[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-unix-dev
Subject:    Re: AIX issues
From:       Steven Bade <sbade () austin ! ibm ! com>
Date:       2002-07-29 13:22:39
[Download RAW message or body]

Mark.... At least on 5.1, openSSH is supported by IBM via it's AIX 
support channels.  You might want to also take these up via a PMR or 2...

Mark Grennan wrote:

> Hello everyone, 
> 
> I have been given the task of working out a number of issues with
> OpenSSH for my company (Hertz). 
> 
> I have been following the mailing list for several days now and I'm
> beginning to compile a list of who is working on what.  To make my task
> faster, it would nice if the people working on the following issues
> would drop me a email before I start to rewrite their code and get it
> wrong. :-)
> 
> I am dealing with AIX 4.3.3, AIX 5.x, and OpenSSH 2.5.1p1 and 2.9.9p2. 
> I'm sure some of these issues have been fixed. 
> 
> The issues are:
> 
>     1. Allows login even though the password has expired either from age
>     or after being reset by a security analyst.
>     
>     2. Doesn't update AIX's "failed login count", consequently the ID is
>     not locked after 5 invalid login attempts.
>     
>     3. Doesn't record the failed login in AIX's failedlogin log.
>     
>     4. Doesn't post logged in users to the wtmp file causing it to
>     appear as if no one is logged in.
>     
>     5. Corrupts the file that stores the last login date for users
>     making it impossible to lock or remove accounts for inactivity.
>     
>     6. Doesn't honor the /etc/ftpusers to restrict sftp access. Any
>     users can use ftp through SSH.
>     
>     7. Syslog entries for SSH login don't differentiate between SSH,
>     SFTP, or other tunneled logins.
>     
>     8. OpenSSH doesn't show user logouts in syslog like F-Secure does.
>     
> My first step is to move both envirements to 3.4p1 and retest.
> 
> _______________________________________________
> openssh-unix-dev@mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> 


-- 
Steven A. Bade
UNIX Network Security Cryptographic Strategy and Development Architecture
sbade@austin.ibm.com
T/L 678-4799
(512)-838-4799

--
To convert from Hogsheads to Cubic Feet - Multiply by 8.4219

"Two-way communication is necessary to proactively facilitate acceptance
and involvement and to get insights about the journey it takes to get where
we want"

this mess is so big and so bad and so tall,
we cannot clean it up, there is no way at all
(Cat in the Hat)



_______________________________________________
openssh-unix-dev@mindrot.org mailing list
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic