search for: frakir

...ien Miller) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 6 Aug 2011 10:47:07 +0200 > From: Gert Doering <gert at greenie.muc.de> > To: Damien Miller <djm at mindrot.org> > Cc: Morty Abzug <morty at frakir.org>, Gert Doering > <gert at greenie.muc.de>, openssh-unix-dev at mindrot.org > Subject: Re: openssh PTY allocation > Message-ID: <20110806084707.GL8496 at greenie.muc.de> > Content-Type: text/plain; charset=us-ascii > > Hi, > > On Sat, Aug 06, 2011 at...

We recently upgraded to openss 5.8p2 from a somewhat older version. This broke openssh login to ScreenOS devices. These devices don't support PTY allocation. Apparently, ssh now reacts to PTY allocation failure by failing the login. This is a change from the previous behavior. The simple workaround is ssh -T $device. I see in the ChangeLog that some device would hang with PTY allocation

I'm looking to move some Solaris 2.6 and 7 machines to openssh. Showstopper bug: openssh (up to 3.1p1) doesn't seem to correctly implement expired passwords. Looking back through the archive, it looks like Dave Dykstra submitted a patch for this problem relative to an older version of openssh at least as early as last August:

If I scp from/to a server that has a banner using scp -q, it still shows the banner. If I ssh -q to the same server, the banner is skipped. scp -o "LogLevel quiet" does the trick, but is excessively cumbersome. - Morty

First off, thanks for the --with-pam fix that lets users with expired passwords change their passwords. It's wonderful, and has finally allowed us to migrate to openssh after a couple of years. Problem: after openssh allows a user with an expired password to log in, said user does not have any X11 and agent forwardings that have been set up. This can be a support issue for naive users who

I'm trying to replace some sshv1 clients and servers in a modular way, and the "Server Lies" warning (when the server says the key has one more bit than it really has) is causing heartache. Per the FAQ, this is relatively benign. Here's a patch that allows an admin or user to disable the warning. - Morty diff -Nur openssh-3.7.1p2/readconf.c

The various pages about samba 4 warn about rough edges, upgrade, file services, and print services. I have some domains that have never had a Windows domain that now need Windows AD authentication. I don't need file services and print services, and upgrade is not a problem. Is samba 4 ready for this use case, or should we still go with Microsoft's AD? Thanks! - Morty