search for: hlein

High all, I'm running openssh 3.0.2p1 and it seems that the chroot patch delivered in the /contrib folder of the portable distrib does not apply to this release. Does anyone know if i can find an updated patch. Thanks -- Johan LEGROS Direction Informatique R?seau & T?l?com Tel : +33 1 71 71 56 62 Fax : +33 1 71 71 55 77 Email : jlegros at canal-plus.fr URL :

https://bugzilla.mindrot.org/show_bug.cgi?id=1585 hlein at korelogic.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hlein at korelogic.com -- You are receiving this mail because: You are watching the assig...

...will make them more willing victims. It's like sending users "secure" self-extracting encrypted archives, teaching people that it's sometimes OK after all to execute .exe's they receive in emails--undermines best-practice training and will end badly. -- Hank Leininger <hlein at korelogic.com> BE5D FCCA 673B D18B 98A9 3175 896E 3D4A 1B4D C5AC -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 447 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/...

Long post.. sorry. Ok.. I've got three systems, all running openssh-3.0.2p1. As a matter of fact, they were installed from the same built tree, so I know they are the same. Here's the deal. I've got three systems, call them source1, source2 and target. All are HP-UX 11.0 systems installed from the same tree. Source1 and source2 both have thier root rsa pub keys in target's

The included patch adds a new option to the ssh client: -d fd Read the password from file descriptor fd. If you use 0 for fd, the passphrase will be read from stdin. This is basically the same as GPG:s parameter --passphrase-fd. Flames about why this is a bad idea goes into /dev/null. I really need to do this. There are lots of ugly Expect-hacks out there, but I want a more clean

...generates useless chatter between sshd and syslogd, causes unnecessary context switches, and of course scribbles useless stuff to disk. At the very least, could these be changed to debug2 or debug3 so that it's disabled for not-really-that-verbose DEBUG LogLevels? Thanks, Hank Leininger <hlein at progressive-comp.com>

password authentication fails even tho i used LIBS=-lcrypt option Any help will be appreciated

http://bugzilla.mindrot.org/show_bug.cgi?id=325 ------- Additional Comments From hlein at progressive-comp.com 2002-07-13 06:14 ------- Seeing this here too; it appears that when auth2.c:userauth_finish is called, forced_command has been cleared (or perhaps, never set in that forked sshd) so the call to auth_root_allowed(method) returns 0. The following patch makes forced-command l...

...iles. An obvious alternative is to build a consolidated ~/.ssh/config file from these individual bits using a perl script, Makefile, etc. Has anybody else got similar needs, and if so have you already solved them with either a patch to openssh, or the script approach? Thanks, Hank Leininger <hlein at progressive-comp.com> D639 2E70 96A4 96D4 9AB6 95D6 A8FD BA7C 7093 F8F3 -----BEGIN PGP SIGNATURE----- iD8DBQFGeWOyqP26fHCT+PMRAiKeAJ9x17KSabcEX/4cVJOqWHaKwy6REwCcDl+E 1mr7QpKwVdTXYDfkg3eQzoo= =j0ie -----END PGP SIGNATURE-----

Hi, working on tightening our network (somewhat) today, I found that OpenSSH doesn't seem to have the "AllowSHosts" directive (in sshd_config) that Commercial SSH (at least 1.2.25 & up) has. Now I wonder whether that hasn't been implemented yet, or has been dropped for a certain reason. I find this very useful for what I want to achieve - inside the company network,

OpenSSH 2.9.9 has just been uploaded. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH 2.9.9 fixes a weakness in the key file option handling, including source IP based access control. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability

ssh.1 says Protocol Specifies the protocol versions ssh should support in order of preference. The possible values are ``1'' and ``2''. Multiple versions must be comma-separated. The default is ``1,2''. This means that ssh tries version 1 and falls back to version 2 if version 1 is not available. but

If the source and destination file are identical, the receiving scp truncates the file. On the sending end, read() returns 0, and garbage is sent instead of actual data, and the receiving end puts it into the file, which at least confuses the users. -- Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

Is there any way to disable the authentication agent globally? I'm not quite sure I understand it's purpose. Here is some background info: workstation: Key pair (dsa). host1: No key pair. No authorized_keys. host2: Has my workstation's key in authorized_keys. I ssh to host1 from my workstation. I ssh to host2 from host1. I am asked for a password. Good. I ssh to host2 from my

Hi guys, and another feature request for sshd which I would classify as really useful. And I think this behaviour is currently not available (If yes, sorry, I must have missed it): > I believe that the sshd should log which RSA key was used to connect to > an account. When there are a number of keys in the authorized_keys file > it is often useful to know which one was used for each

Hi, % scp -v user at host:file.txt . [..] debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1 debug: Local version string SSH-1.5-OpenSSH_2.1.1 [..] debug: Sending command: scp -v -f file.txt debug: Entering interactive session. Sending file modes: C0644 3093316 file.txt Since it 'interactives' the remote user needs a shell. Any workaround? But more interesting

...oying (or have untenable requirements like "there must be an X display that ssh can talk to, to pop the request up in"), but strong enough not to be faked out. ...If that were sufficiently addressed, then this downside to AddKeyToAgent would go away too. Thanks, -- Hank Leininger <hlein at korelogic.com> BE5D FCCA 673B D18B 98A9 3175 896E 3D4A 1B4D C5AC -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 443 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/...

Debian GNU/Linux 2.2 (potato), openssh-2.2.0p1 Configured with: --prefix=/usr/local/openssh --enable-gnome-askpass --with-tcp-wrappers --with-ipv4-default --with-ipaddr-display My goal here is to, as root, forward a local privileged port over an ssh tunnel to another host using a normal user's login, i.e.: root:# ssh -2 -l jamesb -i ~jamesb/.ssh/id_dsa -L 26:localhost:25 remotehost So far,

Hello, whereas most people take passwd/shadow/ldap/<whatever> as the place where decision on a chrooted environment / sandbox for certain users is met (just set the given usershell appropriateley), I needed a somewhat different approach. Below is a tiny patch to 2.2.0p1 which enhances the sshd-config by two options and, when set, places all users / users of a certain group immediately in