search for: client_alive_interv

...not be sent, ever! Problem seems to be: serverloop.c: wait_until_can_do_something(...) max_time_milliseconds is set to the remaining time to a rekey. client_alive_scheduled never gets set, as max_time_milliseconds!=0: if (compat20 && max_time_milliseconds == 0 && options.client_alive_interval) { client_alive_scheduled = 1; max_time_milliseconds = (u_int64_t)options.client_alive_interval * 1000; } The if clause might need changed to something like this: if (compat20 && max_time_milliseconds > ((u_int64_t)options.client_alive_interval * 1000) &&...

...Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: loganaden at gmail.com Created attachment 2373 --> https://bugzilla.mindrot.org/attachment.cgi?id=2373&action=edit potential_overflow_fix in serverloop.c: max_time_milliseconds = options.client_alive_interval * 1000; client_alive_interval is declare as int. int client_alive_interval; /* * poke the client this often to * see if it's still there max_time_milliseconds is declared as u_int64_t. Can this...

...tions->max_authtries = DEFAULT_AUTH_FAIL_MAX; if (options->max_sessions == -1) options->max_sessions = DEFAULT_SESSIONS_MAX; + if (options->max_displays == -1) + options->max_displays = MAX_DISPLAYS; if (options->use_dns == -1) options->use_dns = 0; if (options->client_alive_interval == -1) @@ -429,7 +432,7 @@ sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, - sAllowStreamLocalForwarding, sFingerprintHash, + sAllowStreamLocalForwarding, sFingerprintHash, sMaxDisplays,...

Hi openssh-unix-dev subscribers :) I have found that ServerAliveInterval & ServerAliveCountMax have some bug. Basically the ssh-alive check function (that verify the peer is alive) is called only if no data at all gets into ssh (when it should work only for server channel).I am pretty sure developers know about this ..anyway I have tried to fix this issue. Here is the patch: diff -rNu

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

...=============================================== RCS file: /cvs/openssh/servconf.c,v retrieving revision 1.74 diff -u -r1.74 servconf.c --- servconf.c 22 Jan 2002 12:35:12 -0000 1.74 +++ servconf.c 23 Jan 2002 11:11:29 -0000 @@ -107,8 +107,7 @@ options->reverse_mapping_check = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; - options->authorized_keys_file = NULL; - options->authorized_keys_file2 = NULL; + options->num_authorized_keys_files = 0; } void @@ -223,15 +222,11 @@ options->client_alive_interval = 0; if (options->client_alive_count_max...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

...iginal author of PAM support of SSH Juergen Keil <jk at tools.de> - scp bugfixing diff -ru openssh-2.9p2.orig/servconf.c openssh-2.9p2/servconf.c --- openssh-2.9p2.orig/servconf.c Wed Apr 25 15:44:15 2001 +++ openssh-2.9p2/servconf.c Wed Aug 15 22:10:23 2001 @@ -102,6 +102,7 @@ options->client_alive_interval = -1; options->client_alive_count_max = -1; options->pam_authentication_via_kbd_int = -1; + options->idletimeout = -1; } void @@ -210,6 +211,8 @@ options->client_alive_count_max = 3; if (options->pam_authentication_via_kbd_int == -1) options->pam_authentication_v...

When I SSH using protocol 1 from a Debian box running OpenSSH 2.9p2-4 to a sparc.sunos5 box running vanilla OpenSSH 2.9.1, after a little while (of inactivity?) I get the following message on the client terminal: Disconnecting: protocol error: rcvd type 98 Looking further, this message is actually caused by the SSH daemon. However, I'm at a loss to determine why sshd is doing this. I attach

...t, fd_set *exceptset, + int max_time_milliseconds); + + #endif /* PACKET_H */ diff -ru openssh-2.9p2.orig/servconf.c openssh-2.9p2/servconf.c --- openssh-2.9p2.orig/servconf.c Wed Apr 25 15:44:15 2001 +++ openssh-2.9p2/servconf.c Wed Aug 15 22:10:23 2001 @@ -102,6 +102,7 @@ options->client_alive_interval = -1; options->client_alive_count_max = -1; options->pam_authentication_via_kbd_int = -1; + options->idletimeout = -1; } void @@ -210,6 +211,8 @@ options->client_alive_count_max = 3; if (options->pam_authentication_via_kbd_int == -1) options->pam_authentication_v...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...by setting the client_alive_scheduled flag. @@ -183,11 +217,11 @@ * this could be randomized somewhat to make traffic * analysis more difficult, but we're not doing it yet. */ - if (compat20 && - max_time_milliseconds == 0 && options.client_alive_interval) { - client_alive_scheduled = 1; + if (max_time_milliseconds == 0 && options.client_alive_interval) { + client_alive_scheduled = 1; max_time_milliseconds = options.client_alive_interval * 1000; - } + } else + cli...

...cceptable"); packet_done(); diff -u5 openssh-3.0.2p1.orig/servconf.c openssh-3.0.2p1/servconf.c --- openssh-3.0.2p1.orig/servconf.c Tue Nov 13 14:03:15 2001 +++ openssh-3.0.2p1/servconf.c Tue Jan 29 14:23:41 2002 @@ -107,10 +107,11 @@ options->reverse_mapping_check = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; + options->log_key_fingerprint = -1; } void fill_default_server_options(ServerOptions *options) { @@ -227,10 +228,12 @@ else options->authoriz...

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,

Dear OpenSSH Portable sshd developers, I'm having a problem where sshd login sessions are occasionally (as often as once a day) getting stuck indefinitely. I enabled debug messages and got a backtrace of a stuck sshd, and I think I've found the bug. I wanted to run it by the list once before filing. sshd version: OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the

..._via_sctp; + goto parse_flag; +#endif + case sAddressFamily: intptr = &options->address_family; multistate_ptr = multistate_addressfamily; @@ -1974,6 +2003,9 @@ dump_config(ServerOptions *o) dump_cfg_int(sMaxSessions, o->max_sessions); dump_cfg_int(sClientAliveInterval, o->client_alive_interval); dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); +#ifdef USE_SCTP + dump_cfg_int(sListenViaSCTP, o->listen_via_sctp); +#endif /* formatted integer arguments */ dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); diff --git a/servconf.h b/servconf.h index 752d...

...ot;, + options.fwd_opts.streamlocal_bind_root_directory); + if (st.st_uid != authctxt->pw->pw_uid || (st.st_mode & 077) != 0) + fatal("Bad ownership or modes for directory %s", + options.fwd_opts.streamlocal_bind_root_directory); + } + packet_set_timeout(options.client_alive_interval, options.client_alive_count_max); diff --git a/sshd_config.5 b/sshd_config.5 index 7b4cb1d..0f1cf3f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -1368,6 +1368,11 @@ or .Cm no . The default is .Cm no . +.It Cm StreamLocalBindRootDirectory +Specifies the root directory where a Unix-...

Hi OpenSSH developers, I am using openSSH (now 2.9.9p2, but prob occurs in 2.9p2 also) to execute commands on a remote machine which outputs data to stdout then pipes it to another invocation of ssh which connects back to the first machine in the same way, where it starts a program to read and store the output from the command on the second machine. I am using the "command" option in