search for: leininger

Hi, About a year and a half ago, Hank Leininger posted a plea to this list for the inclusion of an Include directive in OpenSSH's configuration file. Hank's suggestion is detailed and thorough enough IMHO, so instead of repeating it I'll link it here http://marc.info/?l=openssh-unix-dev&m=118236823907002&w=2 . I'...

.../.ssh/config files. An obvious alternative is to build a consolidated ~/.ssh/config file from these individual bits using a perl script, Makefile, etc. Has anybody else got similar needs, and if so have you already solved them with either a patch to openssh, or the script approach? Thanks, Hank Leininger <hlein at progressive-comp.com> D639 2E70 96A4 96D4 9AB6 95D6 A8FD BA7C 7093 F8F3 -----BEGIN PGP SIGNATURE----- iD8DBQFGeWOyqP26fHCT+PMRAiKeAJ9x17KSabcEX/4cVJOqWHaKwy6REwCcDl+E 1mr7QpKwVdTXYDfkg3eQzoo= =j0ie -----END PGP SIGNATURE-----

...n't. That will make them more willing victims. It's like sending users "secure" self-extracting encrypted archives, teaching people that it's sometimes OK after all to execute .exe's they receive in emails--undermines best-practice training and will end badly. -- Hank Leininger <hlein at korelogic.com> BE5D FCCA 673B D18B 98A9 3175 896E 3D4A 1B4D C5AC -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 447 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh...

Long post.. sorry. Ok.. I've got three systems, all running openssh-3.0.2p1. As a matter of fact, they were installed from the same built tree, so I know they are the same. Here's the deal. I've got three systems, call them source1, source2 and target. All are HP-UX 11.0 systems installed from the same tree. Source1 and source2 both have thier root rsa pub keys in target's

...be highly annoying (or have untenable requirements like "there must be an X display that ssh can talk to, to pop the request up in"), but strong enough not to be faked out. ...If that were sufficiently addressed, then this downside to AddKeyToAgent would go away too. Thanks, -- Hank Leininger <hlein at korelogic.com> BE5D FCCA 673B D18B 98A9 3175 896E 3D4A 1B4D C5AC -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 443 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh...

Hello, whereas most people take passwd/shadow/ldap/<whatever> as the place where decision on a chrooted environment / sandbox for certain users is met (just set the given usershell appropriateley), I needed a somewhat different approach. Below is a tiny patch to 2.2.0p1 which enhances the sshd-config by two options and, when set, places all users / users of a certain group immediately in

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

...Otherwise it generates useless chatter between sshd and syslogd, causes unnecessary context switches, and of course scribbles useless stuff to disk. At the very least, could these be changed to debug2 or debug3 so that it's disabled for not-really-that-verbose DEBUG LogLevels? Thanks, Hank Leininger <hlein at progressive-comp.com>

password authentication fails even tho i used LIBS=-lcrypt option Any help will be appreciated

High all, I'm running openssh 3.0.2p1 and it seems that the chroot patch delivered in the /contrib folder of the portable distrib does not apply to this release. Does anyone know if i can find an updated patch. Thanks -- Johan LEGROS Direction Informatique R?seau & T?l?com Tel : +33 1 71 71 56 62 Fax : +33 1 71 71 55 77 Email : jlegros at canal-plus.fr URL :

Hi, working on tightening our network (somewhat) today, I found that OpenSSH doesn't seem to have the "AllowSHosts" directive (in sshd_config) that Commercial SSH (at least 1.2.25 & up) has. Now I wonder whether that hasn't been implemented yet, or has been dropped for a certain reason. I find this very useful for what I want to achieve - inside the company network,

OpenSSH 2.9.9 has just been uploaded. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH 2.9.9 fixes a weakness in the key file option handling, including source IP based access control. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability

ssh.1 says Protocol Specifies the protocol versions ssh should support in order of preference. The possible values are ``1'' and ``2''. Multiple versions must be comma-separated. The default is ``1,2''. This means that ssh tries version 1 and falls back to version 2 if version 1 is not available. but

If the source and destination file are identical, the receiving scp truncates the file. On the sending end, read() returns 0, and garbage is sent instead of actual data, and the receiving end puts it into the file, which at least confuses the users. -- Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/

Is there any way to disable the authentication agent globally? I'm not quite sure I understand it's purpose. Here is some background info: workstation: Key pair (dsa). host1: No key pair. No authorized_keys. host2: Has my workstation's key in authorized_keys. I ssh to host1 from my workstation. I ssh to host2 from host1. I am asked for a password. Good. I ssh to host2 from my

Hi guys, and another feature request for sshd which I would classify as really useful. And I think this behaviour is currently not available (If yes, sorry, I must have missed it): > I believe that the sshd should log which RSA key was used to connect to > an account. When there are a number of keys in the authorized_keys file > it is often useful to know which one was used for each

...t.cifs.rst: more cleanups smbinfo.rst: document kernel version mount.cifs: be more verbose and helpful regarding mount errors Aurélien Aptel (2): checkopts: add python script to cross check mount options mount.cifs.rst: document missing options, correct wrong ones Hank Leininger (1): Added rst2man.py to the search list. Kenneth D'souza (3): Update mount.cifs with vers=default mount option and SMBv3.0.2 getcifsacl: Do not go to parse_sec_desc if getxattr fails. getcifsacl: Improve help usage and add -h option. manpage: update mount.ci...

Hi, % scp -v user at host:file.txt . [..] debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1 debug: Local version string SSH-1.5-OpenSSH_2.1.1 [..] debug: Sending command: scp -v -f file.txt debug: Entering interactive session. Sending file modes: C0644 3093316 file.txt Since it 'interactives' the remote user needs a shell. Any workaround? But more interesting

Debian GNU/Linux 2.2 (potato), openssh-2.2.0p1 Configured with: --prefix=/usr/local/openssh --enable-gnome-askpass --with-tcp-wrappers --with-ipv4-default --with-ipaddr-display My goal here is to, as root, forward a local privileged port over an ssh tunnel to another host using a normal user's login, i.e.: root:# ssh -2 -l jamesb -i ~jamesb/.ssh/id_dsa -L 26:localhost:25 remotehost So far,

The included patch adds a new option to the ssh client: -d fd Read the password from file descriptor fd. If you use 0 for fd, the passphrase will be read from stdin. This is basically the same as GPG:s parameter --passphrase-fd. Flames about why this is a bad idea goes into /dev/null. I really need to do this. There are lots of ugly Expect-hacks out there, but I want a more clean