search for: auth_sock_name

...ug 2006 10:40:19 -0000 1.219 +++ usr.bin/ssh/session.c 18 Sep 2006 09:32:57 -0000 @@ -844,6 +844,9 @@ child_set_env(&env, &envsize, "KRB5CCNAME", s->authctxt->krb5_ticket_file); #endif +#ifdef BSD_AUTH + bsdauth_child_set_env(&env, &envsize); +#endif if (auth_sock_name != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_sock_name); ###################################### Solution 2: ###################################### This one saves the current environment and lets auth_close() do the changes on an empty envir...

...for a long time. Would any of these approaches be acceptable? Any other ideas? Thanks, Andrew --- session.c.orig 2013-08-03 13:22:10.354171156 -0700 +++ session.c 2013-08-05 09:58:00.017397667 -0700 @@ -1307,6 +1307,17 @@ child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_sock_name); + char name[256]; + u_int n = 0; + for (i = 0; i < 100; i++) { + Channel *c = channel_by_id(i); + if (c == NULL || c->type != SSH_CHANNEL_RPORT_LISTENER) + continue; + snprintf(name, sizeof name, "SSH_REMOTE_FORWARD_PORT_%d", n); + snprintf(buf, sizeof buf, "%d",...

...strncasecmp(opts, cp, strlen(cp)) == 0) { + if (options.permit_user_env && + strncasecmp(opts, cp, strlen(cp)) == 0) { char *s; struct envstring *new_envstring; --- session.c 22 Jul 2002 11:03:06 -0000 1.145 +++ session.c 24 Jul 2002 16:55:27 -0000 @@ -899,7 +899,7 @@ auth_sock_name); /* read $HOME/.ssh/environment. */ - if (!options.use_login) { + if (options.permit_user_env && !options.use_login) { snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); read_environment_file(&env, &envsize, buf);

https://bugzilla.mindrot.org/show_bug.cgi?id=2681 Bug ID: 2681 Summary: postauth processes to log via monitor Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

...lag) { - debug("Port forwarding not permitted for this authentication."); - break; - } - if (!options.allow_tcp_forwarding) { + if (auth_restricted(RESTRICT_TCP, s->pw)) { debug("Port forwarding not permitted."); break; } @@ -1085,7 +1083,7 @@ auth_sock_name); /* read $HOME/.ssh/environment. */ - if (options.permit_user_env && !options.use_login) { + if (!options.use_login && !auth_restricted(RESTRICT_ENV, pw)) { snprintf(buf, sizeof buf, "%.200s/.ssh/environment", strcmp(pw->pw_dir, "/") ? pw->pw...

Numerous how-tos all over the Internet show how one would set up a tunnel using ssh, e.g.: ssh -f -o Tunnel=ethernet <server_ip> true I was wondering if there's a way to subsequently acquire the names of the local and remote tun/tap interfaces (e.g., using the default "-w any:any") for subsequent automatic tunnel configuration, e.g.: ip link set $TapDev up ip link set

...to try. */ @@ -122,8 +123,9 @@ */ static char *x11_fake_data = NULL; static u_int x11_fake_data_len; +#endif - +#ifdef WITH_AGENTFWD /* -- agent forwarding */ #define NUM_SOCKS 10 @@ -131,12 +133,15 @@ /* Name and directory of socket for authentication agent forwarding. */ static char *auth_sock_name = NULL; static char *auth_sock_dir = NULL; +#endif /* AF_UNSPEC or AF_INET or AF_INET6 */ static int IPv4or6 = AF_UNSPEC; +#ifdef WITH_TCPFWD /* helper */ static void port_open_helper(Channel *c, char *rtype); +#endif /* -- channel core */ @@ -678,6 +683,7 @@ chan_fn *channel_pre[SSH...

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in