search for: libov

...no wins support = no wins proxy = no dns proxy = no map to guest = never null passwords = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] browseable = no writable = yes public = no valid users = libove, libove@ad2.felines.org available = yes In short, it should talk only secure Kerberos protocols and rely on my Domain Controller reset6.ad2.felines.org (the DC for my FELINESAD2 / ad2.felines.org Win2K3 Domain) for authentication. The one actual home share is "libove", which lives...

...SSH: PATH=/usr/bin:/bin:/usr/sbin:/sbin:/opt/openssh/bin:/usr/ccs/bin Telnet: PATH=/usr/bin:/usr/sbin:/usr/ccs/bin + Only the SSH session contains: SSH_TTY=/dev/pts/xx SSH_CONNECTION="srcIP srcport dstIP dstport" SSH_CLIENT="srcIP srcport dstport" USER=jlibove + The MAIL variable in the SSH session has an extra '/' in it: MAIL=/var/mail//jlibove compared to the telnet session MAIL=/var/mail/jlibove None of these seem critical, though the MAIL setting does imply some additional misunderstanding of NCR MP-RAS' peculiarities in b...

...gin attempt incurs a 5 second delay. I don't think that's too harsh, but everyone has their own needs and considerations. This could be made configurable. -Jay -----Original Message----- From: Rick Jones [mailto:rick.jones2 at hp.com] Sent: Wednesday, December 15, 2004 8:09 PM To: Jay Libove Cc: openssh-unix-dev at mindrot.org Subject: Re: Time to add exponential backoff for SSH interactive login failures? > Discussion, pros/cons? I think it would be good to be a triffle more gentle on the honest but fumble-fingered and only start the backoff after say the third failed login a...

...days look normal). I am cross-posting this message and the attached tcpdump packet capture file to the following places to let better people than I analyze it: openssh-unix-dev at mindrot.org secureshell at securityfocus.com full-disclosure at lists.netsys.com vulnwatch at vulnwatch.org -Jay Libove, CISSP

...eys) or do I have to put them in each users home directory and make the ~/.ssh/authorized_keys only writable by root? Please CC: me on the reply because I am not subscribed to this list. Thanks in advance for your reply. Ben Hacker Jr -----Original Message----- From: openssh-unix-dev-bounces+libove=felines.org at mindrot.org [mailto:openssh-unix-dev-bounces+libove=felines.org at mindrot.org] On Behalf Of Gregory Seidman Sent: Monday, February 23, 2004 5:23 PM To: OpenSSH development list Subject: PKI and SSH Due to unpleasant (but arguably valid) policy changes at work, any SSH server withi...

Due to unpleasant (but arguably valid) policy changes at work, any SSH server within the work firewall must accept only PKI authentication. Unless we can convince the higher-ups otherwise, we will also have to use the commercial SSH server within the firewall. Of course, I should be able to use whatever client I like. Unfortunately, it is not clear that I can get OpenSSH to use PKI authentication.

...s Domain account to the Domain? It ought to be able to (since the Windows workstations is a valid Domain member), and why is it even trying in the first place (since it is a user, not the machine, which is connecting to the shares offered by the Samba server on the Linux machine) ? Thanks -Jay Libove, CISSP Atlanta, GA, US

...condition Product: Portable OpenSSH Version: 3.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: libove at felines.org The SSH Daemon writes its sshd.pid file only after it generates its ephemeral server key. This makes the amount of time between starting the daemon and the creation / update of the sshd.pid file variable, and can cause a race condition with e.g. /sbin/init.d scripts which start...

http://bugzilla.mindrot.org/show_bug.cgi?id=238 ------- Additional Comments From djm at mindrot.org 2003-01-07 17:59 ------- What if the ephemeral key generation fails (e.g. not enough entropy, etc) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...C almost anywhere when logged in. sshd dies when bash is running, sshd dies when vi is running but sshd doesn't die when joe is running. ^C means exit-without-save in joe, since it's remappable, joe might handle the signals differently than others. I bet this issue is related to what Mr. Libove sees on NCR MP-RAS. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Because of the high volume of discussion of various minor or somewhat serious problems and incompatibilities introduced in the 3.7x series, I prefer to stay with 3.6.1p2 plus the buffer overflow vulnerabilities patch for a while. Are there any other security changes introduced in the 3.7x series from 3.6.1p2 other than the back-ported patch for the buffer overflow vulnerabilities announced a few

At the risk of angering the crash Gods, my sustem has NOT crashed again since I downgraded the kernel from 2.6.18-1.2239.fc5 to 2.6.18-1.2200.fc5. Given that newfound stability, and my lack of time, I'm going to put on hold any further diagnostics, until the next kernel revision is released. I have submitted a report at bugzilla.redhat.com (bug 218128). (Ah, nuts; accidentally created a