Quite a few changes here, please test.
http://www.mindrot.org/misc/openssh/openssh-SNAP-20000916.tar.gz
-d
20000916
- (djm) New SuSE spec from Corinna Vinschen <corinna at vinschen.de>
- (djm) Update CygWin support from Corinna Vinschen <vinschen at
cygnus.com>
- (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
Patch from Larry Jones <larry.jones at sdrc.com>
- (djm) Add Steve VanDevender's <stevev at darkwing.uoregon.edu> PAM
password change patch.
- (djm) Bring licenses on my stuff in line with OpenBSD's
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
Kevin Steves <stevesk at sweden.hp.com>
- (djm) Shadow expiry check fix from Pavel Troller <patrol at
omni.sinus.cz>
- (djm) Re-enable int64_t types - we need them for sftp
- (djm) Use libexecdir from configure , rather than libexecdir/ssh
- (djm) Update Redhat SPEC file accordingly
- (djm) Add Kevin Steves <stevesk at sweden.hp.com> HP/UX contrib files
- (djm) Add Charles Levert <charles at comm.polymtl.ca> getpgrp patch
- (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
<Dirk.DeWachter at rug.ac.be>
- (djm) Fixprogs and entropy list fixes from Larry Jones
<larry.jones at sdrc.com>
- (djm) Fix for SuSE spec file from Takashi YOSHIDA
<tyoshida at gemini.rc.kyushu-u.ac.jp>
- (djm) Merge OpenBSD changes:
- markus at cvs.openbsd.org 2000/09/05 02:59:57
[session.c]
print hostname (not hushlogin)
- markus at cvs.openbsd.org 2000/09/05 13:18:48
[authfile.c ssh-add.c]
enable ssh-add -d for DSA keys
- markus at cvs.openbsd.org 2000/09/05 13:20:49
[sftp-server.c]
cleanup
- markus at cvs.openbsd.org 2000/09/06 03:46:41
[authfile.h]
prototype
- deraadt at cvs.openbsd.org 2000/09/07 14:27:56
[ALL]
cleanup copyright notices on all files. I have attempted to be
accurate with the details. everything is now under Tatu's licence
(which I copied from his readme), and/or the core-sdi bsd-ish thing
for deattack, or various openbsd developers under a 2-term bsd
licence. We're not changing any rules, just being accurate.
- markus at cvs.openbsd.org 2000/09/07 14:40:30
[channels.c channels.h clientloop.c serverloop.c ssh.c]
cleanup window and packet sizes for ssh2 flow control; ok niels
- markus at cvs.openbsd.org 2000/09/07 14:53:00
[scp.c]
typo
- markus at cvs.openbsd.org 2000/09/07 15:13:37
[auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
[authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
[pty.c readconf.c]
some more Copyright fixes
- markus at cvs.openbsd.org 2000/09/08 03:02:51
[README.openssh2]
bye bye
- deraadt at cvs.openbsd.org 2000/09/11 18:38:33
[LICENCE cipher.c]
a few more comments about it being ARC4 not RC4
- markus at cvs.openbsd.org 2000/09/12 14:53:11
[log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
multiple debug levels
- markus at cvs.openbsd.org 2000/09/14 14:25:15
[clientloop.c]
typo
- deraadt at cvs.openbsd.org 2000/09/15 01:13:51
[ssh-agent.c]
check return value for setenv(3) for failure, and deal appropriately
20000913
- (djm) Fix server not exiting with jobs in background.
20000905
- (djm) Import OpenBSD CVS changes
- markus at cvs.openbsd.org 2000/08/31 15:52:24
[Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
implement a SFTP server. interops with sftp2, scp2 and the windows
client from ssh.com
- markus at cvs.openbsd.org 2000/08/31 15:56:03
[README.openssh2]
sync
- markus at cvs.openbsd.org 2000/08/31 16:05:42
[session.c]
Wall
- markus at cvs.openbsd.org 2000/08/31 16:09:34
[authfd.c ssh-agent.c]
add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
- deraadt at cvs.openbsd.org 2000/09/01 09:25:13
[scp.1 scp.c]
cleanup and fix -S support; stevesk at sweden.hp.com
- markus at cvs.openbsd.org 2000/09/01 16:29:32
[sftp-server.c]
portability fixes
- markus at cvs.openbsd.org 2000/09/01 16:32:41
[sftp-server.c]
fix cast; mouring at pconline.com
- itojun at cvs.openbsd.org 2000/09/03 09:23:28
[ssh-add.1 ssh.1]
add missing .El against .Bl.
