From owner-freebsd-questions@FreeBSD.ORG Mon Jun 9 10:53:45 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 47D4D37B401 for ; Mon, 9 Jun 2003 10:53:45 -0700 (PDT) Received: from relay.pair.com (relay.pair.com [209.68.1.20]) by mx1.FreeBSD.org (Postfix) with SMTP id 6D6FF43FDD for ; Mon, 9 Jun 2003 10:53:44 -0700 (PDT) (envelope-from tpark@drivespeed.com) Received: (qmail 79205 invoked from network); 9 Jun 2003 17:53:43 -0000 Received: from unknown (HELO titanium) (209.10.208.162) by relay.pair.com with SMTP; 9 Jun 2003 17:53:43 -0000 X-pair-Authenticated: 209.10.208.162 From: "Thomas Park" To: "'Matthew D. Fuller'" Date: Mon, 9 Jun 2003 10:53:52 -0700 Message-ID: <001601c32eb0$17cb7f40$11640a0a@titanium> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: <20030609174810.GL28798@over-yonder.net> cc: freebsd-questions@FreeBSD.ORG Subject: RE: /dev/tty keeps changing permissions..? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2003 17:53:45 -0000 ...Wow - this is definitely what I'd call going above and beyond the call of duty. Thanks so much for your insights; I'll try this patch and let you know if it works! ^_^ Best, thomas > -----Original Message----- > From: Matthew D. Fuller [mailto:fullermd@over-yonder.net] > Sent: Monday, June 09, 2003 10:48 > To: Thomas Park > Cc: freebsd-questions@FreeBSD.ORG > Subject: Re: /dev/tty keeps changing permissions..? > > > On Mon, Jun 09, 2003 at 09:59:18AM -0700 I heard the voice of > Thomas Park, and lo! it spake thus: > > > > By God, I see that you're right! > > This is what I've been telling you 8-} > > > > I think the problem arises when I su into another account > and try to ssh > > outbound. Which should arguably be possible without having > to do arcane > > manipulations to the tty device, IMHO..? > > Well, it should be, yah. > > > Here's what's happening (after a quick foray into the source): > > In the routine (readpassphrase(), readpassphrase.c) where it > reads in a > password, it tries to open() /dev/tty, and if THAT fails, then use > stdin/stdout: > > ---- > if ((input = output = open(_PATH_TTY, O_RDWR)) == -1) { > if (flags & RPP_REQUIRE_TTY) { > errno = ENOTTY; > return(NULL); > } > input = STDIN_FILENO; > output = STDERR_FILENO; > } > ---- > > So, if it can't open /dev/tty (which it can't), and the > RPP_REQUIRE_TTY > flag is set, then it returns NULL here. From what I can see, > that gets > passed up, so it ends up sending nothing as the password, which is why > you see it looping a few times there like: > > > debug1: Next authentication method: password > > debug2: we sent a password packet, wait for reply > > debug1: Authentications that can continue: > > publickey,password,keyboard-interactive > > Permission denied, please try again. > > > So, why is that flag set? Let's look upward: > > readpassphrase() is called from read_passphrase() > (readpass.c), just to > confuse you with naming. That sets the RPP_REQUIRE_TTY flag, > unless IT > is passed RP_ALLOW_STDIN. read_passphrase() is called in > this case from > userauth_passwd (sshconnect2.c), with the flags set to 0: > ---- > password = read_passphrase(prompt, 0); > ---- > > So, according to my reading, if you change that '0' to > 'RP_ALLOW_STDIN' > there (line 458 in sshconnect2.c from the openssh-portable/ > port, after > 'make patch'), then make/make install it, you SHOULD be able > to use that > ssh(1) binary, and get out just fine, I think. > > > You can probably patch it in the base source tree too (it's in > src/crypto/openssh/), then 'make clean objdir all install' in > src/secure/usr.bin/ssh/ to install it. > > > -- > Matthew Fuller (MF4839) | fullermd@over-yonder.net > Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ > > "The only reason I'm burning my candle at both ends, is because I > haven't figured out how to light the middle yet" >