search for: checkmail

>Personally, (Just my IMHO) CheckMail should go away. There are too >many different formats and it should not be SSHD's job to understand >them. It's biff and other evil program's responsiblity to do such >things. And IMHO PrintMOTD as well, since both CheckMail and PrintMOTD are often implemented either in a PA...

Hello, I am using dovecot as an IMAP server to which Mail.app (Apple Mail) connects. However I do not get any notification of new mails in folders other than the inbox, unless I disconnect and reconnect Mail.app or click on the folder with new mail. I'm pretty sure the problem comes from Mail.app. I have searched on Google for how to go around this issue, and have not yet found a

...ptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes CheckMail no UseLogin no

...ds no # Uncomment to disable s/key passwords #ChallengeResponseAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes #CheckMail yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes Subsystem sftp /usr/libexec/openssh/sftp-server Carl

...sh would work with the following sshd_config file: --- BEGIN FILE --- Port 22 ListenAddress 0.0.0.0 HostKey /etc/ssh/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd yes KeepAlive yes CheckMail no UseLogin no SyslogFacility AUTH LogLevel INFO RhostsRSAAuthentication yes IgnoreRhosts yes RhostsAuthentication no IgnoreUserKnownHosts yes RSAAuthentication yes PasswordAuthentication no PermitEmptyPasswords no ---- END FILE --- But, it turns out, that as long as authorized_keys on my server h...

...ptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes CheckMail no UseLogin no

...generationInterval 3600 LoginGraceTime 600 ServerKeyBits 768 IgnoreRhosts yes PasswordAuthentication no PermitEmptyPasswords no PermitRootLogin yes RSAAuthentication yes RhostsAuthentication no RhostsRSAAuthentication no StrictModes yes X11DisplayOffset 10 X11Forwarding no CheckMail no KeepAlive yes PrintMotd yes SyslogFacility AUTH LogLevel INFO User has an RSA key, but no DSA key. [gordonr at icedvovo]$ ssh timtam Enter passphrase for RSA key 'gordonr at xxxxx': That's fine - RSA key accepted. [gordonr at icedvovo]$ ssh -2 timtam Password: S...

...Martin Johansson wrote: > On Mon, Aug 13, 2001 at 05:00:22PM +0200, Jakob Schlyter wrote: > > > why should OpenSSH even bother checking mail? isn't that what your > > mailreader is for? I think this is featurism. > > Well, it already does (see the configuration keyword CheckMail in > sshd's man page), but only for mbox style mailboxes. The patch does > not add a feature but tweaks an already existing feature to work > with Maildir style mailboxes. should we also add support for MH, MBX and - why not - imap or pop? jakob ----- End forwarded message ----- -...

...h/known_hosts ~/.ssh/authorized_keys For backward compatibility ~/.ssh/authorized_keys2 is still used for authentication and hostkeys are still read from the known_hosts2. However, old files are considered 'readonly'. Future releases are likely to not read these files. 2) The CheckMail option in sshd_config is deprecated, sshd no longer checks for new mail. 3) X11 cookies are stored in $HOME OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom.

...n yes +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes +# To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no -CheckMail no -UseLogin no +X11Forwarding no +X11DisplayOffset 10 +PrintMotd yes +#PrintLastLog no +KeepAlive yes +#UseLogin no -#Uncomment if you want to enable sftp -#Subsystem sftp /usr/sbin/sftp-server #MaxStartups 10:30:60 +#Banner /etc/issue.net +#ReverseMappingCheck yes + +Subsystem sft...

...itEmptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes #CheckMail yes #UseLogin no Anything I'm missing? Thank you! -jeremy === not on the list, please cc === -- --------------------------------------------------------------------------- Jeremy Heffner -- heffner at darkness.net Darkness Network Engineering...

...t;, sKbdInteractiveAuthentication }, { "challengeresponseauthentication", sChallengeResponseAuthentication }, { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ + { "opieauthentication", sChallengeResponseAuthentication }, /* alias */ { "checkmail", sDeprecated }, { "listenaddress", sListenAddress }, { "printmotd", sPrintMotd }, -- _________________________________________________________________ / Nothing is fool-proof to a sufficiently talented fool \ | wichert at wiggy.net http...

...ime 600 KeyRegenerationInterval 3600 PermitRootLogin yes IgnoreRhosts no StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no KeepAlive no SyslogFacility DAEMON RhostsAuthentication no RhostsRSAAuthentication yes RSAAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no CheckMail no UseLogin no Subsystem sftp /usr/bin/sftp-server

...eractiveAuthentication }, { "challengeresponseauthentication", sChallengeResponseAuthentication }, { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */ + { "challengeresponseauthenticationfirst", sChallengeResponseAuthenticationFirst }, { "checkmail", sDeprecated }, { "listenaddress", sListenAddress }, { "printmotd", sPrintMotd }, @@ -679,6 +688,10 @@ parse_flag: case sChallengeResponseAuthentication: intptr = &options->challenge_response_authentication; + goto parse_flag; + + case sChallengeResponse...

...s (I haven''t actually tested this but it looks quite obvious, you''ll have to test it yourself). The only one I''m going to describe is the program''msgchk'', which is suid (on my server it''s installed by default in /usr/bin/mh/msgchk (in function checkmail), you would also want to check /usr/lib/mh/msgchk. (You ought to look through the code yourself..I notice quite a few bugs..this program relies heavily on buffers and enviromental variables) This is pretty straight forward. char *hdir, buf[BUFSIZ], *tmp; ^^^^^^^^ not s...

...~/.ssh/authorized_keys For backward compatibility ~/.ssh/authorized_keys2 will still used for authentication and hostkeys are still read from the known_hosts2. However, those deprecated files are considered 'readonly'. Future releases are likely not to read these files. 3) The CheckMail option in sshd_config is deprecated, as sshd(8) no longer checks for new mail. 4) X11 cookies are now stored in $HOME. New Features: ============= 1) Smartcard support in the ssh client and agent based on work by University of Michigan CITI (http://www.citi.umich.edu/projects/smartcard/)....

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of

...ostsRSAAuthentication no -# To install for logon to different user accounts change to "no" here RSAAuthentication yes -# To install for logon to different user accounts change to "yes" here -PasswordAuthentication no - +PasswordAuthentication yes PermitEmptyPasswords no CheckMail no @@ -435,6 +438,48 @@ then echo '# ssh stream tcp nowait root /usr/sbin/sshd -i' >> "${_inetcnf}" fi echo "Added ssh to ${_inetcnf}" + fi +fi + +# Create /var/log and /var/log/lastlog if not already existing + +if [ -f /var/log ] +then...

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...no KeepAlive yes SyslogFacility AUTH LogLevel INFO RhostsAuthentication yes RhostsRSAAuthentication yes RSAAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no CheckMail no UseLogin no Subsystem sftp /opt/openssh/libexec/sftp-server MaxStartups 10:30:60 terl:/[36]# /opt/openssh/sbin/sshd -b 640 -f /var/ssh/sshd_config -h /var/ssh/ssh_host_key -d -d -d debug1: Seeding random...