- markus at cvs.openbsd.org 2000/09/04 13:03:41
[session.c]
missing close; ok theo
- markus at cvs.openbsd.org 2000/09/04 13:07:21
[session.c]
fix get_last_login_time order; from andre at van-veen.de
- markus at cvs.openbsd.org 2000/09/04 13:10:09
[sftp-server.c]
more cast fixes; from mouring at pconline.com
- markus at cvs.openbsd.org 2000/09/04 13:06:04
[session.c]
set SSH_ORIGINAL_COMMAND; from Leakin at dfw.nostrum.com, bet at rahul.net
- (djm) Cleanup after import. Fix sftp-server compilation, Makefile
- (djm) Merge cygwin support from Corinna Vinschen <vinschen at
cygnus.com>
20000903
- (djm) Fix Redhat init script
--
| ``The power of accurate observation is | Damien Miller <djm at
mindrot.org>
| commonly called cynicism by those who | @Work <djm at ibs.com.au>
| have not got it'' - George Bernard Shaw | http://www.mindrot.org
On Sat, 16 Sep 2000, Damien Miller wrote:> > Quite a few changes here, please test.I noticed a few packaging issues. With Red Hat (and probably SuSE too) spec file, sftp-server is not being installed. Also, if you compile OpenSSH w/ mandir /usr/share/man (RH 7.0 beta and up), the paths will go wrong because %configure will tell it to use use /usr/share/man but %files uses /usr/man. These have been replaced by %{_mandir} macro. Both changes done in my patch. More "portability" patches like these could probably go in too, but I think the rest, like %{_bindir} for /usr/bin, are pretty theoretical. Also, sftp-server.8 seems to use an undefined (OpenBSD only?) definition Ox: --- .Sh HISTORY .Nm first appeared in .Ox 2.8 . --- Believe this is trying to hint at OpenBSD 2.8. It shows as: --- HISTORY sftp-server first appeared in --- I couldn't find any other references to .Ox in OpenSSH (cvs or not). Some kind of patch attached. -- Pekka Savola "Tell me of difficulties surmounted, Pekka.Savola at netcore.fi not those you stumble over and fall" -------------- next part -------------- --- openssh.spec.orig Sat Sep 16 07:39:57 2000 +++ openssh.spec Sat Sep 16 12:59:30 2000 @@ -227,8 +227,8 @@ %doc CREDITS UPGRADING %attr(0755,root,root) /usr/bin/ssh-keygen %attr(0755,root,root) /usr/bin/scp -%attr(0644,root,root) /usr/man/man1/ssh-keygen.1* -%attr(0644,root,root) /usr/man/man1/scp.1* +%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* +%attr(0644,root,root) %{_mandir}/man1/scp.1* %attr(0755,root,root) %dir /etc/ssh %attr(0755,root,root) %dir /usr/libexec/openssh @@ -237,17 +237,19 @@ %attr(4755,root,root) /usr/bin/ssh %attr(0755,root,root) /usr/bin/ssh-agent %attr(0755,root,root) /usr/bin/ssh-add -%attr(0644,root,root) /usr/man/man1/ssh.1* -%attr(0644,root,root) /usr/man/man1/ssh-agent.1* -%attr(0644,root,root) /usr/man/man1/ssh-add.1* +%attr(0644,root,root) %{_mandir}/man1/ssh.1* +%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1* +%attr(0644,root,root) %{_mandir}/man1/ssh-add.1* %attr(0644,root,root) %config(noreplace) /etc/ssh/ssh_config %attr(-,root,root) /usr/bin/slogin -%attr(-,root,root) /usr/man/man1/slogin.1* +%attr(-,root,root) %{_mandir}/man1/slogin.1* %files server %defattr(-,root,root) %attr(0755,root,root) /usr/sbin/sshd -%attr(0644,root,root) /usr/man/man8/sshd.8* +%attr(0755,root,root) /usr/libexec/openssh/sftp-server +%attr(0644,root,root) %{_mandir}/man8/sshd.8* +%attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %attr(0600,root,root) %config(noreplace) /etc/ssh/sshd_config %attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd %attr(0755,root,root) %config /etc/rc.d/init.d/sshd -------------- next part -------------- --- sftp-server.8.orig Sat Sep 16 05:29:10 2000 +++ sftp-server.8 Sat Sep 16 13:03:56 2000 @@ -45,8 +45,7 @@ for more information. .Sh HISTORY .Nm -first appeared in -.Ox 2.8 . +first appeared in OpenBSD 2.8. .Sh AUTHOR Markus Friedl <markus at openbsd.org> .Sh SEE ALSO
