diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-17 17:01:24 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-17 17:01:24 +0000 |
commit | 585dec76901de1db8faab68d2b26191c9ead94f1 (patch) | |
tree | 3215a004cdef0856be67bd3d76da112ae378d8d3 /debian/patches | |
parent | Adding debian version 1:9.7p1-4. (diff) | |
download | openssh-585dec76901de1db8faab68d2b26191c9ead94f1.tar.xz openssh-585dec76901de1db8faab68d2b26191c9ead94f1.zip |
Adding debian version 1:9.7p1-5.debian/1%9.7p1-5
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/pam-avoid-unknown-host.patch | 34 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 35 insertions, 0 deletions
diff --git a/debian/patches/pam-avoid-unknown-host.patch b/debian/patches/pam-avoid-unknown-host.patch new file mode 100644 index 0000000..2887ee4 --- /dev/null +++ b/debian/patches/pam-avoid-unknown-host.patch @@ -0,0 +1,34 @@ +From d4ae5b68870bf65747084f4ed3060bb13c586c9e Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Mon, 20 Mar 2023 20:22:14 +0100 +Subject: Only set PAM_RHOST if the remote host is not "UNKNOWN" + +When using sshd's -i option with stdio that is not a AF_INET/AF_INET6 +socket, auth_get_canonical_hostname() returns "UNKNOWN" which is then +set as the value of PAM_RHOST, causing pam to try to do a reverse DNS +query of "UNKNOWN", which times out multiple times, causing a +substantial slowdown when logging in. + +To fix this, let's only set PAM_RHOST if the hostname is not "UNKNOWN". + +Author: Daan De Meyer <daan.j.demeyer@gmail.com> +Last-Update: 2024-04-03 + +Patch-Name: pam-avoid-unknown-host.patch +--- + auth-pam.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/auth-pam.c b/auth-pam.c +index b49d415e7..81de88bba 100644 +--- a/auth-pam.c ++++ b/auth-pam.c +@@ -735,7 +735,7 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt) + sshpam_laddr = get_local_ipaddr( + ssh_packet_get_connection_in(ssh)); + } +- if (sshpam_rhost != NULL) { ++ if (sshpam_rhost != NULL && strcmp(sshpam_rhost, "UNKNOWN") != 0) { + debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost); + sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, + sshpam_rhost); diff --git a/debian/patches/series b/debian/patches/series index 0f25d97..6af9ea1 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -28,3 +28,4 @@ skip-utimensat-test-on-zfs.patch zero-call-used-regs-m68k.patch regress-conch-dev-zero.patch configure-cache-vars.patch +pam-avoid-unknown-host.patch |