search for: fill_default_server_options

Displaying 20 results from an estimated 35 matches for "fill_default_server_options".

2002 Nov 24
1
[PATCH] PamServiceNameAppend
...ERVICE= "ssh_remote" but I would have to have two sets of binaries : One sshd and another sshd_remote. Not really easy. :-( Attached is a patch that allows me to do this in the config file by appending a string to SSHD_PAM_SERVICE at runtime (yes, I'd have liked to do it at fill_default_server_options time). It just adds another option : PamServiceNameAppend. This is my first attempt at patching ssh (hacked it this afternoon, only basic and very primitive testing), so it sure needs hints from "the guys who know it better". :o) Feedback welcome ! Flavien. -------------- next par...
2015 May 13
11
[Bug 2398] New: AuthenticationMethods doesn't have default value (inconsistency) and it accept empty value
...dress !::1 > AuthenticationMethods publickey,password but it doesn't work, as stated in bz2397. Also it can get quite messy if you have more blocks like that. To have this feature working, we need to choose value for ANY (proposed "any"), use this value as default (enforced by fill_default_server_options) and make sure that it is handled everywhere in the code consistently. There are few design consideration, before posting a patch: * We can't use just num_auth_methods == 0, because this is considered as not-defined and it can't override previously definde authentication methods * We can...
2017 Jan 08
4
[Bug 2662] New: Does it still make sense to use DSA host keys by default?
...sables DSA support by default since OpenSSH 7.0, the server still includes it in the implicit list of host keys used if you don't specify any HostKey options at all (which is the default behaviour in the stock sshd_config). This seems a bit odd. Would you consider removing it from the list in fill_default_server_options, thereby requiring people who really need it to specify it manually? That would seem to be useful in further discouraging the use of DSA. Background for why I'm asking: https://bugs.debian.org/823827 requested something similar, which at the time I handled only in the Debian packaging scripts...
2008 Sep 15
0
No subject
...r xmalloc before initiliase serveroptions in initilise sever options after initiliase serveroptions before ssleay add algorithms after ssleay add algorithms in channel set before log init after log init before seed_rng after seed_rng before read_server_config after read_server_config ?before fill_default_server_options after fill_default_server_options sshd version OpenSSH_3.7.1p2 before lodaing private keys ?after lodaing private keys ?after lodaing private keys options.host_key_files[i]=/etc/ssh/ssh_host_rsa_key ?in key_load_private ?before key_load_public_rsa1 in buffer_init in buffer_append_space in buffer_ge...
2008 Sep 18
2
SSHD_PROBLEM
...r xmalloc before initiliase serveroptions in initilise sever options after initiliase serveroptions before ssleay add algorithms after ssleay add algorithms in channel set before log init after log init before seed_rng after seed_rng before read_server_config after read_server_config before fill_default_server_options after fill_default_server_options sshd version OpenSSH_3.7.1p2 before lodaing private keys after lodaing private keys after lodaing private keys options.host_key_files[i]=/etc/ssh/ssh_host_rsa_key in key_load_private before key_load_public_rsa1 in buffer_init in buffer_append_space in buffer_ge...
2002 Jan 29
2
Key fingerprint logging
...:23:41 2002 @@ -107,10 +107,11 @@ options->reverse_mapping_check = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; + options->log_key_fingerprint = -1; } void fill_default_server_options(ServerOptions *options) { @@ -227,10 +228,12 @@ else options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2; } if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; + if (options->log_key_fingerprint == -1) + o...
2008 May 07
2
Request for generic engine support
...uot;%s line %d: too many keys (max %d).", > filename, linenum, MAX_HOSTKEYS); > charptr = &options->host_key_files[*intptr]; > goto parse_filename; > > case sEngineConfigFile: > /* default set in fill_default_server_options */ > charptr = &options->engconffile; > goto parse_filename; > > case sEngineConfigStanza: > /* default set in fill_default_server_options */ > charptr = &options->engconfstanza; > arg =...
2006 Jan 08
3
Allow --without-privsep build.
...01-07 18:13:42.000000000 +0000 @@ -102,8 +102,10 @@ initialize_server_options(ServerOptions options->authorized_keys_file2 = NULL; options->num_accept_env = 0; +#ifdef USE_PRIVSEP /* Needs to be accessable in many places */ use_privsep = -1; +#endif } void @@ -230,10 +232,10 @@ fill_default_server_options(ServerOption if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; +#ifdef USE_PRIVSEP /* Turn privilege separation on by default */ if (use_privsep == -1) use_privsep = 1; - #ifndef HAVE_MMAP if (use_privsep && opti...
2012 Nov 21
1
HostKey in hardware?
Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this
2002 Jun 26
1
[Fwd: Kerberos buglet in OpenSSH-3.3p1]
Can anyone with Heimdal KrbV verify this? -------------- next part -------------- An embedded message was scrubbed... From: Dag-Erling Smorgrav <des at ofug.org> Subject: Kerberos buglet in OpenSSH-3.3p1 Date: 25 Jun 2002 14:52:10 +0200 Size: 1291 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020626/347e123e/attachment.mht
2007 Mar 22
1
ChallengeResponseAuthentication defaults to no?