On Sat, Sep 16, 2000 at 04:37:48PM +1100, Damien Miller wrote:> > Quite a few changes here, please test. > > http://www.mindrot.org/misc/openssh/openssh-SNAP-20000916.tar.gzHP-UX 10.20 ok (OpenSSL 0.9.5a). Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
On Sat, Sep 16, 2000 at 04:37:48PM +1100, Damien Miller wrote:> > Quite a few changes here, please test. > > http://www.mindrot.org/misc/openssh/openssh-SNAP-20000916.tar.gz >Failed because sftpserver.c didn't define u_int64_t. cc -g -I/usr/local/include -I/usr/local/ssl/include -I. -I. -DETCDIR=\"/usr/openssh/etc\" -DSSH_PROGRAM=\"/usr/openssh/bin/ssh\" -DSSH_ASKPASS_DEFAULT=\"/usr/openssh/libexec/ssh-askpass\" -DHAVE_CONFIG_H -c sftp-server.c -o sftp-server.o "sftp-server.c", line 108: error(1020): identifier "u_int64_t" is undefined u_int64_t size; ^ 9 times this error in sftp-server.c. This was on mips-sgi-irix6.5 with MIPSPro, not gcc. -jf
On Sat, 16 Sep 2000, Damien Miller wrote:
: - (djm) Add Steve VanDevender's <stevev at darkwing.uoregon.edu>
PAM
: password change patch.
On HP-UX 11.0, pam_acct_mgmt() returns PAM_AUTHTOK_EXPIRED when I expire
a password with passwd -f:
#define PAM_AUTHTOK_EXPIRED 18 /* Password expired and no longer */
/* usable */
The code wants PAM_NEW_AUTHTOK_REQD. Is this a bug in HP-UX?
Also, I submitted a patch a while back to auth-pam.c that added the
pam_retval to the error/debugging messages like so:
log("PAM rejected by account configuration [%d]: %.200s",
pam_retval,
PAM_STRERROR(pamh, pam_retval));
This makes debugging PAM a bit easier; any chance we could get that in?
I can create a new patch against the latest auth-pam.c.
Does anyone have sftp-server working? I've got it compiled on IRIX, but the sftp client (3 & 4 for NT) reports the connection as dead immediately after it's been made. Is there a way to enable some debugging for this? -- Mike Stone
there should be messages from sftp-server. if not you have to edit sftp-server.c On Mon, Sep 25, 2000 at 10:19:25AM +0200, Jan-Frode Myklebust wrote:> > the debug output from the sftp-server (via syslog) would be more useful. > > OK, I put it in loglevel VERBOSE, but all I got was: > > Sep 25 10:13:03 6E:krypvier sshd[70226]: Server listening on 0.0.0.0 port 22. > Sep 25 10:13:03 6E:krypvier sshd[70226]: Generating 768 bit RSA key. > Sep 25 10:13:06 6E:krypvier sshd[70226]: RSA key generation complete. > Sep 25 10:13:12 6E:krypvier sshd[72487]: Connection from 129.177.20.3 port 45149 > Sep 25 10:13:12 6E:krypvier sshd[72487]: datafellows: 2.3.0 SSH Secure Shell (non-commercial) > Sep 25 10:13:12 6E:krypvier sshd[72487]: Enabling compatibility mode for protocol 2.0 > Sep 25 10:13:13 6E:krypvier sshd[72487]: Failed none for jfm from 129.177.20.3 port 45149 ssh2 > Sep 25 10:13:13 6E:krypvier sshd[72487]: Failed none for jfm from 129.177.20.3 port 45149 ssh2 > Sep 25 10:13:17 6E:krypvier sshd[72487]: Accepted password for jfm from 129.177.20.3 port 45149 ssh2 > Sep 25 10:13:17 6E:krypvier sshd[72487]: subsystem request for sftp > Sep 25 10:13:18 6E:krypvier sshd[72487]: Connection closed by remote host. > Sep 25 10:13:29 6E:krypvier sshd[70226]: Received signal 15; terminating. > > > And just to convince you that the binary is in place, and the coinfig file > points to it :) > > krypvier 58# grep sftp-server sshd_config > Subsystem sftp /usr/openssh/libexec/sftp-server > krypvier 59# ls -l /usr/openssh/libexec/sftp-server > -rwxr-xr-x 1 root sys 106720 Sep 25 08:45 /usr/openssh/libexec/sftp-server > > > -jf
There is now a new snapshot available at:
http://www.mindrot.org/misc/openssh/
Please give this snapshot a good run on your platform of choice. When
sending success/failure reports, please include the 'host system type'
as reported by ./configure. It is hoped that this snapshot will become
2.2.0p2 in due course.
