search for: activep

... and I guess your next question will be about compilation environment, so: ``` $ gcc --version gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210 Copyright (C) 2023 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ``` I'm running on gentoo. I tested that the

...t; #include "digest.h" +#include "sshbuf.h" /* Format of the configuration file: @@ -133,11 +134,11 @@ */ static int read_config_file_depth(const char *filename, struct passwd *pw, - const char *host, const char *original_host, Options *options, - int flags, int *activep, int *want_final_pass, int depth); + const char *host, const char *original_host, struct sshbuf *remote_command, + Options *options, int flags, int *activep, int *want_final_pass, int depth); static int process_config_line_depth(Options *options, struct passwd *pw, - const char *host, con...

https://bugzilla.mindrot.org/show_bug.cgi?id=3122 Bug ID: 3122 Summary: New Include functionality does not work as documented Product: Portable OpenSSH Version: 8.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs

...t; #include "digest.h" +#include "sshbuf.h" /* Format of the configuration file: @@ -133,11 +134,11 @@ */ static int read_config_file_depth(const char *filename, struct passwd *pw, - const char *host, const char *original_host, Options *options, - int flags, int *activep, int *want_final_pass, int depth); + const char *host, const char *original_host, struct sshbuf *remote_command, + Options *options, int flags, int *activep, int *want_final_pass, int depth); static int process_config_line_depth(Options *options, struct passwd *pw, - const char *host, con...

Hey there, I often want different behavior in my ssh client depending on whether I'm logging into an interactive session or running a remote non-interactive command. We can see at, say, https://unix.stackexchange.com/a/499562/305714 that this isn't a unique wish, and existing solutions are kind of baroque. Typical reasons to do this are to immediately go into a screen or tmux session; for

...ne %d: Missing yes/no argument.", filename, linenum); @@ -364,7 +365,7 @@ goto parse_int; case oIdentityFile: - cp = strtok(NULL, WHITESPACE); + cp = strtok(NULL, WHITESPACE_EQ); if (!cp) fatal("%.200s line %d: Missing argument.", filename, linenum); if (*activep) { @@ -378,7 +379,7 @@ case oUser: charptr = &options->user; parse_string: - cp = strtok(NULL, WHITESPACE); + cp = strtok(NULL, WHITESPACE_EQ); if (!cp) fatal("%.200s line %d: Missing argument.", filename, linenum); if (*activep && *charptr == NULL) @@ -40...

Hi All. For various reasons, we're currently looking at extending (or even overhauling) the config parser used for sshd_config. Right now the syntax I'm looking at is a cumulative "Match" keyword that matches when all of the specified criteria are met. This would be similar the the Host directive used in ssh_config, although it's still limiting (eg you can't easily

...f.c +++ b/servconf.c @@ -1451,12 +1451,8 @@ process_server_config_line(ServerOptions *options, char *line, if (!arg || *arg == '\0') fatal("%s line %d: missing file name.", filename, linenum); - if (*activep && *charptr == NULL) { + if (*activep && *charptr == NULL) *charptr = tilde_expand_filename(arg, getuid()); - /* increase optional counter */ - if (intptr != NULL) - *intp...

...ysCommandUser, SSHCFG_ALL }, @@ -1239,7 +1239,7 @@ process_server_config_line(ServerOptions if (!ciphers_valid(arg)) fatal("%s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, arg ? arg : "<NONE>"); - if (options->ciphers == NULL) + if (*activep && options->ciphers == NULL) options->ciphers = xstrdup(arg); break; @@ -1250,7 +1250,7 @@ process_server_config_line(ServerOptions if (!mac_valid(arg)) fatal("%s line %d: Bad SSH2 mac spec '%s'.", filename, linenum, arg ? arg : "<NONE...

