search for: config_file_name

...options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility, ! !silent && !inetd_flag); /* Read server configuration options from the configuration file. */ read_server_config(&options, config_file_name); --- 552,558 ---- log_init(av0, options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility, ! !silent && !inetd_flag && getppid() != 1); /* Read server configuration options f...

...t;stdarg.h> @@ -44,6 +43,7 @@ #include "sftp.h" #include "sftp-common.h" +#include "pathnames.h" /* helper */ #define get_int64() buffer_get_int64(&iqueue); @@ -74,6 +74,141 @@ Attrib attrib; }; +/* Name of the server configuration file. */ +char *config_file_name = _PATH_SFTP_CONFIG_FILE; + +/* If not NULL restrict the user to under this directory */ +char* RestrictDirectory; + +/* **** Start parsing config file code **** */ + +/* Read the optional config file. If mandatory the file must exist. + * Exit on error. + */ +static void +load_sftp_config(char* fi...

Hi All. For various reasons, we're currently looking at extending (or even overhauling) the config parser used for sshd_config. Right now the syntax I'm looking at is a cumulative "Match" keyword that matches when all of the specified criteria are met. This would be similar the the Host directive used in ssh_config, although it's still limiting (eg you can't easily

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

Hi, SSH brute force attacks seem to enjoy increasing popularity. Call me an optimist or a misrouted kind of contributer to the community, but on our company server I actually go through the logs and report extreme cases to the providers of the originating IP's. With the increasing number of these attacks, however, I have now decided that it's better to move the SSHd to a different

...ssphrase, 0, strlen(passphrase)); + xfree(passphrase); + debug2("bad passphrase given, try again..."); + } + } + return key; +} /* * Main program for the daemon. @@ -1550,6 +1627,15 @@ main(int ac, char **av) parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, &cfg, NULL, NULL, NULL); + /* + * parse_server_config() changes options.num_host_key_files, + * but we need to change it back to what we received via + * recv_rexec_state to accurately reflect the number of keys + * in sensitive_data.host_keys. This is a bit ugly. + */ + if (rexe...