Here are the major changes:
- sftp-server support from Markus Friedl <markus at cvs.openbsd.org>.
This is reported to interop with SSH.COM ssh2 and several windows
clients.
- Cygwin support from Corinna Vinschen <vinschen at cygnus.com>
- When using forced commands, set SSH_ORIGINAL_COMMAND environment
variable from Leakin at dfw.nostrum.com, bet at rahul.net
- Support for changing expired passwords on PAM systems from Steve
VanDevender's <stevev at darkwing.uoregon.edu>
- OpenSSH now has an explicit LICENSE file, which documents the
licenses under which the contributors to OpenSSH have placed their
code.
- More bug compatibility with SSH.COM ssh software; Markus Friedl
<markus at cvs.openbsd.org>
- Fixes and enhancements for NeXT, HP/UX and SCO. Thanks to Kevin
Steves <stevesk at sweden.hp.com>, Charles Levert
<charles at comm.polymtl.ca>, Dirk De Wachter
<Dirk.DeWachter at rug.ac.be>, Ben Lindstrom <mouring at
pconline.com>
- Many other small fixes and improvements.
Full Changelog:
20000930
- (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas at
netcore.fi>
- (djm) Support in bsd-snprintf.c for long long conversions from
Ben Lindstrom <mouring at pconline.com>
- (djm) Cleanup NeXT support from Ben Lindstrom <mouring at pconline.com>
- (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
very short lived X connections. Bug report from Tobias Oetiker
<oetiker at ee.ethz.ch>. Fix from Markus Friedl <markus at
cvs.openbsd.org>
- (djm) Add recent InitScripts as a RPM dependancy for openssh-server
patch from Pekka Savola <pekkas at netcore.fi>
- (djm) CVS OpenBSD sync:
- markus at cvs.openbsd.org 2000/09/26 13:59:59
[clientloop.c]
use debug2
- markus at cvs.openbsd.org 2000/09/27 15:41:34
[auth2.c sshconnect2.c]
use key_type()
- markus at cvs.openbsd.org 2000/09/28 12:03:18
[channels.c]
debug -> debug2 cleanup
20000929
- (djm) Fix SSH2 not terminating until all background tasks done problem.
- (djm) Another off-by-one fix from Pavel Kankovsky
<peak at argo.troja.mff.cuni.cz>
- (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
tidy necessary differences. Use Markus' new debugN() in entropy.c
- (djm) Merged big SCO portability patch from Tim Rice
<tim at multitalents.net>
20000926
- (djm) Update X11-askpass to 1.0.2 in RPM spec file
- (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
- (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
Report and fix from Pavel Kankovsky <peak at argo.troja.mff.cuni.cz>
20000924
- (djm) Merged cleanup patch from Mark Miller <markm at swoon.net>
- (djm) A bit more cleanup - created cygwin_util.h
- (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
<markm at swoon.net>
20000923
- (djm) Fix address logging in utmp from Kevin Steves
<stevesk at sweden.hp.com>
- (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas at
netcore.fi>
- (djm) Seperate tests for int64_t and u_int64_t types
- (djm) Tweak password expiry checking at suggestion of Kevin Steves
<stevesk at sweden.hp.com>
- (djm) NeXT patch from Ben Lindstrom <mouring at pconline.com>
- (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
Michael Stone <mstone at cs.loyola.edu>
- (djm) OpenBSD CVS sync:
- markus at cvs.openbsd.org 2000/09/17 09:38:59
[sshconnect2.c sshd.c]
fix DEBUG_KEXDH
- markus at cvs.openbsd.org 2000/09/17 09:52:51
[sshconnect.c]
yes no; ok niels@
- markus at cvs.openbsd.org 2000/09/21 04:55:11
[sshd.8]
typo
- markus at cvs.openbsd.org 2000/09/21 05:03:54
[serverloop.c]
typo
- markus at cvs.openbsd.org 2000/09/21 05:11:42
scp.c
utime() to utimes(); mouring at pconline.com
- markus at cvs.openbsd.org 2000/09/21 05:25:08
sshconnect2.c
change login logic in ssh2, allows plugin of other auth methods
- markus at cvs.openbsd.org 2000/09/21 05:25:35
[auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
[serverloop.c]
add context to dispatch_run
- markus at cvs.openbsd.org 2000/09/21 05:07:52
authfd.c authfd.h ssh-agent.c
bug compat for old ssh.com software
20000920
- (djm) Fix bad path substitution. Report from Andrew Miner
<asminer at cs.iastate.edu>
20000916
- (djm) Fix SSL search order from Lutz Jaenicke
<Lutz.Jaenicke at aet.TU-Cottbus.DE>
- (djm) New SuSE spec from Corinna Vinschen <corinna at vinschen.de>
- (djm) Update CygWin support from Corinna Vinschen <vinschen at
cygnus.com>
- (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
Patch from Larry Jones <larry.jones at sdrc.com>
- (djm) Add Steve VanDevender's <stevev at darkwing.uoregon.edu> PAM
password change patch.
- (djm) Bring licenses on my stuff in line with OpenBSD's
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
Kevin Steves <stevesk at sweden.hp.com>
- (djm) Shadow expiry check fix from Pavel Troller <patrol at
omni.sinus.cz>
- (djm) Re-enable int64_t types - we need them for sftp
- (djm) Use libexecdir from configure , rather than libexecdir/ssh
- (djm) Update Redhat SPEC file accordingly
- (djm) Add Kevin Steves <stevesk at sweden.hp.com> HP/UX contrib files
- (djm) Add Charles Levert <charles at comm.polymtl.ca> getpgrp patch
- (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
<Dirk.DeWachter at rug.ac.be>
- (djm) Fixprogs and entropy list fixes from Larry Jones
<larry.jones at sdrc.com>
- (djm) Fix for SuSE spec file from Takashi YOSHIDA
<tyoshida at gemini.rc.kyushu-u.ac.jp>
- (djm) Merge OpenBSD changes:
- markus at cvs.openbsd.org 2000/09/05 02:59:57
[session.c]
print hostname (not hushlogin)
- markus at cvs.openbsd.org 2000/09/05 13:18:48
[authfile.c ssh-add.c]
enable ssh-add -d for DSA keys
- markus at cvs.openbsd.org 2000/09/05 13:20:49
[sftp-server.c]
cleanup
- markus at cvs.openbsd.org 2000/09/06 03:46:41
[authfile.h]
prototype
- deraadt at cvs.openbsd.org 2000/09/07 14:27:56
[ALL]
cleanup copyright notices on all files. I have attempted to be
accurate with the details. everything is now under Tatu's licence
(which I copied from his readme), and/or the core-sdi bsd-ish thing
for deattack, or various openbsd developers under a 2-term bsd
licence. We're not changing any rules, just being accurate.
- markus at cvs.openbsd.org 2000/09/07 14:40:30
[channels.c channels.h clientloop.c serverloop.c ssh.c]
cleanup window and packet sizes for ssh2 flow control; ok niels
- markus at cvs.openbsd.org 2000/09/07 14:53:00
[scp.c]
typo
- markus at cvs.openbsd.org 2000/09/07 15:13:37
[auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
[authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
[pty.c readconf.c]
some more Copyright fixes
- markus at cvs.openbsd.org 2000/09/08 03:02:51
[README.openssh2]
bye bye
- deraadt at cvs.openbsd.org 2000/09/11 18:38:33
[LICENCE cipher.c]
a few more comments about it being ARC4 not RC4
- markus at cvs.openbsd.org 2000/09/12 14:53:11
[log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
multiple debug levels
- markus at cvs.openbsd.org 2000/09/14 14:25:15
[clientloop.c]
typo
- deraadt at cvs.openbsd.org 2000/09/15 01:13:51
[ssh-agent.c]
check return value for setenv(3) for failure, and deal appropriately
20000913
- (djm) Fix server not exiting with jobs in background.
