Hi, I'm not subscribed to that list, so please keep me in cc, if you decide to answer my question I'm trying to compile and install openssh for some solaris7-machines. Everything works fine, but I'm continuously failing to connect openssh's sshd with scp: I've tried openssh-2.5.1p1: the daemon died with signal 11 (SIG_SEGV) - sure I've read the hint on that list (http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98322740311031&w=2), and with the described workaround the daemon no longer crashes - but the whole transaction hangs. In the meantime openssh-2.5.1p2 appeared and I tested, whether the problems are fixed in this version. Without any patch the daemon does not crash, but the communication still is hanging. The daemon starts a shell, the shell execs a 'scp -t <filename>' and nothing happens. A traceback of the running process (done with Solaris proctool) shows, that scp seems to block while reading (from a socket, I suppose). I tried to contact the server with several implementations of the client (linux, solaris, ssh, openssh etc), but I cant get the stuff working. So if anybody on the list has an helpful hint I would be very happy. Feel free to ask if you need more information about config params or something like that. Thanks in advance! J?rgen --------------------------------------------------------------------- J?rgen Ellinger Siemensstra?e 44 D-88250 Weingarten, Germany e-mail: ellinger at informatik.uni-tuebingen.de
Hi, I've just joined the list, so please forgive if I missed something in the FAQ/docs etc. Overview I am likely to need to allow someone (untrusted) to forward a port on one of my boxes to one of theirs for EDI. It appears to involve only one port, so an IPSEC-type VPN is likely to be over the top. I'd like to do this with ssh port forwarding, but to only allow a single port to be forwarded. I'd also like to prevent the remote party forwarding a local (on their machine) port to random ports on machines in my DMZ. The target platforms I am aware of are Linux/Solaris boxes. This raises questions about coding against the portable vs non-portable code bases. Since I know less about the codebase than you guys, I'd like some guidance on the following: My plan is to provide an account, a dsa key, and a shell which effectively goes to sleep for a week, and ask the other party to put this in a loop. Is there an easier way to do what I want to do, either with ssh or another tool? I have a couple of questions on the project 1. Would patches adding this sort of functionality be accepted by the project if it followed man 9 style? 2. Which source tree would patches need to work against? 3. I would need to add statements to sshd_config (and the ServerOptions struct in serverconf.h). Could someone sanity check the outline spec below to tell me what they think? Spec Sshd_config changes Either: New values for the AllTcpForwarding keyword (valid values now [no | incoming | outgoing | yes]) incoming would allow a -L type connection outgoing would allow a -R type connection yes would allow both Or New keywords IncomingPortsAllowed, OutgoingPortsAllowed, (and maybe IncomingPortsDenied, OutgoingPortsDenied. I would prefer a default deny stance, but I could be persuaded otherwise.) Probably a combination of both is best. type ServerOptions (from servconf.h) changes: Add the following to the structure: u_int num_allow_incoming_forwarded_ports; char *allow_incoming_forwarded_ports; u_int num_allow_outgoing_forwarded_ports; char *allow_outgoing_forwarded_ports; Extra source files: Add .c and .h files portaccess or incomingportaccess and outgoingportaccess similar to groupaccess.[ch] Any other tips would be useful. Thanks for your time. Regards Kieran