
> Yes, this does also work and it looks way better than my hack :)

Thanks, I've committed this. It will be in OpenSSH 7.8 and I'll also
cherry-pick it for the V_7_7 stable git branch.

-d

----

commit fbb4b5fd4f8e0bb89732670a01954e18b69e15ba (HEAD -> master, origin/master, origin/HEAD)
Author: djm@xxxxxxxxxxx <djm@xxxxxxxxxxx>
Date:   Fri May 25 07:11:01 2018 +0000

    upstream: Do not ban PTY allocation when a sshd session is restricted
    
    because the user password is expired as it breaks password change dialog.
    
    regression in openssh-7.7 reported by Daniel Wagner
    
    OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux