Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 9 Jun 2003 12:48:10 -0500
From:      "Matthew D. Fuller" <fullermd@over-yonder.net>
To:        Thomas Park <tpark@drivespeed.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: /dev/tty keeps changing permissions..?
Message-ID:  <20030609174810.GL28798@over-yonder.net>
In-Reply-To: <001101c32ea8$78544d40$11640a0a@titanium>
References:  <20030609164829.GK28798@over-yonder.net> <001101c32ea8$78544d40$11640a0a@titanium>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 09, 2003 at 09:59:18AM -0700 I heard the voice of
Thomas Park, and lo! it spake thus:
> 
> By God, I see that you're right!

This is what I've been telling you    8-}


> I think the problem arises when I su into another account and try to ssh
> outbound.  Which should arguably be possible without having to do arcane
> manipulations to the tty device, IMHO..?

Well, it should be, yah.


Here's what's happening (after a quick foray into the source):

In the routine (readpassphrase(), readpassphrase.c) where it reads in a
password, it tries to open() /dev/tty, and if THAT fails, then use
stdin/stdout:

----
    if ((input = output = open(_PATH_TTY, O_RDWR)) == -1) {
        if (flags & RPP_REQUIRE_TTY) {
            errno = ENOTTY;
            return(NULL);
        }
        input = STDIN_FILENO;
        output = STDERR_FILENO;
    }
----

So, if it can't open /dev/tty (which it can't), and the RPP_REQUIRE_TTY
flag is set, then it returns NULL here.  From what I can see, that gets
passed up, so it ends up sending nothing as the password, which is why
you see it looping a few times there like:

> debug1: Next authentication method: password
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> Permission denied, please try again.


So, why is that flag set?  Let's look upward:

readpassphrase() is called from read_passphrase() (readpass.c), just to
confuse you with naming.  That sets the RPP_REQUIRE_TTY flag, unless IT
is passed RP_ALLOW_STDIN.  read_passphrase() is called in this case from
userauth_passwd (sshconnect2.c), with the flags set to 0:
----
password = read_passphrase(prompt, 0);
----

So, according to my reading, if you change that '0' to 'RP_ALLOW_STDIN'
there (line 458 in sshconnect2.c from the openssh-portable/ port, after
'make patch'), then make/make install it, you SHOULD be able to use that
ssh(1) binary, and get out just fine, I think.


You can probably patch it in the base source tree too (it's in
src/crypto/openssh/), then 'make clean objdir all install' in
src/secure/usr.bin/ssh/ to install it.


-- 
Matthew Fuller     (MF4839)   |  fullermd@over-yonder.net
Systems/Network Administrator |  http://www.over-yonder.net/~fullermd/

"The only reason I'm burning my candle at both ends, is because I
      haven't figured out how to light the middle yet"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030609174810.GL28798>