20000905
- (djm) Import OpenBSD CVS changes
- markus at cvs.openbsd.org 2000/08/31 15:52:24
[Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
implement a SFTP server. interops with sftp2, scp2 and the windows
client from ssh.com
- markus at cvs.openbsd.org 2000/08/31 15:56:03
[README.openssh2]
sync
- markus at cvs.openbsd.org 2000/08/31 16:05:42
[session.c]
Wall
- markus at cvs.openbsd.org 2000/08/31 16:09:34
[authfd.c ssh-agent.c]
add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
- deraadt at cvs.openbsd.org 2000/09/01 09:25:13
[scp.1 scp.c]
cleanup and fix -S support; stevesk at sweden.hp.com
- markus at cvs.openbsd.org 2000/09/01 16:29:32
[sftp-server.c]
portability fixes
- markus at cvs.openbsd.org 2000/09/01 16:32:41
[sftp-server.c]
fix cast; mouring at pconline.com
- itojun at cvs.openbsd.org 2000/09/03 09:23:28
[ssh-add.1 ssh.1]
add missing .El against .Bl.
- markus at cvs.openbsd.org 2000/09/04 13:03:41
[session.c]
missing close; ok theo
- markus at cvs.openbsd.org 2000/09/04 13:07:21
[session.c]
fix get_last_login_time order; from andre at van-veen.de
- markus at cvs.openbsd.org 2000/09/04 13:10:09
[sftp-server.c]
more cast fixes; from mouring at pconline.com
- markus at cvs.openbsd.org 2000/09/04 13:06:04
[session.c]
set SSH_ORIGINAL_COMMAND; from Leakin at dfw.nostrum.com, bet at rahul.net
- (djm) Cleanup after import. Fix sftp-server compilation, Makefile
- (djm) Merge cygwin support from Corinna Vinschen <vinschen at
cygnus.com>
20000903
- (djm) Fix Redhat init script
Now back to the Olympics :)
Regards,
Damien Miller
--
| ``The power of accurate observation is | Damien Miller <djm at
mindrot.org>
| commonly called cynicism by those who | @Work <djm at ibs.com.au>
| have not got it'' - George Bernard Shaw | http://www.mindrot.org
Another snapshot for your enjoyment and testing.
There is one known problem: SSH2 sessions do not exit if there are
backgrounded processes with open std{in,out,err} fds.
This release includes several large changes from the OpenBSD team:
- ssh-keygen -X now reads private ssh.com DSA keys (Markus Friedl)
- Interop with ssh.com ssh-agent2 (res at shore.net)
- Initial implementation of DH group exchange
draft-provos-secsh-dh-group-exchange-00.txt (Niels Provos,
Uni. Windsor)
- Support "scp -o ssh-opt" (Markus Frield and Ben Lindstrom)
- Add SKEY support to SSH2 using kbd-interactive auth method
(mkiernan at avantgo.com and Markus Friedl)
- Allow single-DES for SSH1 clients (used to connect to Cisco
routers) (Markus Friedl)
- rijndael/aes support (Markus Friedl)
Enjoy.
-d
--
| ``The power of accurate observation is | Damien Miller <djm at
mindrot.org>
| commonly called cynicism by those who | @Work <djm at ibs.com.au>
| have not got it'' - George Bernard Shaw | http://www.mindrot.org
openssh-SNAP-20001014.tar.gz configures, compiles, and installs fine from
tarball on this x86 SuSE 6.4 GNU/Linux system:
Host: i686-pc-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall -I. -I. -I/usr/local/ssl/include
Linker flags: -L/usr/local/ssl/lib -L/usr/local/ssl
Libraries: -ldl -lnsl -lz -lutil -lpam -lcrypto -lwrap
dtc
---
Daniel T. Chen | chenda at cs.unc.edu
On Sat, 14 Oct 2000, Damien Miller wrote:
> Another snapshot for your enjoyment and testing.
>
> There is one known problem: SSH2 sessions do not exit if there are
> backgrounded processes with open std{in,out,err} fds.
