search for: fill_default_server_opt

...ERVICE= "ssh_remote" but I would have to have two sets of binaries : One sshd and another sshd_remote. Not really easy. :-( Attached is a patch that allows me to do this in the config file by appending a string to SSHD_PAM_SERVICE at runtime (yes, I'd have liked to do it at fill_default_server_options time). It just adds another option : PamServiceNameAppend. This is my first attempt at patching ssh (hacked it this afternoon, only basic and very primitive testing), so it sure needs hints from "the guys who know it better". :o) Feedback welcome ! Flavien. -------------- next...

...dress !::1 > AuthenticationMethods publickey,password but it doesn't work, as stated in bz2397. Also it can get quite messy if you have more blocks like that. To have this feature working, we need to choose value for ANY (proposed "any"), use this value as default (enforced by fill_default_server_options) and make sure that it is handled everywhere in the code consistently. There are few design consideration, before posting a patch: * We can't use just num_auth_methods == 0, because this is considered as not-defined and it can't override previously definde authentication methods * We...

...sables DSA support by default since OpenSSH 7.0, the server still includes it in the implicit list of host keys used if you don't specify any HostKey options at all (which is the default behaviour in the stock sshd_config). This seems a bit odd. Would you consider removing it from the list in fill_default_server_options, thereby requiring people who really need it to specify it manually? That would seem to be useful in further discouraging the use of DSA. Background for why I'm asking: https://bugs.debian.org/823827 requested something similar, which at the time I handled only in the Debian packaging scr...

...r xmalloc before initiliase serveroptions in initilise sever options after initiliase serveroptions before ssleay add algorithms after ssleay add algorithms in channel set before log init after log init before seed_rng after seed_rng before read_server_config after read_server_config ?before fill_default_server_options after fill_default_server_options sshd version OpenSSH_3.7.1p2 before lodaing private keys ?after lodaing private keys ?after lodaing private keys options.host_key_files[i]=/etc/ssh/ssh_host_rsa_key ?in key_load_private ?before key_load_public_rsa1 in buffer_init in buffer_append_space in buffe...

...r xmalloc before initiliase serveroptions in initilise sever options after initiliase serveroptions before ssleay add algorithms after ssleay add algorithms in channel set before log init after log init before seed_rng after seed_rng before read_server_config after read_server_config before fill_default_server_options after fill_default_server_options sshd version OpenSSH_3.7.1p2 before lodaing private keys after lodaing private keys after lodaing private keys options.host_key_files[i]=/etc/ssh/ssh_host_rsa_key in key_load_private before key_load_public_rsa1 in buffer_init in buffer_append_space in buffe...

...:23:41 2002 @@ -107,10 +107,11 @@ options->reverse_mapping_check = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; + options->log_key_fingerprint = -1; } void fill_default_server_options(ServerOptions *options) { @@ -227,10 +228,12 @@ else options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2; } if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; + if (options->log_key_fingerprint == -1)...

...uot;%s line %d: too many keys (max %d).", > filename, linenum, MAX_HOSTKEYS); > charptr = &options->host_key_files[*intptr]; > goto parse_filename; > > case sEngineConfigFile: > /* default set in fill_default_server_options */ > charptr = &options->engconffile; > goto parse_filename; > > case sEngineConfigStanza: > /* default set in fill_default_server_options */ > charptr = &options->engconfstanza; > a...

...01-07 18:13:42.000000000 +0000 @@ -102,8 +102,10 @@ initialize_server_options(ServerOptions options->authorized_keys_file2 = NULL; options->num_accept_env = 0; +#ifdef USE_PRIVSEP /* Needs to be accessable in many places */ use_privsep = -1; +#endif } void @@ -230,10 +232,10 @@ fill_default_server_options(ServerOption if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; +#ifdef USE_PRIVSEP /* Turn privilege separation on by default */ if (use_privsep == -1) use_privsep = 1; - #ifndef HAVE_MMAP if (use_privsep &&...

