Displaying 20 results from an estimated 35 matches for "fill_default_server_options".
2002 Nov 24
1
[PATCH] PamServiceNameAppend
...ERVICE=
"ssh_remote" but I would have to have two sets of binaries : One sshd
and another sshd_remote. Not really easy. :-(
Attached is a patch that allows me to do this in the config file by
appending a string to SSHD_PAM_SERVICE at runtime (yes, I'd have liked
to do it at fill_default_server_options time). It just adds another
option : PamServiceNameAppend.
This is my first attempt at patching ssh (hacked it this afternoon, only
basic and very primitive testing), so it sure needs hints from "the guys
who know it better". :o) Feedback welcome !
Flavien.
-------------- next par...
2015 May 13
11
[Bug 2398] New: AuthenticationMethods doesn't have default value (inconsistency) and it accept empty value
...dress !::1
> AuthenticationMethods publickey,password
but it doesn't work, as stated in bz2397. Also it can get quite messy
if you have more blocks like that.
To have this feature working, we need to choose value for ANY (proposed
"any"), use this value as default (enforced by
fill_default_server_options) and make sure that it is handled
everywhere in the code consistently. There are few design
consideration, before posting a patch:
* We can't use just num_auth_methods == 0, because this is considered
as not-defined and it can't override previously definde authentication
methods
* We can...
2017 Jan 08
4
[Bug 2662] New: Does it still make sense to use DSA host keys by default?
...sables DSA support by default since
OpenSSH 7.0, the server still includes it in the implicit list of host
keys used if you don't specify any HostKey options at all (which is the
default behaviour in the stock sshd_config). This seems a bit odd.
Would you consider removing it from the list in
fill_default_server_options, thereby requiring people who really need
it to specify it manually? That would seem to be useful in further
discouraging the use of DSA.
Background for why I'm asking: https://bugs.debian.org/823827 requested
something similar, which at the time I handled only in the Debian
packaging scripts...
2008 Sep 15
0
No subject
...r xmalloc
before initiliase serveroptions
in initilise sever options
after initiliase serveroptions
before ssleay add algorithms
after ssleay add algorithms
in channel set
before log init
after log init
before seed_rng
after seed_rng
before read_server_config
after read_server_config
?before fill_default_server_options
after fill_default_server_options
sshd version OpenSSH_3.7.1p2
before lodaing private keys
?after lodaing private keys
?after lodaing private keys
options.host_key_files[i]=/etc/ssh/ssh_host_rsa_key
?in key_load_private
?before key_load_public_rsa1
in buffer_init
in buffer_append_space
in buffer_ge...
2008 Sep 18
2
SSHD_PROBLEM
...r xmalloc
before initiliase serveroptions
in initilise sever options
after initiliase serveroptions
before ssleay add algorithms
after ssleay add algorithms
in channel set
before log init
after log init
before seed_rng
after seed_rng
before read_server_config
after read_server_config
before fill_default_server_options
after fill_default_server_options
sshd version OpenSSH_3.7.1p2
before lodaing private keys
after lodaing private keys
after lodaing private keys
options.host_key_files[i]=/etc/ssh/ssh_host_rsa_key
in key_load_private
before key_load_public_rsa1
in buffer_init
in buffer_append_space
in buffer_ge...
2002 Jan 29
2
Key fingerprint logging
...:23:41 2002
@@ -107,10 +107,11 @@
options->reverse_mapping_check = -1;
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
+ options->log_key_fingerprint = -1;
}
void
fill_default_server_options(ServerOptions *options)
{
@@ -227,10 +228,12 @@
else
options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
}
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
+ if (options->log_key_fingerprint == -1)
+ o...
2008 May 07
2
Request for generic engine support
...uot;%s line %d: too many keys (max %d).",
> filename, linenum, MAX_HOSTKEYS);
> charptr = &options->host_key_files[*intptr];
> goto parse_filename;
>
> case sEngineConfigFile:
> /* default set in fill_default_server_options */
> charptr = &options->engconffile;
> goto parse_filename;
>
> case sEngineConfigStanza:
> /* default set in fill_default_server_options */
> charptr = &options->engconfstanza;
> arg =...
2006 Jan 08
3
Allow --without-privsep build.
...01-07 18:13:42.000000000 +0000
@@ -102,8 +102,10 @@ initialize_server_options(ServerOptions
options->authorized_keys_file2 = NULL;
options->num_accept_env = 0;
+#ifdef USE_PRIVSEP
/* Needs to be accessable in many places */
use_privsep = -1;
+#endif
}
void
@@ -230,10 +232,10 @@ fill_default_server_options(ServerOption
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
+#ifdef USE_PRIVSEP
/* Turn privilege separation on by default */
if (use_privsep == -1)
use_privsep = 1;
-
#ifndef HAVE_MMAP
if (use_privsep && opti...
2012 Nov 21
1
HostKey in hardware?
Hi,
Is there any way to store HostKey in hardware (and delegate the related
processing)?
I have been using Roumen Petrov's x509 patch for clients, which works via an
OpenSSL engine, but it does not seem to support server HostKey:
http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html
For PKCS#11, I have found an email on this list from a year back suggesting
this
2002 Jun 26
1
[Fwd: Kerberos buglet in OpenSSH-3.3p1]
Can anyone with Heimdal KrbV verify this?
-------------- next part --------------
An embedded message was scrubbed...
From: Dag-Erling Smorgrav <des at ofug.org>
Subject: Kerberos buglet in OpenSSH-3.3p1
Date: 25 Jun 2002 14:52:10 +0200
Size: 1291
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020626/347e123e/attachment.mht
2007 Mar 22
1
ChallengeResponseAuthentication defaults to no?