>
> This release includes several large changes from the OpenBSD team:
>
> - ssh-keygen -X now reads private ssh.com DSA keys (Markus Friedl)
> - Interop with ssh.com ssh-agent2 (res at shore.net)
> - Initial implementation of DH group exchange
> draft-provos-secsh-dh-group-exchange-00.txt (Niels Provos,
> Uni. Windsor)
> - Support "scp -o ssh-opt" (Markus Frield and Ben Lindstrom)
> - Add SKEY support to SSH2 using kbd-interactive auth method
> (mkiernan at avantgo.com and Markus Friedl)
> - Allow single-DES for SSH1 clients (used to connect to Cisco
> routers) (Markus Friedl)
> - rijndael/aes support (Markus Friedl)
>
> Enjoy.
>
> -d
>
>
>
This fixes a few problems since the last one and incorporates some
more work from the OpenBSD team.
http://www.mindrot.org/misc/openssh/openssh-SNAP-20001016.tar.gz
Most notable are the bug fix for hanging ssh2 sessions with background
processes and the new AllowTcpForwarding option.
-d
Changelog:
20001016
- (djm) Sync with OpenBSD:
- markus at cvs.openbsd.org 2000/10/14 04:01:15
[cipher.c]
debug3
- markus at cvs.openbsd.org 2000/10/14 04:07:23
[scp.c]
remove spaces from arguments; from djm at mindrot.org
- markus at cvs.openbsd.org 2000/10/14 06:09:46
[ssh.1]
Cipher is for SSH-1 only
- markus at cvs.openbsd.org 2000/10/14 06:12:09
[servconf.c servconf.h serverloop.c session.c sshd.8]
AllowTcpForwarding; from naddy@
- markus at cvs.openbsd.org 2000/10/14 06:16:56
[auth2.c compat.c compat.h sshconnect2.c version.h]
OpenSSH_2.3; note that is is not complete, but the version number
needs to be changed for interoperability reasons
- markus at cvs.openbsd.org 2000/10/14 06:19:45
[auth-rsa.c]
do not send RSA challenge if key is not allowed by key-options; from
eivind at ThinkSec.com
- markus at cvs.openbsd.org 2000/10/15 08:14:01
[rijndael.c session.c]
typos; from stevesk at sweden.hp.com
- markus at cvs.openbsd.org 2000/10/15 08:18:31
[rijndael.c]
typo
- (djm) Copy manpages back over from OpenBSD - too tedious to wade
through diffs
- (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
<pekkas at netcore.fi>
- (djm) Update version in Redhat spec file
- (djm) Merge some of Nalin Dahyabhai <nalin at redhat.com> changes from
the
Redhat 7.0 spec file
20001015
- (djm) Fix ssh2 hang on background processes at logout.
20001014
- (stevesk) Include config.h in rijndael.c so we define intXX_t and
u_intXX_t types on all platforms.
- (stevesk) rijndael.c: cleanup missing declaration warnings.
- (stevesk) ~/.hushlogin shouldn't cause required password change to
be bypassed.
- (stevesk) Display correct path to ssh-askpass in configure output.
Report from Lutz Jaenicke.
- (bal) Add support for realpath and getcwd for platforms with broken
or missing realpath implementations for sftp-server.
- (bal) Corrected mistake in INSTALL in regards to GNU rx library
- (bal) Add support for GNU rx library for those lacking regexp support
--
| ``The power of accurate observation is | Damien Miller <djm at
mindrot.org>
| commonly called cynicism by those who | @Work <djm at ibs.com.au>
| have not got it'' - George Bernard Shaw | http://www.mindrot.org
openssh-SNAP-20001016.tar.gz configures, compiles, installs, and runs
cleanly on this x86 SuSE 6.4 GNU/Linux system. Hanging ssh2 sessions
appear to have been fixed.
Host: i686-pc-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall -I. -I. -I/usr/local/ssl/include
Linker flags: -L/usr/local/ssl/lib -L/usr/local/ssl
Libraries: -ldl -lnsl -lz -lutil -lpam -lcrypto -lwrap
dtc
---
Daniel T. Chen | chenda at cs.unc.edu
On Mon, 16 Oct 2000, Damien Miller wrote:
>
>
> This fixes a few problems since the last one and incorporates some
> more work from the OpenBSD team.
>
> http://www.mindrot.org/misc/openssh/openssh-SNAP-20001016.tar.gz
>
> Most notable are the bug fix for hanging ssh2 sessions with background
> processes and the new AllowTcpForwarding option.
