From: Wesley Joyce (wjoyce@UVI.EDU)
Date: Fri Feb 07 2003 - 14:19:03 EST
Me. Of course you stopped and started sshd?
stopsrc -s sshd
startsrc -s sshd
Make your at the console or your have backup plan like tcpwrapped telnet.
I noticed I still get the message if I am not in the shell session that I
originally logged in from. For example, it does not work if I su'ed to
another account then type login. It does work from the original session.
At 02:56 PM 2/7/2003, you wrote:
>Agreed, but still not what I'm struggling with.
>
>My error message is:
>3004-004 You must "exec" login from the lowest login shell.
>
>I receive this when I attempt to ssh with 'UseLogin yes'
>configured. I have read that setting 'Uselogin yes' is the
>solution to this problem, but I only encounter it when it's
>set. I am asking this in this forum because I've read that
>Uselogin functionality may be broken for AIX, but I can't
>confirm it. Anyone using ssh on an AIX machine?
>
>Still frazzled,
>
>John T. Mills
>
>
>-----Original Message-----
>From: Ignacio Vidal [mailto:ividal@BIYCSA.COM.AR]
>Sent: Friday, February 07, 2003 11:44 AM
>To: aix-l@Princeton.EDU
>Subject: Re: [aix-l] SSHD 3004-004 You must "exec" login from the lowest
>l ogin shell.
>
>
>Hello:
>I think this is remarkable: "someone could have tried to find a "blind"
>account on your
>machine, login to it and exploit the vuln if your OpenSSH installation
>is < v3.0.2 and/or UseLogin is enabled" (this is from the article from
>lists.suse.com).
>
>You should use OpenSSH v3.4 or higher.
>Thanks
>
>Ignacio
>
>
>
>
> > -----Mensaje original-----
> > De: Mills, John T [mailto:John.T.Mills@ERAC.COM]
> > Enviado el: viernes, 07 de febrero de 2003 12:58
> > Para: aix-l@Princeton.EDU
> > Asunto: Re: SSHD 3004-004 You must "exec" login from the lowest l ogin
> > shell.
> >
> >
> > http://lists.suse.com/archive/suse-security/2002-Feb/0453.html
> >
> > -----Original Message-----
> > From: Wesley Joyce [mailto:wjoyce@UVI.EDU]
> > Sent: Friday, February 07, 2003 9:40 AM
> > To: aix-l@Princeton.EDU
> > Subject: Re: [aix-l] SSHD 3004-004 You must "exec" login from
> > the lowest
> > l ogin shell.
> >
> >
> > Are there any security implications with setting 'UseLogin yes'?
> >
> > At 10:46 AM 2/7/2003, you wrote:
> >
> > >Yes it does. 'UseLogin yes' is something you need to
> > >enable to get around 'rlogin=false' for the user id.
> > >It's also listed as a fix for this particular error,
> > >so it kind of odd that turning it off fixes it instead
> > >of the reverse. The fine manual is really vague in
> > >this area because this is AIX specific, and most other
> > >OS's do it the system5 way with /dev/console. Anyone
> > >worked with ssh long enough to know what I might be
> > >missing here?
> > >
> > >Frazzled,
> > >
> > >John T. Mills
> > >
> > >-----Original Message-----
> > >From: Adams Kevin J [mailto:kevin.adams@PHS.COM]
> > >Sent: Thursday, February 06, 2003 5:03 PM
> > >To: aix-l@Princeton.EDU
> > >Subject: Re: [aix-l] SSHD 3004-004 You must "exec" login
> > from the lowest
> > >l ogin shell.
> > >
> > >
> > >So, it works with UseLogin no?
> > >
> > >just checking.
> > >
> > >Kevin Adamos
> > >
> > >-----Original Message-----
> > >From: Mills, John T [mailto:John.T.Mills@ERAC.COM]
> > >Sent: Thursday, February 06, 2003 12:25 PM
> > >To: aix-l@Princeton.EDU
> > >Subject: [aix-l] SSHD 3004-004 You must "exec" login from the lowest
> > >login shell.
> > >
> > >
> > >Anyone had and solved this issue? I'm new to ssh, but I've been over
> > >and over this. I read on a newsgroup that this functionality may be
> > >broken on my ancient version.
> > >
> > >sshd_config:UseLogin yes
> > >
> > >sshd version OpenSSH_2.2.0p1
> > >
> > >system0:/.ssh# ssh system1
> > >root@system1's password:
> > >/dev/pts/3: 3004-004 You must "exec" login from the lowest
> > login shell.
> > >Connection to system1 closed.
> > >
> > >John T. Mills
> > >
> > >
> > >This electronic message transmission, including any
> > attachments, contains
> > >information from PacifiCare Health Systems Inc. which may be
> > confidential
> > or
> > >privileged. The information is intended to be for the use of
> > the individual
> > >or entity named above. If you are not the intended
> > recipient, be aware that
> > >any disclosure, copying, distribution or use of the contents of this
> > >information is prohibited.
> > >
> > >If you have received this electronic transmission in error,
> > please notify
> > >the sender immediately by a "reply to sender only" message
> > and destroy all
> > >electronic and hard copies of the communication, including
> > attachments.
> > >
> > >
> > >
> > >
> > >---
> > >Incoming mail is certified Virus Free.
> > >Checked by AVG anti-virus system (http://www.grisoft.com).
> > >Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003
> >
> >
> > Wesley Joyce, Systems Administrator
> > Center for Administrative Computing (CAC), IT
> > University of the Virgin Islands
> > #2 John Brewers Bay, St. Thomas, USVI 00802-9990
> > (340) 693-1469 (voice) / (340) 693-1465 (fax)
> > http://www.uvi.edu
> >
> > "If you can't explain it simply, than you don't know it well enough. -
> > Unknown."
> >
>
>
>
>
>---
>Incoming mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003
Wesley Joyce, Systems Administrator
Center for Administrative Computing (CAC), IT
University of the Virgin Islands
#2 John Brewers Bay, St. Thomas, USVI 00802-9990
(340) 693-1469 (voice) / (340) 693-1465 (fax)
http://www.uvi.edu
"If you can't explain it simply, than you don't know it well enough. -
Unknown."
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:35 EDT