search for: 200s

...p = strtok(cp, WHITESPACE_EQ); opcode = parse_token(cp, filename, linenum); switch (opcode) { @@ -248,7 +249,7 @@ case oForwardAgent: intptr = &options->forward_agent; parse_flag: - cp = strtok(NULL, WHITESPACE); + cp = strtok(NULL, WHITESPACE_EQ); if (!cp) fatal("%.200s line %d: Missing yes/no argument.", filename, linenum); value = 0; /* To avoid compiler warning... */ @@ -330,7 +331,7 @@ case oStrictHostKeyChecking: intptr = &options->strict_host_key_checking; - cp = strtok(NULL, WHITESPACE); + cp = strtok(NULL, WHITESPACE_EQ); if (!cp...

Trying 2.1.1p2 on HP-UX 11 (trusted system) I get: Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on. Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector. Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk" Jul 3

...esp_retcode = PAM_SUCCESS; break; default: free(reply); @@ -103,22 +135,22 @@ if (pamh != NULL) { - pam_retval = pam_close_session((pam_handle_t *)pamh, 0); + pam_retval = pam_close_session(pamh, 0); if (pam_retval != PAM_SUCCESS) { log("Cannot close PAM session: %.200s", - PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + PAM_STRERROR(pamh, pam_retval)); } - pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED); + pam_retval = pam_setcred(pamh, PAM_DELETE_CRED); if (pam_retval != PAM_SUCCESS) { debug("Cannot delete creden...

...patch against 2.9.9p2's authfile.c: --- authfile.c.orig Sat Oct 6 19:52:16 2001 +++ authfile.c Sat Oct 6 19:53:11 2001 @@ -250,7 +250,7 @@ /* Check that it is at least big enough to contain the ID string. */ if (len < sizeof(authfile_id_string)) { - debug3("No RSA1 key file %.200s.", filename); + debug3("Not RSA1 key file %.200s.", filename); buffer_free(&buffer); return NULL; } @@ -260,7 +260,7 @@ */ for (i = 0; i < sizeof(authfile_id_string); i++) if (buffer_get_char(&buffer) != authfile_id_string[i]) { - debug3("No RSA1 ke...

...N_CAP + login_cap_t *lc; + char *hosts; + const char *from_host, *from_ip; + int denied; +#endif /* LOGIN_CAP */ /* Get the name of the user that we wish to log in as. */ packet_read_expect(&plen, SSH_CMSG_USER); @@ -1338,6 +1345,38 @@ packet_disconnect("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname()); } + +#ifdef LOGIN_CAP + lc = login_getpwclass(pw); + if (lc == NULL) + lc = login_getclassbyname(NULL, pw); + from_host = get_canonical_hostname(); + from_ip = get_remote_ipaddr(); + + denied = 0; + if ((hosts = login_getcapstr(lc, "host.deny",...

...he same as the 2 lines before the patch.) -- Andrew Bartlett abartlet at pcug.org.au -------------- next part -------------- --- auth-pam.c.orig Sat Feb 10 13:01:35 2001 +++ auth-pam.c Sat Feb 10 14:14:53 2001 @@ -191,14 +191,6 @@ { int pam_retval; - debug("PAM setting rhost to \"%.200s\"", get_canonical_hostname()); - pam_retval = pam_set_item(pamh, PAM_RHOST, - get_canonical_hostname()); - if (pam_retval != PAM_SUCCESS) { - fatal("PAM set rhost failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } - if (remote_user != NULL) { debu...

...splice of code is found in session.c #ifdef HAVE_LOGIN_CAP if (!auth_ttyok(lc, s->tty)) { (void)printf("Permission denied.\n"); log( "LOGIN %.200s REFUSED (TTY) FROM %.200s ON TTY %.200s", pw->pw_name, get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), s->tty); exit(254); } #endif /* HAVE_LOGIN_CAP */

is there a firmware for IAX for the snom 200's. or are there any other hard phones that use iax(2)? Thanks in advance!

...keys and I would like > to be able to make the distinction in the logs. Currently ssh only logs > that a ROOT user has logged in, not which one. hm, i don't think uid sharing is a standard unix feature. however, i think that we should drop this: authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ", authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user, get_remote_ipaddr(), get_remote_port(), info); and not print RO...

...ost_port[6]; + char sfwd_port[6]; /* Strip trailing whitespace */ for(len = strlen(line) - 1; len > 0; len--) { @@ -645,13 +648,32 @@ case oLocalForward: case oRemoteForward: + buf[0] = '\0'; + arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing port argument.", filename, linenum); - if ((fwd_port = a2port(arg)) == 0) - fatal("%.200s line %d: Bad listen port.", - filename, linenum); + + int slash_count = strcount( arg, '/' ); + int colon_count = strcount( arg, ':' ); + + i...

