search for: appgate

...ort forwards in a slave. So I patched openssh to make it possible to add port forwards via a slave process. This is done by creating a new command which can be sent over the control connection (SSHMUX_COMMAND_FORWARD). The patch against openssh current can be downloaded (13K) from: http://www.appgate.com/downloads/maf/slavepf-current.patch I would be happy if other people found it useful and if it could make it into the official distribution. /MaF -- Martin Forssen <maf at appgate.com> Development Manager Phone: +46 31 7744361 AppGate Network Secur...

...fs.h> /* FIGETBSZ, FIBMAP */ @@ -372,6 +373,11 @@ usage(); /* + * Fix sigchld handling + */ + signal(SIGCHLD, SIG_DFL); + + /* * First make sure we can open the device at all, and that we have * read/write permission. */ /MaF -- Martin Forssen <maf at appgate.com> Development Manager Phone: +46 31 7744361 AppGate Network Security AB

Has any thought toward a v3 protocol spec been discussed elsewhere, and if so what enhancements are being looked at. Is it too early to consider such things, or should we open the door to the new features a protocol update would bring? More specifically I have been investigating working toward a more enterprise-friendly hierichical authentication scheme, but I have quickly realized the

Could someone provide a description of the config setting KbdInteractiveDevices And how it would be used. There is no mention of this here: http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config&sektion=5&arch=&apropos=0&manpath=OpenBSD+Current And a quick glance of the source doesn't seem to reveal much. Thanks in advance, scott

hi, we have been looking for ways to implement digital certificate authentication in openssh. Pointers to similar kind of ongoing work will be more appreciated. Thanks.

...or the last three months I see that this algorithm would have blocked approximately 98.5% of all bot-attempts. My question now is if the OpenSSH developers are interested in an implementation of this? Or would I waste my time if I ported it to standard OpenSSH? /MaF -- Martin Forssen <maf at appgate.com> Development Manager Phone: +46 31 7744361 AppGate Network Security AB

Hi, I'm getting this error when I ssh to the servers. ssh_exchange_identification: Connection closed by remote host I added /etc/hosts.allow and it actually worked once and if I tried again I get the same error. OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090702f debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Rhosts Authentication disabled,

...ter unsigned char *c; 8<-------------------patch for openssh-2.2.0-------------------------- Vendor Response: CORE SDI has issued their own advisory detailing fix information and has also pointed out that SSH1 clients are also vulnerable. Bjorn Gronvall - OSSH Fixed in version ossh-1.5.8 AppGate The default configuration of the AppGate server is not vulnerable since it has SSH-1 support disabled. However customers who need ssh1-support can contact support at appgate.com to get patches. Mindbright The MindTerm client does not have this vulnerability. SSH Current release 2.4.0...

Hi, I have to implement SFTP using a Java program. I am looking for a package that implements a SFTP Client(preferably with sample code on usage). I need this in order to do SFTP file upload from my Java program. Any help would be appreciated. Thanks in advance. Regards, Preetha.

...erable - SSH1 is deprecated, and not supported, upgrade to SSH2 - Nonetheless the proposed patch has been applied to the ssh-1.2.x source tree, future releases of ssh-1.2.x will have the bug closed. F-Secure SSH F-Secure SSH-1.3.x is vulnerable. Contact the vendor for a fix. AppGate The default configuration of the AppGate server is not vulnerable since it has SSH-1 support disabled. However customers who need ssh1-support can contact support at appgate.com to get patches. Mindbright The MindtTerm client does not have this vulnerability. TTSSH Not vulnerable....

Hello list! So I recently reconfigured our office network to allow a permanent VPN connection to our data center. This consists of a Juniper SSG-520 connected via a tunnel to a Juniper Netscreen-25 over a 100M leased NTT VPN (yes I'm tunneling over the VPN as it's the only way to make it routable.) Here is where OpenSSH come in. When I try and ssh to a machine on the other end

...on two systems that are CentOS 7, a server, and >> a workstation that I literally built yesterday, and grep -i on >> both reports "no, not here". > > Yes, as it's undocumented, but enabled since about 2010. FYI: https://github.com/openssh/openssh-portable/search?q=AppGate+Network+Sec urity+AB > Even OpenBSD 5.9 (pre-release, it's going to be released on May > 1st, 2016) does not mention it. > > Timo > >> mark -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlaX2IIACgkQuSPmkPhAW0rh0AD+Kje8MZE5xlnK1YQlH1H7oFgK M6JOfkgiWt3gvdzO...

...proved Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: maf at appgate.com I recentry tried the cvs-version of portable openssh, but it refused to run since the privsep directory had bad owner or mode. I had to check teh code to see which owner and mode it should have. How about modifying the error to provide this information. I will attach a patch which fixes this....

http://bugzilla.mindrot.org/show_bug.cgi?id=476 ------- Additional Comments From maf at appgate.com 2003-01-27 20:30 ------- Created an attachment (id=209) --> (http://bugzilla.mindrot.org/attachment.cgi?id=209&action=view) Improves the error message ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

I just stumbled across this thread on openssh-dev... Is there anywhere to track progress on this issue? It'd be a fantastic feature that would fix all sorts of problems I deal with regularly. You may also be interested in an article "Design and Implementation of a Mobile SSH Protocol", if you haven't seen it, since that team implemented (afaict) the same feature, whether or not

http://bugzilla.mindrot.org/show_bug.cgi?id=112 ------- Additional Comments From dan at doxpara.com 2002-02-13 11:43 ------- Heh, I kinda like that. You should update the yes/no prompt to say that pasting the expected host key will result in appropriate testing, as well as providing some sort of error if the remote side *doesn't* match the key pasted in. I hadn't thought of cut

Probably worth a read... http://www.openssh.com/txt/release-7.1p2 > Important SSH patch coming soon. For now, everyone on all operating > systems, please do the following: > > Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no" > to prevent upcoming #openssh client bug CVE-2016-0777. More later. echo "UseRoaming no" >>

...5-05-23 12:58:12.193450191 +0200 @@ -147,7 +147,7 @@ roaming_resume(void) resume_in_progress = 1; /* Exchange banners */ - ssh_exchange_identification(timeout_ms); + ssh_exchange_identification(timeout_ms, ""); packet_set_nonblocking(); /* Send a kexinit message with resume at appgate.com as only kex algo */ diff -up openssh-6.6p1/sshconnect.c.original openssh-6.6p1/sshconnect.c --- openssh-6.6p1/sshconnect.c.original 2015-05-23 11:56:55.235217137 +0200 +++ openssh-6.6p1/sshconnect.c 2015-05-23 13:43:41.426983727 +0200 @@ -515,12 +515,13 @@ ssh_connect(const char *host, struct a...

Hi, SSH.COM/F-Secure version 2.0.xx sends/receives SSH_MSG_CHANNEL_OPEN_FAILURE packets without the additional two strings (additional info/language tag) - I think the SecSH drafts at that time didn't have those two strings. Possibly some other implementations have this problem too. Anyway, a fix for OpenSSH (against latest cvs tree) is included. (This has been partially fixed before in

Hi, I just tries to convert an old ssh2 dsa-key generated by F-Secure SSH in 1998. The problem is that the base64-encoding of this key is bad. They key works just fine when using F-Secure SSH but openssh will not convert it. My question now is if people think it is worth fixing this, and if it is where should it be fixed? One could either fixed the base64-routines to be more tolerant, but that