search for: channel_permit_all_opens

Displaying 10 results from an estimated 10 matches for "channel_permit_all_opens".

2000 Aug 11
1
OpenSSH Questions
Heya, I'm trying to convince my company to use OpenSSH instead of the commercial SSH version. I need a little help: 1. What features does OpenSSH offer over commercial SSH (besides being free and open source of course)? 2. Our lawyers want details on the licensing / patents stuff. I have the high level details from the OpenSSH page. I need the nitty gritty like RSA patent# and
2003 Jan 29
0
[PATCH] features for restricted shell environments
...c 29 Jan 2003 20:39:19 -0000 1.2 @@ -358,7 +360,7 @@ no_port_forwarding_flag &= ~2; no_agent_forwarding_flag &= ~2; no_x11_forwarding_flag &= ~2; - if (!no_port_forwarding_flag && options.allow_tcp_forwarding) + if (!auth_restricted(RESTRICT_TCP, auth_get_user())) channel_permit_all_opens(); #endif } --- auth.c 28 Jan 2003 18:06:51 -0000 1.1.1.2 +++ auth.c 29 Jan 2003 21:26:11 -0000 1.4 @@ -291,6 +293,31 @@ return 0; } +/* + * Is the user subject to this restriction? + */ +int +auth_restricted(int restriction, struct passwd *pw) +{ + debug2("user shell is %s", pw-&...
2009 Feb 17
2
Idea: reverse socks proxy
Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of
2005 Feb 22
0
TR: 3.8.1p1 option "permitopennet" added
...supply name)"); } packet_check_eom(); - sock = channel_connect_to(host, host_port); + sock = channel_connect_to(host, host_port, ctxt); if (sock != -1) { c = channel_new("connected socket", SSH_CHANNEL_CONNECTING, sock, sock, -1, 0, 0, 0, @@ -2349,7 +2366,7 @@ void channel_permit_all_opens(void) { - if (num_permitted_opens == 0) + if (num_permitted_opens == 0 && num_permittednet_opens == 0) all_opens_permitted = 1; } @@ -2368,6 +2385,35 @@ } void +channel_add_permittednet_opens(char *netblock, char *netmask, int porta, int portb) +{ + /* XXX this does not make any...
2017 May 04
5
OpenSSH contract development / patch
On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote: > Hi Devin, have you looked at using openssh certificates to help manage [...] > While the feature has been around for a while now (and is really > useful), there doesn't seem to be huge amount of documentation around > it. I found the following useful when getting a client of my running Yeah, when I wrote about it
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in
2002 Aug 13
1
[PATCH] global port forwarding restriction
...urn; for (i = 0; i < num_permitted_opens; i++) xfree(permitted_opens[i].host_to_connect); num_permitted_opens = 0; --- channels.h 24 Jul 2002 11:04:17 -0000 1.1.1.1 +++ channels.h 13 Aug 2002 18:47:22 -0000 @@ -193,7 +193,8 @@ /* tcp forwarding */ void channel_set_af(int af); void channel_permit_all_opens(void); -void channel_add_permitted_opens(char *, int); +void channel_fix_permitted_opens(void); +int channel_add_permitted_opens(char *); void channel_clear_permitted_opens(void); void channel_input_port_forward_request(int, int); int channel_connect_to(const char *, u_short); --- se...
2002 Nov 20
0
[PATCH #9] Password expiration via /bin/passwd.
....c: /* XXX: This would need to be done in the parent process, * but there's currently no way to pass such request. */ no_port_forwarding_flag &= ~2; no_agent_forwarding_flag &= ~2; no_x11_forwarding_flag &= ~2; if (!no_port_forwarding_flag && options.allow_tcp_forwarding) channel_permit_all_opens(); Isn't this all in the post-auth privsep slave? Or am I overlooking something? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judge...
2002 May 09
0
functions : server_input_channel_req userauth_pubkey
...Session *); static int session_pty_req(Session *); @@ -140,7 +140,7 @@ #endif void - -do_authenticated(Authctxt *authctxt) +do_authenticated(Authctxt *authctxt, const char *realname) { /* * Cancel the alarm we set to limit the time taken for @@ -176,9 +176,9 @@ channel_permit_all_opens(); if (compat20) - - do_authenticated2(authctxt); + do_authenticated2(authctxt, realname); else - - do_authenticated1(authctxt); + do_authenticated1(authctxt, realname); /* remove agent socket */ if (auth_get_...
2001 Oct 24
2
disable features
...g revision 1.108 diff -u -r1.108 session.c --- session.c 11 Oct 2001 13:45:21 -0000 1.108 +++ session.c 22 Oct 2001 18:37:43 -0000 @@ -148,18 +148,22 @@ } #endif #endif +#ifdef WITH_TCPFWD /* setup the channel layer */ if (!no_port_forwarding_flag && options.allow_tcp_forwarding) channel_permit_all_opens(); +#endif if (compat20) do_authenticated2(authctxt); else do_authenticated1(authctxt); +#ifdef WITH_AGENTFWD /* remove agent socket */ if (auth_get_socket_name()) auth_sock_cleanup_proc(authctxt->pw); +#endif #ifdef KRB4 if (options.kerberos_ticket_cleanup) krb4_clean...