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

Can anyone with Heimdal KrbV verify this? -------------- next part -------------- An embedded message was scrubbed... From: Dag-Erling Smorgrav <des at ofug.org> Subject: Kerberos buglet in OpenSSH-3.3p1 Date: 25 Jun 2002 14:52:10 +0200 Size: 1291 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020626/347e123e/attachment.mht

Hello, I have just installed OpenSSH 4.6p1 and it appears that ChallengeResponseAuthentication is not allowed unless I explicitly set it to "yes" in the sshd_config file. I am using the same config file as I did with 4.5p1 where it was allowed by default. Also, this is OpenSSH package from sunfreeware, but I believe that both versions were compiled with the same options. Is this the

....prev +++ servconf.c Thu Feb 22 20:59:45 2001 @@ -56,4 +56,5 @@ initialize_server_options(ServerOptions options->ignore_user_known_hosts = -1; options->print_motd = -1; + options->print_lastlog = -1; options->check_mail = -1; options->x11_forwarding = -1; @@ -133,4 +134,6 @@ fill_default_server_options(ServerOption if (options->print_motd == -1) options->print_motd = 1; + if (options->print_lastlog == -1) + options->print_lastlog = 1; if (options->x11_forwarding == -1) options->x11_forwarding = 0; @@ -209,5 +212,6 @@ typedef enum { sChallengeResponseAuthenticati...

...----- --- openssh-1.2pre13/servconf.c.orig Fri Nov 19 23:30:33 1999 +++ openssh-1.2pre13/servconf.c Fri Nov 19 23:36:56 1999 @@ -62,6 +62,7 @@ options->num_deny_users = 0; options->num_allow_groups = 0; options->num_deny_groups = 0; + options->max_connections = -1; } void fill_default_server_options(ServerOptions *options) @@ -161,7 +162,7 @@ sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, - sIgnoreUserKnownHosts + sIgnoreUserKnownHos...

...10:55 2002 @@ -132,6 +132,7 @@ char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; int pam_authentication_via_kbd_int; + char *pam_service_name; } ServerOptions; void initialize_server_options(ServerOptions *); @@ -139,5 +140,8 @@ void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int); +#if !defined(SSHD_PAM_SERVICE) +# define SSHD_PAM_SERVICE __progname +#endif #endif /* SERVCONF_H */ diff -ru openssh-3.5p1.orig/sshd_config.5 openssh-3.5p1/sshd_config.5 --- openssh-3.5p1....

...n = -1; options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; + options->challenge_response_authentication_first = -1; options->permit_empty_passwd = -1; options->permit_user_env = -1; options->use_login = -1; @@ -222,6 +223,13 @@ fill_default_server_options(ServerOption options->kbd_interactive_authentication = 0; if (options->challenge_response_authentication == -1) options->challenge_response_authentication = 1; + if (options->challenge_response_authentication_first == -1) + options->challenge_response_authentication_firs...

...tion about the configuration behaviour of openssh.. sshd.8 -f configuration_file Specifies the name of the configuration file. The default is /etc/sshd_config. sshd refuses to start if there is no configura- tion file. While servconf.c has the routine fill_default_server_options(ServerOptions *options) which sets valid/common options by "itself" - thus I *can* run sshd w/ an empty configuration file anyway .. hello? servconf.c also kills the startup if it cant recognize an option - thus if I make a typo (or in this case use an option from a newer sshd on an...

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

...ialize_server_options(ServerOptions options->x11_forwarding = -1; options->x11_display_offset = -1; options->x11_use_localhost = -1; + options->no_pty = -1; options->xauth_location = NULL; options->strict_modes = -1; options->tcp_keep_alive = -1; @@ -201,6 +202,8 @@ fill_default_server_options(ServerOption options->x11_use_localhost = 1; if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; + if (options->no_pty == -1) + options->no_pty = 0; if (options->strict_modes == -1) options->strict_modes = 1; if (options->tcp_keep_...

I hacked zstd support into OpenSSH a while ago and just started to clean it up in the recent days. The cleanup includes configuration support among other things that I did not have. During testing I noticed the following differences compared to zlib: - highly interactive shell output (as in refreshed at a _very_ high rate) may result in higher bandwidth compared to zlib. Since zstd is quicker

We've run into an interesting dilemma regarding last log information and ssh 4.2p1. In 3.8, we didn't see this problem, but now has cropped up in 4.2. When a user logs in, sshd seems to call 'last' to get the last log information. 'last' then opens the /var/log/wtmp file and processes the information. On some systems, this file can be quite large, and we're seeing