search for: get_remote_port

...: authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ", authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user, get_remote_ipaddr(), get_remote_port(), info); and not print ROOT in caps: authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ", authctxt->user, get_remote_ipaddr(), get_remote_port(), info); do we re...

...version_string = NULL; @@ -171,6 +172,8 @@ ssh_proxy_fdpass_connect(const char *host, u_short port, /* Set the connection file descriptors. */ packet_set_connection(sock, sock); + debug("Connected to %.200s [%.100s] port %d.", + host, get_remote_ipaddr(), get_remote_port()); return 0; } @@ -493,6 +496,8 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop /* Set the connection. */ packet_set_connection(sock, sock); + debug("Connected to %.200s [%.100s] port %d.", + host, get_remote_ipaddr(), get_remot...

...that fail is basically: ssh -2 -F $build/regress/ssh_proxy 999.999.999.999 true The server reports: sshd[20529]: Disconnecting: Command terminated on signal 11. The culprit seems to be session.c line 1019 or so: snprintf(buf, sizeof buf, "%.50s %d %.50s %d", get_remote_ipaddr(), get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port()); After poking around, it seems that: 1) get_local_ipaddr returns NULL 2) this NULL is passed to snprintf 3) which dereferences the NULL causing a SEGV (get_local_ipaddr returns NULL because it calls get_socket_address which ca...

Hi! There are configuration knobs (TCPKeepAlive) to enable/disable the use of TCP keepalives both in the ssh client and server. Unfortunately some UNIX systems default to SO_KEEPALIVE=on and some to =off. This may even be settable on a per host basis (OpenBSD default net.inet.tcp.always_keepalive=1 ???). For the TCPKeepAlive configuration knob I would like to propose changes along the lines

Hello, everybody. I've recently encountered a problem with OpenSSH server. Could you help me to troubleshoot it? I've configured 2 IP interfaces[1]: one with a public IP adress and one with a private address. When I connect[2] through the public interface (ens34), SSH works fine, but when I connect[3] through the private interface (ens32), I receive a rather cryptic message on my client

I have passwords turned off, and require keys to match. The zombie armies swarming outside are trying brute force attacks that in part involve guessing login NAMES. If they guess the wrong NAME, this is logged in syslog. If they guess a working user name, then the attack has PARTIALLY SUCCEEDED, but this information is IGNORED. That is, it is not logged. If the zombie army has tell when it

...de> - Avoid void* pointer arithmatic - Use LDFLAGS correctly - Fix SIGIO error in scp - Simplify status line printing in scp - Added better test for inline functions compiler support from Darren_Hall at progressive.com 19991214 - OpenBSD CVS Changes - [canohost.c] fix get_remote_port() and friends for sshd -i; Holger.Trapp at Informatik.TU-Chemnitz.DE - [mpaux.c] make code simpler. no need for memcpy. niels@ ok - [pty.c] namebuflen not sizeof namebuflen; bnd at ep-ag.com via djm at mindrot.org fix proto; markus - [ssh.1] typo; mark.baushke at...

...-------------- next part -------------- Index: sshd.c =================================================================== RCS file: /var/cvs/openssh/sshd.c,v retrieving revision 1.33 diff -u -r1.33 sshd.c --- sshd.c 1999/12/04 09:24:48 1.33 +++ sshd.c 1999/12/07 03:55:18 @@ -1551,24 +1551,41 @@ get_remote_port(), user); -#ifdef HAVE_LIBPAM - do_pam_account_and_session(pw->pw_name, client_user); +#ifndef HAVE_LIBPAM + if (authenticated) + return; - /* Clean up */ - if (client_user != NULL) - xfree(client_user); + if (attempt > AUTH_FAIL_MAX) + packet_disconnect(AUTH_FAIL_MSG, pw-&...

...00s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ", ---> authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user, get_remote_ipaddr(), get_remote_port(), info); If authctxt->user is null, this will dump core. I discovered this using SSH1 publickey auth with my hacked 20010424 CVS sources. auth.c and auth1.c haven't changed since then, so I suspect this may still be lurking. I'm going to test it against 2.9p1 as soon as...

...r_ip(u_int, int); char *get_peer_ipaddr(int); *** openssh-2.9.9p2/session.c.bak Sun Sep 16 15:17:15 2001 --- openssh-2.9.9p2/session.c Fri Oct 12 16:52:09 2001 *************** *** 1255,1260 **** --- 1255,1263 ---- snprintf(buf, sizeof buf, "%.50s %d %d", get_remote_ipaddr(), get_remote_port(), get_local_port()); child_set_env(&env, &envsize, "SSH_CLIENT", buf); + snprintf(buf, sizeof buf, "%.50s", + get_local_ipaddr2()); + child_set_env(&env, &envsize, "SSH_LOCAL", buf); if (s->ttyfd != -1) child_set_env(&env, &amp...

