Displaying 11 results from an estimated 11 matches for "compat13".
2000 Jan 07
2
possible clue on tcp forwarding problems
When I encounter the problem with TCP port forwarding locking up, I'll
see this on the client window (if I haven't invoked ssh with -q):
chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected
chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected
This is with Blowfish encryption. I have to kill and restart the client
when this happens.
Phil
2003 Jan 29
0
[PATCH] features for restricted shell environments
...el layer */
- if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
+ if (!auth_restricted(RESTRICT_TCP, authctxt->pw))
channel_permit_all_opens();
if (compat20)
@@ -312,7 +314,7 @@
break;
case SSH_CMSG_AGENT_REQUEST_FORWARDING:
- if (no_agent_forwarding_flag || compat13) {
+ if (auth_restricted(RESTRICT_AGENT, s->pw) || compat13) {
debug("Authentication agent forwarding not permitted for this authentication.");
break;
}
@@ -321,11 +323,7 @@
break;
case SSH_CMSG_PORT_FORWARD_REQUEST:
- if (no_port_forwarding_flag) {
- debu...
2000 Jan 20
0
OpenSSH problem report on Linux 2.2.14.
...HAN_OUTPUT_WAIT_DRAIN) {
channels.c: debug("X11 rejected %d i%d/o%d",
ch->self, ch->istate, ch->ostate);
channels.c: debug("X11 rejected %d i%d/o%d",
ch->self, ch->istate, ch->ostate);
channels.c: if (!compat13 && ch->ostate != CHAN_OUTPUT_OPEN)
channels.c: c->ostate, buffer_len(&c->output));
nchan.c:/* events concerning the OUTPUT from channel for socket (ostate)
*/
nchan.c: switch (c->ostate) {
nchan.c: c->ostate = CHAN_OUTPUT_WAIT...
2014 Apr 20
2
bad bignum encoding for curve25519-sha256@libssh.org
...-r1.42 -r1.43
--- compat.h 31 Dec 2013 01:25:41 -0000 1.42
+++ compat.h 20 Apr 2014 03:25:31 -0000 1.43
@@ -59,6 +59,7 @@
#define SSH_BUG_RFWD_ADDR 0x02000000
#define SSH_NEW_OPENSSH 0x04000000
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
+#define SSH_BUG_CURVE25519PAD 0x10000000
void enable_compat13(void);
void enable_compat20(void);
@@ -66,6 +67,7 @@ void compat_datafellows(const char *
int proto_spec(const char *);
char *compat_cipher_proposal(char *);
char *compat_pkalg_proposal(char *);
+char *compat_kex_proposal(char *);
extern int compat13;
extern int compat20;
Index: ss...
2001 Oct 24
2
disable features
...+#endif
+#ifdef WITH_AGENTFWD
+ channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener;
+#endif
+ channel_post[SSH_CHANNEL_OPEN] = &channel_post_open_1;
}
static void
@@ -1510,8 +1587,10 @@
}
if (compat20)
channel_handler_init_20();
+#ifdef WITH_PROTO13
else if (compat13)
channel_handler_init_13();
+#endif
else
channel_handler_init_15();
}
@@ -1806,6 +1885,7 @@
}
+#ifdef WITH_PROTO13
void
channel_input_close(int type, int plen, void *ctxt)
{
@@ -1843,6 +1923,7 @@
c->type = SSH_CHANNEL_OUTPUT_DRAINING;
}
}
+#endif
/* proto version 1.5 ov...
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi,
sorry if it is the wrong approuch to suggest improvments to OpenSSH,
but here comes my suggestion:
I recently stumbled upon the scponly shell which in it's chroot:ed form is
an ideal solution when you want to share some files with people you trust
more or less.
The problem is, if you use the scponlyc as shell, port forwarding is still
allowed. This can of course be dissallowed in
2012 Oct 22
1
[PATCH] Implement remote dynamic TCP forwarding
...nel_post_open;
channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting;
channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open;
+ channel_post[SSH_CHANNEL_RDYNAMIC] = &channel_post_rdynamic;
}
static void
@@ -2190,10 +2306,12 @@ channel_output_poll(void)
*/
if (compat13) {
if (c->type != SSH_CHANNEL_OPEN &&
- c->type != SSH_CHANNEL_INPUT_DRAINING)
+ c->type != SSH_CHANNEL_INPUT_DRAINING &&
+ c->type != SSH_CHANNEL_RDYNAMIC)
continue;
} else {
- if (c->type != SSH_CHANNEL_OPEN)
+ if (c->type != SSH...
2001 Nov 09
4
keystroke timing attack
I'm reading this fine article on O'Reilly:
http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html
<quote>
The paper concludes that the keystroke timing data observable from
today's SSH implementations reveals a dangerously significant amount of
information about user terminal sessions--enough to locate typed
passwords in the session data stream and reduce the
2001 Oct 16
1
Defeating Timing Attacks Patch for OpenSSH 2.9.9p2 and 2.9p2
...+ }
+ else
+ debug("max number of timeouts exceeded: stop
sending garbage packets");
+ }
+ /* End SD Mod */
+ else if (c->istate == CHAN_INPUT_WAIT_DRAIN) {
if (compat13)
fatal("cannot happen: istate ==
INPUT_WAIT_DRAIN for proto 1.3");
/*
--- channels.h Mon Sep 17 22:51:14 2001
+++ channels.new.h Mon Oct 15 14:28:43 2001
@@ -21,6 +21,33 @@
* notice, this list of conditions and the followi...
2001 May 04
19
SSH connection hanging on logout
I am running OpenSSH 2.9p1 on SunOS 5.7 w/4-24-2001 patch cluster.
Like many other users I am seeing the hanging session on logout
with background processes. This is a huge problem for me as
I centrally manage 50+ machines with rdist across ssh.
Instead of just complaining about the problem I thought I would
put my CS degree to use and try to track down the problem myself.
For starters,
2001 Oct 06
1
Defeating Timing Attacks
Hello,
In response to the timing analysis attacks presented by Dawn Song et.
al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html
we
at Silicon Defense developed a patch for openssh to avoid such
measures.
Timing Analysis Evasion changes were developed by C. Jason Coit and Roel
Jonkman of Silicon Defense.
These changes cause SSH to send packets unless request not to,