1107 – Honouring securetty file in HP-UX with UseLogin

Bug 1107 - Honouring securetty file in HP-UX with UseLogin

Summary: Honouring securetty file in HP-UX with UseLogin

Status:	CLOSED WONTFIX

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	4.2p1
Hardware:	Other HP-UX

Importance:	P2 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-10-26 16:18 AEST by senthilkumar
Modified:	2009-10-06 15:02 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
Patch to honour securetty file in HP-UX (1.44 KB, patch) 2005-10-26 16:27 AEST, senthilkumar	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description senthilkumar 2005-10-26 16:18:57 AEST

The /etc/securetty file is not honoured in HP-UX with UseLogin directive. This is because login(1) on invocation with -f option in OpenSSH skips this checking. Will attach the patch shortly.

Comment 1 senthilkumar 2005-10-26 16:27:37 AEST

Created attachment 1012 [details]
Patch to honour securetty file in HP-UX

Comment 2 Darren Tucker 2005-10-26 17:39:54 AEST

I'm not sure this is needed.  We don't do this on any other platforms and sshd already has a mechanism for controlling root access (PermitRootLogin) which has more functionality than securetty (eg "PermitRootLogin without-password" for pubkey only).

We went through this once before with the checks on AIX, and the result was that some people *like* being able to disable root logins via telnet but allow them via ssh.

Comment 3 Darren Tucker 2009-07-31 11:20:07 AEST

Thanks, but we have decided that we're not going to do this.  There's already a mechanism for controlling root logins and some people find it useful to allow root logins via ssh while disallowing other method.

Comment 4 Damien Miller 2009-10-06 15:02:29 AEDT

Mass move of RESOLVED bugs to CLOSED now that 5.3 is out.