search for: dugsong

...tsockname() requires initialized tolen; andy at guildsoftware.com - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; from Holger.Trapp at Informatik.TU-Chemnitz.DE [pty.c pty.h] - register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@ [readconf.c] - turn off x11-fwd for the client, too. [rsa.c] - PKCS#1 padding [scp.c] - allow '.' in usernames; from jedgar at fxp.org [servconf.c] - typo: ignore_user_known_hosts int->flag; naddy at mips.rhein-neckar.de - sync with sshd_config [ssh-keygen.c] - enable s...

...tsockname() requires initialized tolen; andy at guildsoftware.com - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; from Holger.Trapp at Informatik.TU-Chemnitz.DE [pty.c pty.h] - register cleanup for pty earlier. move code for pty-owner handling to pty.c ok provos@, dugsong@ [readconf.c] - turn off x11-fwd for the client, too. [rsa.c] - PKCS#1 padding [scp.c] - allow '.' in usernames; from jedgar at fxp.org [servconf.c] - typo: ignore_user_known_hosts int->flag; naddy at mips.rhein-neckar.de - sync with sshd_config [ssh-keygen.c] - enable s...

...so far, the OpenBSD OpenSSH developers and the Linux/Solaris/etc. OpenSSH developers led by Damien Miller have been getting along just fine. we hereby cordially invite you to join the party! http://violet.ibs.com.au/openssh/list.html best wishes for the new year. -d. --- http://www.monkey.org/~dugsong/

...the fork. ive been running it for a couple of weeks and everything seems good. i used to have to use uselogin yes and set the limits with login because openssh was broken, but this takes care of it. ---------- Forwarded message ---------- Date: Mon, 11 Feb 2002 23:05:54 -0500 From: Dug Song <dugsong at monkey.org> To: Rob Mosher <nyt at countercultured.net> Subject: Re: openssh + pam errors send this patch to openssh-unix-dev at mindrot.org Damien Miller maintains the OpenSSH-portable tree, he'll know what to do with it... -d. --- http://www.monkey.org/~dugsong/ --- old/se...

Hi, The attached patch extends the mux listener to accept SOCKS requests in addition to the native mux commands. The rationale behind is that creating tunnels attached to TCP ports is a security hazard in multi-user machines where there is no way to control who connects through the tunnels. On the other hand, The mux UNIX domain socket binds to the file system and regular permissions can be

...network when the old (SSH1) server (which works) runs reveals *no connection* to 'kerberos' over port 750 during successful login... only some stuff on 7004. So I looked at the code, wondering how the ssh1.2.21 could work where this didn't... and found that 1.2.21 used a patch from dugsong that called ka_UserAuthenticateGeneral at this point... but 3.0.2 does not call any ka_ routines. I am suspecting that ka_UserAuthenticateGeneral is what talks over 7004 and that if I could make an equivalent patch to 3.0.2 that would use it, I'd be able to talk to our kaserver. It's...

...[servconf.h serverloop.h session.h sftp-client.h sftp-common.h sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h tildexpand.h uidswap.h uuencode.h xmalloc.h] prototype pedant. not very creative... - () -> (void) - no variable names - dugsong at cvs.openbsd.org 2001/06/26 16:15:25 [auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h servconf.c servconf.h session.c sshconnect1.c sshd.c] Kerberos v5 support for SSH1, mostly from Assar Westerlund <assar at freebsd.org> and Bjorn Gronvall <bg at sics...

