search for: cerni

Hi, the mercurial repository http://hg.mindrot.org/openssh hasn't been updated since a while now - are there any plans on bringing it back up-to-date again? Is there anything I could do to help with that? Thanks Cheers Petr -- Petr Cerny Mozilla/OpenSSH maintainer for SUSE Linux

Hi, it seems that setting ForwardX11Trusted = yes ForwardX11Timeout = 0 causes untrusted connections to be refused immediately. While this certainly makes sense this way, I believe in this case ForwardX11Timeout = 0 might be better used for disabling the timeout entirely (the current behaviour is the same as ForwardX11Trusted = no). Is there some reason while this would be a bad idea?

Hi, as recently noticed by one of our customers, ssh tends to perform hostname matching in a case sensitive manner since the lowercasing has been delayed till after configuration parsing (by commits d56b44d2dfa093883a5c4e91be3f72d99946b170 and eb6d870a0ea8661299bb2ea8f013d3ace04e2024). Given that hostnames are ususally interpreted in a case insensitive way (and the code actually expects the

https://bugzilla.mindrot.org/show_bug.cgi?id=1701 Summary: FIPS-140-2 requires call to RAND_cleanup() before the program using RAND exits Product: Portable OpenSSH Version: 5.3p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous

Thank you both, Rowland and Louis. I'll try to answer you both and give you more info about our domain. Generally: In the past, we have Samba 3.5 NT4 domain on SLES server (designed ages before, never upgraded). In 2015 I finally decided to migrate to Samba 4 AD. In those day it was 4.2. samba-tool ntacl sysvolcheck was ok, no errors. AD worked (and working) as expected. This summer, I

On Tue, 28 Feb 2017, Eduardo Barretto wrote: > On 13-02-2017 13:23, Eduardo Barretto wrote: > > This patch enables specific ioctl calls for ICA crypto card on s390 > > platform. Without this patch, users using the IBMCA engine are not able > > to perform ssh login as the filter blocks the communication with the > > crypto card. > > > > Signed-off-by: Harald

Hai, I leave the advice about the uid/gid numbering to Rowland, i can not give a good advice on that. The script was made in such a way that it should not matter what uid/gids are where used. The script looks them up for you, but it must be error free so we are sure what is set is correct. If you look in the script, you see the four SID. DC_SERVER_OPERATORS="S-1-5-32-549"

https://bugzilla.mindrot.org/show_bug.cgi?id=2685 Bug ID: 2685 Summary: Case sensitive hostname matching Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2143 Bug ID: 2143 Summary: X11 forwarding for ipv4 is broken when ipv6 is disabled on the loopback interface Product: Portable OpenSSH Version: 5.3p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=1974 Bug #: 1974 Summary: Support for encrypted host keys Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo:

Hello, I am trying to install FreeBSD 9.2-RC4 on Supermicro server with Intel Xeon E3-1240 v3 processor. The processor has 4 cores with 8 threads. However only one core is detected (with two threads): FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 SMT threads cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 The motherboard is Supermicro X10SLM-F. All

https://bugzilla.mindrot.org/show_bug.cgi?id=1872 Petr Cerny [:hrosik] <pcerny at suse.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pcerny at suse.cz -- You are receiving this mail because: You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Petr Cerny [:hrosik] <pcerny at suse.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pcerny at suse.cz -- You are receiving this mail because: You are watching the assignee of the bug. You are

https://bugzilla.mindrot.org/show_bug.cgi?id=1873 Petr Cerny [:hrosik] <pcerny at suse.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pcerny at suse.cz -- You are receiving this mail because: You are watching the assignee of the bug.

Hi, Is FIPS 140-2 patch for openssh 6.3.p1 available somewhere or do I have to make one using http://www.openssl.com/export/openssh/openssh-6.0p1.fips-revised.patch ? Regards, Manish

Hello everyone. In our company we use Samba 4 for about 3 years (classic upgraded from Samba 3.5 + LDAP to Sernet Samba 4.2). We used CentOS 6 for domain controllers and with Bind bundled in this distro was impossible to use dynamic DNS updates. And because I don't like using compiled SW on production servers, we used Samba internal DNS, which worked well (dynamic updates). With one non

Hello everyone. I'm trying to fix sysvol rights, because i see errors in output of /usr/bin/samba-tool ntacl sysvolcheck ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/samdom.svmetal.cz/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9}

https://bugzilla.mindrot.org/show_bug.cgi?id=2558 Bug ID: 2558 Summary: Add RemoteCommand option to ssh client Product: Portable OpenSSH Version: 7.2p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

To Rowland: > This was perfectly common, nobody thought this would ever be a problem,mainly because you had to have a user or group in /etc/passwd> or /etc/group mapped to a Samba. Now with AD, you do not need a user or group in /etc/passwd or /etc/group, so any user or group that uses the RID as a Unix ID is> probably too low and is denying the use of any local Unix users Yes, but where

Hello, guys. I?d like to upgrade our Samba 4.11 AD to 4.12. In release notes, REMOVED FEATURES, I see this: ?Retiring DES encryption types in Kerberos. ------------------------------------------ With this release, support for DES encryption types has been removed from Samba, and setting DES_ONLY flag for an account will cause Kerberos authentication to fail for that account (see RFC-6649).? In