Hello, I have just installed OpenSSH 4.6p1 and it appears that ChallengeResponseAuthentication is not allowed unless I explicitly set it to "yes" in the sshd_config file. I am using the same config file as I did with 4.5p1 where it was allowed by default. Also, this is OpenSSH package from sunfreeware, but I believe that both versions were compiled with the same options. Is this the
2001 Mar 03
0
[PATCH] PrintLastLog option
....prev +++ servconf.c Thu Feb 22 20:59:45 2001 @@ -56,4 +56,5 @@ initialize_server_options(ServerOptions options->ignore_user_known_hosts = -1; options->print_motd = -1; + options->print_lastlog = -1; options->check_mail = -1; options->x11_forwarding = -1; @@ -133,4 +134,6 @@ fill_default_server_options(ServerOption if (options->print_motd == -1) options->print_motd = 1; + if (options->print_lastlog == -1) + options->print_lastlog = 1; if (options->x11_forwarding == -1) options->x11_forwarding = 0; @@ -209,5 +212,6 @@ typedef enum { sChallengeResponseAuthentication,...
1999 Nov 20
1
openssh and DOS
...----- --- openssh-1.2pre13/servconf.c.orig Fri Nov 19 23:30:33 1999 +++ openssh-1.2pre13/servconf.c Fri Nov 19 23:36:56 1999 @@ -62,6 +62,7 @@ options->num_deny_users = 0; options->num_allow_groups = 0; options->num_deny_groups = 0; + options->max_connections = -1; } void fill_default_server_options(ServerOptions *options) @@ -161,7 +162,7 @@ sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, - sIgnoreUserKnownHosts + sIgnoreUserKnownHosts,...
2002 Dec 05
1
patch to add a PAMServiceName config option
...10:55 2002 @@ -132,6 +132,7 @@ char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; int pam_authentication_via_kbd_int; + char *pam_service_name; } ServerOptions; void initialize_server_options(ServerOptions *); @@ -139,5 +140,8 @@ void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int); +#if !defined(SSHD_PAM_SERVICE) +# define SSHD_PAM_SERVICE __progname +#endif #endif /* SERVCONF_H */ diff -ru openssh-3.5p1.orig/sshd_config.5 openssh-3.5p1/sshd_config.5 --- openssh-3.5p1.orig...
2003 Mar 02
0
[RFC][PATCH] Require S/KEY before other authentication methods.
...n = -1; options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; + options->challenge_response_authentication_first = -1; options->permit_empty_passwd = -1; options->permit_user_env = -1; options->use_login = -1; @@ -222,6 +223,13 @@ fill_default_server_options(ServerOption options->kbd_interactive_authentication = 0; if (options->challenge_response_authentication == -1) options->challenge_response_authentication = 1; + if (options->challenge_response_authentication_first == -1) + options->challenge_response_authentication_first =...
2001 Oct 07
3
BadOption failures "annoying"
...tion about the configuration behaviour of openssh.. sshd.8 -f configuration_file Specifies the name of the configuration file. The default is /etc/sshd_config. sshd refuses to start if there is no configura- tion file. While servconf.c has the routine fill_default_server_options(ServerOptions *options) which sets valid/common options by "itself" - thus I *can* run sshd w/ an empty configuration file anyway .. hello? servconf.c also kills the startup if it cant recognize an option - thus if I make a typo (or in this case use an option from a newer sshd on an olde...
2018 Nov 19
2
[PATCH] openssl-compat: Test for OpenSSL_add_all_algorithms before using.
OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])
2013 Jan 31
2
OpenSSH NoPty patch
...ialize_server_options(ServerOptions options->x11_forwarding = -1; options->x11_display_offset = -1; options->x11_use_localhost = -1; + options->no_pty = -1; options->xauth_location = NULL; options->strict_modes = -1; options->tcp_keep_alive = -1; @@ -201,6 +202,8 @@ fill_default_server_options(ServerOption options->x11_use_localhost = 1; if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; + if (options->no_pty == -1) + options->no_pty = 0; if (options->strict_modes == -1) options->strict_modes = 1; if (options->tcp_keep_aliv...
2020 Mar 24
4
ZSTD compression support for OpenSSH
I hacked zstd support into OpenSSH a while ago and just started to clean it up in the recent days. The cleanup includes configuration support among other things that I did not have. During testing I noticed the following differences compared to zlib: - highly interactive shell output (as in refreshed at a _very_ high rate) may result in higher bandwidth compared to zlib. Since zstd is quicker
2005 Nov 17
3
4.2 and the 'last' command
We've run into an interesting dilemma regarding last log information and ssh 4.2p1. In 3.8, we didn't see this problem, but now has cropped up in 4.2. When a user logs in, sshd seems to call 'last' to get the last log information. 'last' then opens the /var/log/wtmp file and processes the information. On some systems, this file can be quite large, and we're seeing