Hello,
I have just installed OpenSSH 4.6p1 and it appears that ChallengeResponseAuthentication is not allowed unless I explicitly set it to "yes" in the sshd_config file. I am using the same config file as I did with 4.5p1 where it was allowed by default. Also, this is OpenSSH package from sunfreeware, but I believe that both versions were compiled with the same options.
Is this the
2001 Mar 03
0
[PATCH] PrintLastLog option
....prev
+++ servconf.c Thu Feb 22 20:59:45 2001
@@ -56,4 +56,5 @@ initialize_server_options(ServerOptions
options->ignore_user_known_hosts = -1;
options->print_motd = -1;
+ options->print_lastlog = -1;
options->check_mail = -1;
options->x11_forwarding = -1;
@@ -133,4 +134,6 @@ fill_default_server_options(ServerOption
if (options->print_motd == -1)
options->print_motd = 1;
+ if (options->print_lastlog == -1)
+ options->print_lastlog = 1;
if (options->x11_forwarding == -1)
options->x11_forwarding = 0;
@@ -209,5 +212,6 @@ typedef enum {
sChallengeResponseAuthentication,...
1999 Nov 20
1
openssh and DOS
...-----
--- openssh-1.2pre13/servconf.c.orig Fri Nov 19 23:30:33 1999
+++ openssh-1.2pre13/servconf.c Fri Nov 19 23:36:56 1999
@@ -62,6 +62,7 @@
options->num_deny_users = 0;
options->num_allow_groups = 0;
options->num_deny_groups = 0;
+ options->max_connections = -1;
}
void fill_default_server_options(ServerOptions *options)
@@ -161,7 +162,7 @@
sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
- sIgnoreUserKnownHosts
+ sIgnoreUserKnownHosts,...
2002 Dec 05
1
patch to add a PAMServiceName config option
...10:55 2002
@@ -132,6 +132,7 @@
char *authorized_keys_file; /* File containing public keys */
char *authorized_keys_file2;
int pam_authentication_via_kbd_int;
+ char *pam_service_name;
} ServerOptions;
void initialize_server_options(ServerOptions *);
@@ -139,5 +140,8 @@
void fill_default_server_options(ServerOptions *);
int process_server_config_line(ServerOptions *, char *, const char *, int);
+#if !defined(SSHD_PAM_SERVICE)
+# define SSHD_PAM_SERVICE __progname
+#endif
#endif /* SERVCONF_H */
diff -ru openssh-3.5p1.orig/sshd_config.5 openssh-3.5p1/sshd_config.5
--- openssh-3.5p1.orig...
2003 Mar 02
0
[RFC][PATCH] Require S/KEY before other authentication methods.
...n = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
+ options->challenge_response_authentication_first = -1;
options->permit_empty_passwd = -1;
options->permit_user_env = -1;
options->use_login = -1;
@@ -222,6 +223,13 @@ fill_default_server_options(ServerOption
options->kbd_interactive_authentication = 0;
if (options->challenge_response_authentication == -1)
options->challenge_response_authentication = 1;
+ if (options->challenge_response_authentication_first == -1)
+ options->challenge_response_authentication_first =...
2001 Oct 07
3
BadOption failures "annoying"
...tion about the configuration behaviour of openssh..
sshd.8
-f configuration_file
Specifies the name of the configuration file. The default is
/etc/sshd_config. sshd refuses to start if there is no configura-
tion file.
While servconf.c has the routine
fill_default_server_options(ServerOptions *options)
which sets valid/common options by "itself" - thus I *can* run sshd
w/ an empty configuration file anyway .. hello?
servconf.c also kills the startup if it cant recognize an option - thus
if I make a typo (or in this case use an option from a newer sshd on an
olde...
2018 Nov 19
2
[PATCH] openssl-compat: Test for OpenSSL_add_all_algorithms before using.
OpenSSL 1.1.0 has deprecated this function.
---
configure.ac | 1 +
openbsd-compat/openssl-compat.c | 2 ++
openbsd-compat/openssl-compat.h | 4 ++++
3 files changed, 7 insertions(+)
diff --git a/configure.ac b/configure.ac
index 3f7fe2cd..db2aade8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then
])
2013 Jan 31
2
OpenSSH NoPty patch
...ialize_server_options(ServerOptions
options->x11_forwarding = -1;
options->x11_display_offset = -1;
options->x11_use_localhost = -1;
+ options->no_pty = -1;
options->xauth_location = NULL;
options->strict_modes = -1;
options->tcp_keep_alive = -1;
@@ -201,6 +202,8 @@ fill_default_server_options(ServerOption
options->x11_use_localhost = 1;
if (options->xauth_location == NULL)
options->xauth_location = _PATH_XAUTH;
+ if (options->no_pty == -1)
+ options->no_pty = 0;
if (options->strict_modes == -1)
options->strict_modes = 1;
if (options->tcp_keep_aliv...
2020 Mar 24
4
ZSTD compression support for OpenSSH
I hacked zstd support into OpenSSH a while ago and just started to clean
it up in the recent days. The cleanup includes configuration support
among other things that I did not have.
During testing I noticed the following differences compared to zlib:
- highly interactive shell output (as in refreshed at a _very_ high
rate) may result in higher bandwidth compared to zlib. Since zstd is
quicker
2005 Nov 17
3
4.2 and the 'last' command
We've run into an interesting dilemma regarding last log information and
ssh 4.2p1. In 3.8, we didn't see this problem, but now has cropped up
in 4.2.
When a user logs in, sshd seems to call 'last' to get the last log
information. 'last' then opens the /var/log/wtmp file and processes the
information. On some systems, this file can be quite large, and we're
seeing