Hello, I am trying to force a command for all users *except* for users in the "wheel" group. My idea was to do the following in sshd_config: ForceCommand /usr/bin/validate-ssh-command Match Group wheel ForceCommand But obviously this doesn't work, because ForceCommand requires an argument. I couldn't find a way to achieve what I want. I wrote a patch that adds a

...f --git a/readconf.c b/readconf.c index 4e3791cb7cc6..6d99d2efae92 100644 --- a/readconf.c +++ b/readconf.c @@ -1044,7 +1044,8 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, const char *original_host, char *line, const char *filename, int linenum, int *activep, int flags, int *want_final_pass, int depth) { - char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p; + char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *arg_pre, *p; + char thishost[NI_MAXHOST], shorthost[NI_MAXHOST]; char **cpptr, ***cppptr, fwdarg[256]; u_int i, *uintptr...

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

...char line[1024]; ... 1730 while (fgets(line, sizeof(line), f)) { 1731 /* Update line number counter. */ 1732 linenum++; 1733 if (process_config_line_depth(options, pw, host, original_host, 1734 line, filename, linenum, activep, flags, depth) != 0) 1735 bad_options++; 1736 } if fgets() runs across a very long input line, whatever won't fit in the given buffer (sizeof line) is left unread on the input stream, to be picked up by later reads. this is the documented behavior of fgets()....

...|| strcmp(arg, "false") == 0) value = 0; + else if (strcmp(arg, "warn") == 0) + value = 2; else - fatal("%.200s line %d: Bad yes/no argument.", filename, linenum); + fatal("%.200s line %d: Bad yes/no/warn argument.", filename, linenum); if (*activep && *intptr == -1) *intptr = value; break; case oForwardX11: intptr = &options->forward_x11; - goto parse_flag; + goto parse_yesnowarn; case oGatewayPorts: intptr = &options->gateway_ports; - goto parse_flag; +parse_flag: + arg = strdelim(&s); + if...

This patch series consists of minor fixes and cleanups I made during update to openssh V_4_6 branch. openssh/auth-pam.c | 9 ++++----- openssh/auth2.c | 2 -- openssh/readconf.c | 7 ++++--- openssh/servconf.c | 14 ++++++++------ openssh/sftp-server.c | 9 ++++++--- openssh/sshd.c | 2 +- 6 files changed, 23 insertions(+), 20 deletions(-) -- ldv

...;0' || arg[0] > '9') + fatal("%.200s line %d: Bad number.", filename, linenum); + + /* Octal, decimal, or hex format? */ + value = strtol(arg, &endofnumber, 0); + if (arg == endofnumber) + fatal("%.200s line %d: Bad number.", filename, linenum); + if (*activep && *intptr == -1) + *intptr = value; + if (options->bogus_traffic_interval_min >= value) + fatal("%.200s line %d: Bad value.", filename, linenum); + break; + + case oBogusTrafficIntervalMin: + intptr = &options->bogus_traffic_interval_min; + arg = strdelim(&...

...ote_forwards[options->num_remote_forwards++]; + fwd->listen_host = listen_host == NULL ? NULL : xstrdup(listen_host); fwd->port = port; fwd->host = xstrdup(host); fwd->host_port = host_port; @@ -281,11 +283,12 @@ char *line, const char *filename, int linenum, int *activep) { - char buf[256], *s, **charptr, *endofnumber, *keyword, *arg; + char buf[256], buf2[256], *s, **charptr, *endofnumber, *keyword, *arg; int opcode, *intptr, value; size_t len; u_short fwd_port, fwd_host_port; char sfwd_host_port[6]; + char sfwd_port[6]; /* Strip trailing whitespace *...

...= 0; > else > debug("subsystem %.100s matched 'Subsystem %.100s' at " > "line %d", subsystem, arg, line); 666c701,702 < if (user != NULL) --- > > if (ci != NULL) 667a704 > 713,714c750 < const char *filename, int linenum, int *activep, const char *user, < const char *host, const char *address) --- > const char *filename, int linenum, int *activep, ConnectionInfo > *conninfo) 745c781 < if (user == NULL) { --- > if (conninfo == NULL) { 1316c1352,1354 < value = match_cfg_line(&cp, linenum, user...

Heya, Most of the windows ssh clients (putty, securecrt) have anti-idle features. They offer either a null packet or protocol no-op or user defined string to be sent over every x seconds. Is this possible or planned with the OpenSSH client? Our draconian firewall admins have started timing out ssh sessions. Yes I'm aware I could hack up a port forwarding dumb traffic process, but was

Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of