search for: judgement

...odification. Why does it require a protocol modification? Couldn't the client request regular forwarded-tcpip from the server then decode SOCKS entirely within the client? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

...config.l > > I do have zlib installed. How can I make this script find zlib? Try using --with-zlib=/path/to/zlib (eg /usr/local if that's where you installed zlib). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

...for some strange reason > we get > > ssh_exchange_identification: Connection closed by remote host What do the server logs say? Does the server have PAM enabled? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

Hello: The help page for 'pie' includes "judgements"; the standard spelling does not include "e", as spell checkers have informed me many times. ... in case someone wants to correct that typo. Best Wishes, Spencer sessionInfo() R version 2.8.0 (2008-10-20) i386-pc-mingw32 locale: LC_COLLATE=English_United...

Is it intentional that password auth using PAM continues trying to log on (giving password 3 prompts) in the case that a user is disabled (so that pam_account returns an error code). It can be argued both ways (saying 'you are disabled' is giving out too much information, making it look like you are entering the wrong password confuses and frustrates the user)

...bout > startup time. > > With those caveats, you are also welcome to add the appropriate > ssh-keygen commands to your startup scripts. > > -- > Darren Tucker (dtucker at dtucker.net) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement.

...g else wrong? It's a warning. If you're going to use PrivilegeSeparation (which is on by default) you need to create a user for it. The details are in README.privsep. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

...hms accepted by that keyword, eg. $ ssh -V OpenSSH_8.2p1, OpenSSL 1.1.1g FIPS 21 Apr 2020 $ ssh -Q PubkeyAcceptedKeyTypes [...] ssh-rsa rsa-sha2-256 rsa-sha2-512 [...] -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

...function it appears in.) make: 1254-004 The error code from the last command is 1. Adding "extern char *BSDoptarg;" to ssh-agent.c allows the build to complete. -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

...oup at a little over 128 bits of security. This > is why we generate larger groups (and request them, when using 192 and > 256 bit ciphers). > > -- > Darren Tucker (dtucker at dtucker.net) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement.

..., KEY_RSA1, 0, 0 }, +# endif { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, # ifdef OPENSSL_HAS_ECC -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

...'re seeing it, my guess is your version of gcc defaults to -std=c99 and mine doesn't. You can try adding "-std=c89" to your CFLAGS and see if it builds. -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

...> enabled. IMO random delays are overrated for mitigating timing attacks; you can look for inconsistent behaviour as the indicator of whatever you're looking for. -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

...change in > > openssh-6.6p1. If there is interest I can port the change to the openssh > > portable github. > > Sounds reasonable. > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. >

...he same will probably apply to WinSCP). Could you please run sshd and plink in debug mode ("/eg path/to/sshd -ddde -p 2022" and "plink -v -P 2022 yourhost") -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

...nce they > won't exist there you'll get a fresh set generated rather than using the > ones in /etc/ssh, which will cause a hostkey mismatch. > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. >

Setup :: PC (cygwin) <-> Terminal Server (InReach) <-> Sun Server (Solaris 8) Scenarios : Using Tera Term Pro with ssh extension, I connect to the Terminal Server via ssh and I can use 'Control -> Send Break' to send the break sequence to drop the Sun Server into its 'ok prompt'. Using ssh via cygwin, I tried to do '~ ctrl-B', but it will not

The do_pwchange() function in session.c needs to pass the username as an argument to the passwd command. Without it, passwd always fails with something like "passwd: unknown user" as if its getting a blank user arg. It's strange but so are many other things in SCO, which BTW was NOT my OS of choice :( To make it work I simply changed line 1317 to this: execl(_PATH_PASSWD_PROG,

Fixes a potential (but probably rather unlikely) use after free bug in function temporarily_use_uid(), file uidswap.c. --- a/uidswap.c +++ b/uidswap.c @@ -113,8 +113,9 @@ temporarily_use_uid(struct passwd *pw) } } /* Set the effective uid to the given (unprivileged) uid. */ - if (setgroups(user_groupslen, user_groups) < 0) -

...ak_req just returns 0 if TIOCSBRK and TIOCCBRK are not defined (which I think is the right thing to do, but I'm not sure). If either of these are wrong please let me know. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. -------------- next part -------------- Index: auth-passwd.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-passwd.c,v retrievin...