search for: hostbased_uses_name_from_packet_on

...-44, D-37073 Goettingen, Germany Suggested change: *** auth2.c.ORI Wed Apr 25 14:44:15 2001 --- auth2.c Fri Sep 28 10:27:34 2001 *************** *** 801,815 **** debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s", chost, resolvedname, ipaddr); if (options.hostbased_uses_name_from_packet_only) { if (auth_rhosts2(pw, cuser, chost, chost) == 0) return 0; lookup = chost; } else { - if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { - debug2("stripping trailing dot from chost %s", chost); - chost[len - 1] = '\0'; - }...

...serauth_hostbased: chost %s resolvedname %s ipaddr %s", chost, resolvedname, ipaddr); + if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { + debug2("stripping trailing dot from chost %s", chost); + chost[len - 1] = '\0'; + } if (options.hostbased_uses_name_from_packet_only) { if (auth_rhosts2(pw, cuser, chost, chost) == 0) return 0; lookup = chost; } else { - if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') { - debug2("stripping trailing dot from chost %s", chost); - chost[len - 1] = '\0'; - } if (s...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

In auth2-hostbased.c, line #146 if (auth_rhosts2(pw, cuser, chost, chost) == 0) ^^^^^ shouldn't this be if (auth_rhosts2(pw, cuser, chost, ipaddr) == 0) ^^^^^^ The code was found in 4.2. Best regards, Choung S.Park

If HostbasedUsesNameFromPacketOnly is set to yes, sshd does not remove the trailing dot from the client supplied hostname, causing sshd to attempt to look up "foo.example.com." (note trailing period) in known_hosts and .shosts instead of "foo.example.com" Trivial patch attached. -- Carson -------------- next part -------------- An embedded and charset-unspecified text was

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...drs = NULL; options->address_family = -1; options->num_host_key_files = 0; + options->ca_key_file = NULL; options->pid_file = NULL; options->server_key_bits = -1; options->login_grace_time = -1; @@ -77,6 +78,7 @@ options->hostbased_authentication = -1; options->hostbased_uses_name_from_packet_only = -1; options->rsa_authentication = -1; + options->certkey_authentication = -1; options->pubkey_authentication = -1; options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; @@ -134,6 +136,8 @@ _PATH_HOST_DSA_KEY_FILE; } } + if (options-&g...