On Sat, Dec 18, 1999 at 09:33:23AM +0000, amanda wrote:
> Obviously I didn't make myself clear. Here is how you beat this patch:
>
> edit sshconnect.c and change the message "Permission denied" to something
> else (like "Client got permission denied") and recompile ssh. Then connect
> to a server with the previous patch. Now you will see a distinction
> between denied permissions on the server and denied permissions on the
> client. One of the failure messages means that you typed the wrong
> password for root, and the other failure message means that you typed the
>right root password but the server didn't allow root password authentication.
Okay, I see what you mean. How about this patch?
--
"The best way to predict the future is to invent it."
-- W. A. Harlinson
Andrew L. Davis [EMAIL PROTECTED]
diff -u ssh-1.2.27/sshd.c ssh-work/sshd.c
--- ssh-1.2.27/sshd.c Wed May 12 07:19:29 1999
+++ ssh-work/sshd.c Sun Dec 19 17:38:16 1999
@@ -2711,8 +2711,11 @@
if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1)
{
if (authentication_type == SSH_AUTH_PASSWORD)
- packet_disconnect("ROOT LOGIN REFUSED FROM %.200s",
- get_canonical_hostname());
+ {
+ packet_start(SSH_SMSG_FAILURE);
+ packet_send();
+ packet_write_wait();
+ }
}
else
if (pw->pw_uid == UID_ROOT && options.permit_root_login == 0)
@@ -2720,8 +2723,11 @@
if (forced_command)
log_msg("Root login accepted for forced command.", forced_command);
else
- packet_disconnect("ROOT LOGIN REFUSED FROM %.200s",
- get_canonical_hostname());
+ {
+ packet_start(SSH_SMSG_FAILURE);
+ packet_send();
+ packet_write_wait();
+ }
}
#if defined (__FreeBSD__) && defined (HAVE_LOGIN_CAP_H)