...: auth.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v retrieving revision 1.67 diff -u -r1.67 auth.c --- auth.c 18 Jan 2003 05:24:06 -0000 1.67 +++ auth.c 25 Feb 2003 09:52:31 -0000 @@ -268,13 +268,10 @@ get_remote_port(), info); -#ifdef WITH_AIXAUTHENTICATE if (authenticated == 0 && strcmp(method, "password") == 0) - loginfailed(authctxt->user, - get_canonical_hostname(options.verify_reverse_mapping), - "ssh"); -#endif /* WITH_AIXAUTHENTICATE */ - + record_failed_lo...

...nssh-2.9p1authdata/session.c Thu May 17 00:41:15 2001 @@ -57,6 +57,7 @@ #include "serverloop.h" #include "canohost.h" #include "session.h" +#include "key.h" #ifdef WITH_IRIX_PROJECT #include <proj.h> @@ -1281,6 +1282,8 @@ get_remote_ipaddr(), get_remote_port(), get_local_port()); child_set_env(&env, &envsize, "SSH_CLIENT", buf); + if (key_matching_data(NULL)) + child_set_env(&env, &envsize, "SSH_AUTHKEY", key_matching_data(NULL)); if (s->ttyfd != -1) child_set_env(&env, &envsize, "SSH_TTY&qu...

...: auth.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v retrieving revision 1.67 diff -u -r1.67 auth.c --- auth.c 18 Jan 2003 05:24:06 -0000 1.67 +++ auth.c 25 Feb 2003 09:52:31 -0000 @@ -268,13 +268,10 @@ get_remote_port(), info); -#ifdef WITH_AIXAUTHENTICATE if (authenticated == 0 && strcmp(method, "password") == 0) - loginfailed(authctxt->user, - get_canonical_hostname(options.verify_reverse_mapping), - "ssh"); -#endif /* WITH_AIXAUTHENTICATE */ - + record_failed_lo...

...etpeername failed: Transport endpoint >> is not connected". > > From the failed traces: > > debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 > debug1: inetd sockets after dupping: 3, 3 > debug1: getpeername failed: Transport endpoint is not connected > debug1: get_remote_port failed > > Since this happens immediately after the server reexecs itself, > another possiblity is that somehow the descriptors are being marked > close-on-exec. You can test this theory by adding "-r" to sshd's > command line to disable reexec. > > -- > Darre...

...;Login restricted for %s: %.100s", + pw->pw_name, loginmsg); + } return 0; + } #endif /* WITH_AIXAUTHENTICATE */ /* We found no reason not to let this user try to log on... */ --- auth1.c.orig Wed May 10 15:53:51 2000 +++ auth1.c Thu May 11 15:13:37 2000 @@ -66,9 +66,7 @@ get_remote_port()); #ifdef WITH_AIXAUTHENTICATE - if (strncmp(get_authname(type),"password", - strlen(get_authname(type))) == 0) - loginfailed(pw->pw_name,get_canonical_hostname(),"ssh"); + loginfailed(user,get_canonical_hostname(),"ssh"); #endif /* WITH_AIXAUTHENTICAT...

...: auth.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v retrieving revision 1.67 diff -u -r1.67 auth.c --- auth.c 18 Jan 2003 05:24:06 -0000 1.67 +++ auth.c 27 Jan 2003 11:39:07 -0000 @@ -268,13 +268,11 @@ get_remote_port(), info); -#ifdef WITH_AIXAUTHENTICATE - if (authenticated == 0 && strcmp(method, "password") == 0) - loginfailed(authctxt->user, - get_canonical_hostname(options.verify_reverse_mapping), - "ssh"); -#endif /* WITH_AIXAUTHENTICATE */ - + if (geteuid() ==...

http://bugzilla.mindrot.org/show_bug.cgi?id=294 ------- Additional Comments From ktaylor at daac.gsfc.nasa.gov 2002-06-26 00:53 ------- This is what's reported in the syslog from openssh-2.9.9p2 - with an ip address range listed in hosts.allow Jun 25 10:50:08 6D:server sshd[30123536]: Failed keyboard-interactive for ktaylor from xxx.xxx.xxx.xxx port 40333 ssh2 Jun 25 10:50:13 6D:server

https://bugzilla.mindrot.org/show_bug.cgi?id=2162 Bug ID: 2162 Summary: Log needs to contain the port on which connection is made Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: FreeBSD Status: NEW Severity: normal Priority: P5 Component: sshd

Attached is a patch which adds a log= directive to authorized_keys. The text in the log="text" directive is appended to the log line, so you can easily tell which key is matched. For instance the line: log="hello world!",no-agent-forwarding,command="/bin/true",no-pty, no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:7" ssh-rsa AAAAB3Nza....xcgaK9xXoU=

Hi. To compartmentalize things a bit (e.g., to help limit the damage should one of my machines be hacked and my private RSA keys stolen) I use different RSA key pairs on my different client machines. So it occurs to me that it would be nice if ssh could log which key was used when logging in to a particular account that has more than one entry in .ssh/authorized_keys. Right now it simply says