>
> -d
On Mon, Oct 16, 2000 at 02:35:12PM +1100, Damien Miller wrote:> > > This fixes a few problems since the last one and incorporates some > more work from the OpenBSD team. > > http://www.mindrot.org/misc/openssh/openssh-SNAP-20001016.tar.gz > > Most notable are the bug fix for hanging ssh2 sessions with background > processes and the new AllowTcpForwarding option.Host: hppa2.0-hp-hpux10.20 Compiler: cc Compiler flags: -O -I. -I. -Ae -D_HPUX_SOURCE +DAportable -I/usr/local/include -I/usr/local/ssl/include Linker flags: -L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/ssl Libraries: -lz -lsec -lcrypto -lwrap looks fine :-) Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
On Mon, Oct 16, 2000 at 02:35:12PM +1100, Damien Miller wrote:> > http://www.mindrot.org/misc/openssh/openssh-SNAP-20001016.tar.gz > > Most notable are the bug fix for hanging ssh2 sessions with background > processes and the new AllowTcpForwarding option. >Seems to be working fine: Host: mips-sgi-irix6.5 Compiler: cc Compiler flags: -g -I. -I. -I/usr/local/include -I/usr/local/ssl/include Linker flags: -L/usr/local/ssl/lib -L/usr/local/ssl Libraries: -lz -lcrypto -lwrap Good to see the hanging ssh2 sessions are gone.. -jf -- Donate spare cpucycles to GRISK <http://www.ii.uib.no/grisk/>
Works like a charm on sparc-sun-solaris2.6. The default-path bug I reported is fixed. The pam_chauthtok() stuff works as well, however: Using the same modules, in.telnetd does this when I have an expired login: Your password has expired and you have 6 grace login(s). Do you want to change your password now ([y]es/[n]o): while sshd forces me to change my password: Your password has expired and you have 5 grace login(s). Warning: Your password has expired, please change it now New password:
OpenSSH configured has been configured with the following options.
User binaries: /usr/bin
User binaries: /usr/bin
System binaries: /usr/sbin
Configuration files: /etc
Askpass program: /usr/sbin/ssh-askpass
Manual pages: /usr/man/manX
PID file: /var/run
Random number collection: Device (/dev/urandom)
Manpage format: man
PAM support: no
KerberosIV support: no
AFS support: no
S/KEY support: no
TCP Wrappers support: no
MD5 password support: no
IP address in $DISPLAY hack: no
Use IPv4 by default hack: no
Translate v4 in v6 hack: no
Host: i686-pc-cygwin
Compiler: gcc
Compiler flags: -g -O2 -Wall -I. -I. -I/usr/include
Linker flags: -L/usr/lib -L/usr
Libraries: -lz -lregex /usr/lib/textmode.o -lcrypto
Looks good but I had to change configure.in since Cygwin has a V8
regex so we have to provide POSIX regex as a separate library
which we will do as soon as we release the new OpenSSH-2.3.0:
Index: configure
==================================================================RCS file:
/src/cvsroot/openssh-20001016/configure,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 configure
--- configure 2000/10/16 16:16:21 1.1.1.1
+++ configure 2000/10/17 10:33:46
@@ -1352,7 +1352,7 @@ EOF
mansubdir=cat
;;
*-*-cygwin*)
- LIBS="$LIBS /usr/lib/textmode.o"
+ LIBS="$LIBS -lregex /usr/lib/textmode.o"
cat >> confdefs.h <<\EOF
#define HAVE_CYGWIN 1
EOF
Index: configure.in
==================================================================RCS file:
/src/cvsroot/openssh-20001016/configure.in,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 configure.in
--- configure.in 2000/10/16 16:16:21 1.1.1.1
+++ configure.in 2000/10/17 10:32:48
@@ -58,7 +58,7 @@ case "$host" in
mansubdir=cat
;;
*-*-cygwin*)
- LIBS="$LIBS /usr/lib/textmode.o"
+ LIBS="$LIBS -lregex /usr/lib/textmode.o"
AC_DEFINE(HAVE_CYGWIN)
AC_DEFINE(DISABLE_PAM)
AC_DEFINE(DISABLE_SHADOW)
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin at sources.redhat.com
Red Hat, Inc.
mailto:vinschen at cygnus.com