...ot;dynamicforward", oDynamicForward }, @@ -394,6 +396,42 @@ intptr = &options->keepalives; goto parse_flag; + case oBogusTrafficIntervalMax: + intptr = &options->bogus_traffic_interval_max; + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", filename, linenum); + if (arg[0] < '0' || arg[0] > '9') + fatal("%.200s line %d: Bad number.", filename, linenum); + + /* Octal, decimal, or hex format? */ + value = strtol(arg, &endofnumber, 0); + if (arg == endofnumber) +...

Heya, Most of the windows ssh clients (putty, securecrt) have anti-idle features. They offer either a null packet or protocol no-op or user defined string to be sent over every x seconds. Is this possible or planned with the OpenSSH client? Our draconian firewall admins have started timing out ssh sessions. Yes I'm aware I could hack up a port forwarding dumb traffic process, but was

...readconf.c.O Fri Oct 26 10:45:15 2001 +++ readconf.c Fri Oct 26 11:42:22 2001 @@ -296,28 +296,44 @@ /* NOTREACHED */ case oForwardAgent: intptr = &options->forward_agent; -parse_flag: +parse_yesnowarn: arg = strdelim(&s); if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing yes/no argument.", filename, linenum); + fatal("%.200s line %d: Missing yes/no/warn argument.", + filename, linenum); value = 0; /* To avoid compiler warning... */ if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) value...

...*user) debug("unable to get login class: %s", user); return (NULL); } +#ifdef HAVE_AUTH_HOSTOK + from_host = auth_get_canonical_hostname(ssh, options.use_dns); + from_ip = ssh_remote_ipaddr(ssh); + if (!auth_hostok(lc, from_host, from_ip)) { + debug("Denied connection for %.200s from %.200s [%.200s].", + pw->pw_name, from_host, from_ip); + return (NULL); + } +#endif /* HAVE_AUTH_HOSTOK */ +#ifdef HAVE_AUTH_TIMEOK + if (!auth_timeok(lc, time(NULL))) { + debug("LOGIN %.200s REFUSED (TIME)", pw->pw_name); + return (NULL); + } +#endif /* HAVE_AUTH_...

...L && muxserver_sock != -1) unlink(options.control_path); + if (pid_file) + unlink(pid_file); + /* * Send SIGHUP to proxy command if used. We don't wait() in * case it hangs and instead rely on init to reap the child @@ -1080,6 +1110,12 @@ fatal("daemon() failed: %.200s", strerror(errno)); } + if (pid_file) + { + if (write_pid_file(pid_file) == -1) + fatal("write_pid(%s) failed: %.200s", pid_file, strerror(errno)); + } + /* * If a command was specified on the command line, execute the * command now. Otherwise request the server to sta...

...oid pam_cleanup_proc(void *context); static struct pam_conv conv = { @@ -230,6 +231,12 @@ PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); } + pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED); + if (pam_retval != PAM_SUCCESS) { + log("Cannot delete credentials: %.200s", + PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + } + pam_retval = pam_end((pam_handle_t *)pamh, pam_retval); if (pam_retval != PAM_SUCCESS) { log("Cannot release PAM authentication: %.200s", @@ -301,6 +308,16 @@ if (pam_retval != PAM_SUCCESS) fatal("PAM...

Hi guys, and another feature request for sshd which I would classify as really useful. And I think this behaviour is currently not available (If yes, sorry, I must have missed it): > I believe that the sshd should log which RSA key was used to connect to > an account. When there are a number of keys in the authorized_keys file > it is often useful to know which one was used for each

Hi, I noticed the recent commit adding Match support to ssh(1). I look forward to giving it a try, but I have some initial feedback based on ssh_config.5 and an examiniation of match_cfg_line(). First, the "command" keyword could be a little deceptive. Although the man page makes the use of this keyword quite clear, my initial assumption was that the intent was to match against the

...pamh, pam_retval)); } +/* HP-UX doesn't like credentials to be deleted. Skip and rely on pam_end() */ +#ifndef __hpux if (__pamh && creds_set) { pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED); if (pam_retval != PAM_SUCCESS) debug("Cannot delete credentials[%d]: %.200s", pam_retval, PAM_STRERROR(__pamh, pam_retval)); } +#endif if (__pamh) { pam_retval = pam_end(__pamh, pam_retval); @@ -256,10 +257,8 @@ case PAM_SUCCESS: /* This is what we want */ break; -#if 0 case PAM_NEW_AUTHTOK_REQD: - message_cat(&__pam_msg, use_priv...

Hello, This change is to get the IdentityFile option processed from the included configuration files. Regards, Oleg Oleg Zhurakivskyy (1): Process the IdentityFile option from the included files readconf.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) -- 2.9.3