...nSSH mailing list that this would be better > served in, let me know (I couldn't find one on the OpenSSH web site). Damien Miller is hosting one, at least until openssh.org is transferred to the OpenSSH project. see http://violet.ibs.com.au/openssh/list.html -d. --- http://www.monkey.org/~dugsong/

In switching to openssh from ssh-1.2.27, I have encountered the following problem with the way openssh handles its XAUTHORITY files separately from ~/.Xauthority. XEmacs has a gnuserv process that runs and allows commands to be issued to a remote XEmacs process. The trouble is when the command is to make a new frame ( window ) on a different X display, it fails because the Xauth cookie is not in

This is a resend, the first try got bounced because of the message size limit on the list. -------------- next part -------------- An embedded message was scrubbed... From: Damien Miller <damien at ibs.com.au> Subject: [Fwd: OpenSSH for UNIX] Date: Thu, 02 Dec 1999 10:52:38 +1100 Size: 73561 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/19991202/e81e7166/attachment.mht

new OpenSSH t-shirts for sale: http://www.monkey.org/openssh/ 3-D rendered blowfish design, $15 USD ppd. limited time only. slices and dices. etc. -d. --- http://www.monkey.org/~dugsong/

Hi, What is the status on sftp ? People here who are not familiar with "command line ftp" would like to use the new spiffy graphical sftp provided with ssh.com new NT client. As we are planning on replacing all our sshd with openssh, we need sftpd as well. Thanks, Emmanuel -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi, #tcsh#machine# gpg --verify openssh-4.1p1.tar.gz.asc openssh-4.1p1.tar.gz gpg: Signature made Wed May 25 08:26:24 2005 EDT using DSA key ID 86FF9C48 gpg: BAD signature from "Damien Miller (Personal Key) <djm at mindrot.org>" I made sure that I had the same key loaded that the signature was made with, but that didn't change the error. Thanks, Matt -- Matthew Goebel :

Hi! I've noticed that openssh always does a do_setpag() if compiled with AFS-support no matter which authentication method is used. Maybe I'm missing something but shouldn't it only get a pag, if AFS-token-passing is used? If password authentication is used, an AFS-pam-module (or the authenticate function on AIX) will do the job, otherwise, no token can be obtained and therefore no

There's one vulnerability that's bugged me for some time. It applies to nearly all crypto software, including ssh. That's the swapping of sensitive info (such as keys and key equivalents) onto hard drives where they could possibly be recovered later. The Linux kernel provides a system call, mlock(), that inhibits swapping of a specified region of virtual memory. It locks it into real

hi, anyone to know a tool that will display more friendly output ... probably a tree like structure (if no cross sections occur)... OR a top like output... thanx raptor _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi all, As long as I can remember reading various articles/docs, they all say that telnet is not secure because all traffic is in clear text. Well, out of boredom, I try to sniff username and password from a telnet session. The command I use: tcpdump tcp port 23 -vvv -w test.txt Then I read the result: strings test.txt |`D |fD |fD 38400,38400 Red Hat Enterprise Linux ESD Ologin: D 5eE

...ing intrusion detection systems and packet filters provided by Anzen Computing. The version of fragrouter that performs this attack should be available shortly, at http://www.anzen.com/research/nidsbench/. Additional Information ---------------------- data protect would like to thank Dug Song <dugsong@anzen.com> for his help in implementing this attack. For information regarding this advisory, please contact Thomas Lopatic <tl@dataprotect.com> or John McDonald <jm@dataprotect.com>. The contents of this advisory are Copyright (C) 1999 data protect GmbH, and may be distributed fre...

Hi, This is just a quick note to let people know that I've _almost_ got Kerberos V5 working based on the patches posted to this list. I'm currently at the stage where Kerberos principals can be used to verify logins (ie Kerberos credentials are correctly passed), but I haven't (yet) got ticket forwarding to work - this is the next step! I've taken the original patches and updated

...r.net - provos at cvs.openbsd.org 2000/08/02 10:27:17 [readconf.c sshd.8] disable kerberos authentication by default - provos at cvs.openbsd.org 2000/08/02 11:27:05 [sshd.8 readconf.c auth-krb4.c] disallow kerberos authentication if we can't verify the TGT; from dugsong@ kerberos authentication is on by default only if you have a srvtab. - markus at cvs.openbsd.org 2000/08/04 14:30:07 [auth.c] unused - markus at cvs.openbsd.org 2000/08/04 14:30:35 [sshd_config] MaxStartups - markus at cvs.openbsd.org 2000/08/15 13:20:46 [a...