Dear developers, Our server implements two SSH services on ports 22 & 8022, with different PAM settings. The daemon is built from source of OpenSSH portable releases. Following the instructions in the INSTALL file, we made a copy of "<prefix>/sbin/sshd" (for port 22) as "<prefix>/sbin/sshd2" (for port 8022), created a separate "sshd2_config" file, and added corresponding commands for service "sshd2" in "/etc/pam.conf". We use the "faillock" PAM module with tally directories "/etc/security/sshd" and "/etc/security/sshd2" for "sshd" and "sshd2" respectively. This approach worked well for release 9.3p1, but a problem is identified with release 9.9p1. Normally when a user logs in via "ssh -p 8022 <user>@<host>", his tally "/etc/security/sshd2/<user>" will be updated. However, running release 9.9p1, it is found that the tally "/etc/security/sshd/<user>" is updated instead. We have also tried to rebuild a binary for "sshd2" with the option "--with-pam-service=sshd2", but it did not help. It seems that release 9.9p1 does not use the binary filename as the PAM service name, but sticks to "sshd" for all instances. Please kindly advise. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
