From owner-freebsd-questions@FreeBSD.ORG Mon Jun 9 11:45:25 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFA3637B407 for ; Mon, 9 Jun 2003 11:45:24 -0700 (PDT) Received: from regina.plastikos.com (216-107-106-250.wan.networktel.net [216.107.106.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7345843FA3 for ; Mon, 9 Jun 2003 11:45:21 -0700 (PDT) (envelope-from fullermd@over-yonder.net) Received: from praetor.linc-it.com (praetor.linc-it.com [66.147.26.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by regina.plastikos.com (Postfix) with ESMTP id CB9566EEC6 for ; Mon, 9 Jun 2003 14:45:19 -0400 (EDT) Received: from mortis.over-yonder.net (adsl-156-171-156.jan.bellsouth.net [66.156.171.156]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by praetor.linc-it.com (Postfix) with ESMTP id 8263D15495; Mon, 9 Jun 2003 12:48:12 -0500 (CDT) Received: by mortis.over-yonder.net (Postfix, from userid 100) id 81BA020F21; Mon, 9 Jun 2003 12:48:10 -0500 (CDT) Date: Mon, 9 Jun 2003 12:48:10 -0500 From: "Matthew D. Fuller" To: Thomas Park Message-ID: <20030609174810.GL28798@over-yonder.net> References: <20030609164829.GK28798@over-yonder.net> <001101c32ea8$78544d40$11640a0a@titanium> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001101c32ea8$78544d40$11640a0a@titanium> User-Agent: Mutt/1.4.1i-fullermd.1 X-Editor: vi X-OS: FreeBSD cc: freebsd-questions@FreeBSD.ORG Subject: Re: /dev/tty keeps changing permissions..? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2003 18:45:26 -0000 On Mon, Jun 09, 2003 at 09:59:18AM -0700 I heard the voice of Thomas Park, and lo! it spake thus: > > By God, I see that you're right! This is what I've been telling you 8-} > I think the problem arises when I su into another account and try to ssh > outbound. Which should arguably be possible without having to do arcane > manipulations to the tty device, IMHO..? Well, it should be, yah. Here's what's happening (after a quick foray into the source): In the routine (readpassphrase(), readpassphrase.c) where it reads in a password, it tries to open() /dev/tty, and if THAT fails, then use stdin/stdout: ---- if ((input = output = open(_PATH_TTY, O_RDWR)) == -1) { if (flags & RPP_REQUIRE_TTY) { errno = ENOTTY; return(NULL); } input = STDIN_FILENO; output = STDERR_FILENO; } ---- So, if it can't open /dev/tty (which it can't), and the RPP_REQUIRE_TTY flag is set, then it returns NULL here. From what I can see, that gets passed up, so it ends up sending nothing as the password, which is why you see it looping a few times there like: > debug1: Next authentication method: password > debug2: we sent a password packet, wait for reply > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > Permission denied, please try again. So, why is that flag set? Let's look upward: readpassphrase() is called from read_passphrase() (readpass.c), just to confuse you with naming. That sets the RPP_REQUIRE_TTY flag, unless IT is passed RP_ALLOW_STDIN. read_passphrase() is called in this case from userauth_passwd (sshconnect2.c), with the flags set to 0: ---- password = read_passphrase(prompt, 0); ---- So, according to my reading, if you change that '0' to 'RP_ALLOW_STDIN' there (line 458 in sshconnect2.c from the openssh-portable/ port, after 'make patch'), then make/make install it, you SHOULD be able to use that ssh(1) binary, and get out just fine, I think. You can probably patch it in the base source tree too (it's in src/crypto/openssh/), then 'make clean objdir all install' in src/secure/usr.bin/ssh/ to install it. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet"