search for: loomi

...I did read the web link about FAQ on coreuitls before raising a help, and I thought it might be not helpful for this "configure" issue at this moment. Now I am going to use bash instead of Bourne Shall to see if the configuration scripts works. Again, Mahalo Jiwen On Wed, 18 Aug 2004, Loomis, Rip wrote: > Aloha Jiwen-- > I'm not sure you saw the message below, which was only > sent to the list. Having seen your other message to > me, I would suggest trying to compile OpenSSH using > GCC 2.95.2 -- that's what I've got installed on my HP-UX > systems and...

...alled, and then try to compile latest OpenSSH (and the pre-release version that we've all been asked to try.) Overall, though, I'm betting on a non-fun interaction between really-really-old Bourne shell implementations, recent configure scripts, and general HP-UX oddities. --Rip -- Rip Loomis, CISSP // SAIC Enterprise Security Solutions Brainbench MVP for Internet Security www.brainbench.com > -----Original Message----- > From: > openssh-unix-dev-bounces+gilbert.r.loomis=cpmx.saic.com at mindro > t.org > [mailto:openssh-unix-dev-bounces+gilbert.r.loomis=cpmx...

...application, then the question is still for another list. [* The name RC4 is copyrighted by RSA Security and their implementation of RC4 was/is a tradesecret, but the mathematics of RC4 are not patented.] Again, hope this dissertation helps in more than just filling up your inbox-- Rip Loomis Voice Number: (410) 953-6874 -------------------------------------------------------- Senior Security Engineer Center for Information Security Technology Science Applications International Corporation http://www.cist.saic.com > -----Original Message----- > From: Loomis, Rip [mailto:GILBER...

...ibly doesn't work properly? Any other hints as to a filename to look for, or an alternate installation location? It seems particularly odd to me that the compile runs fine, but on *the same box* it picks up a different library version at run-time. contrib/solaris updates to follow ASAP. Rip Loomis Voice Number: (410) 953-6874 -------------------------------------------------------- Senior Security Engineer Center for Information Security Technology Science Applications International Corporation http://www.cist.saic.com > -----Original Message----- > From: Damien Miller [mailto:d...

just wondering about this. i noticed "make install" installs ssh-keyscan group-writable. is this intentional? openssh-2.5.2p2/Makefile.in, line 168: $(INSTALL) -m 0775 -s ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan chris -- Christopher Linn, <celinn at mtu.edu> | By no means shall either the CEC Staff System Administrator | or MTU be held in any way liable

-----Original Message----- From: Loomis, Rip Sent: Tuesday, 19 June, 2001 09:10 To: 'geoff at raye.com' Subject: RE: poor permissions on ssh binary Geoff-- You stated that you consider it "a poor choice of permissions" to install the ssh binary as mode 0711. Since it will run perfectly with even more restrictive pe...

It compiled with no problems on both UnixWare 7.1.1 and AIX 4.3.3 by running './configure' Thanh > -----Original Message----- > From: Damien Miller [mailto:djm at mindrot.org] > Sent: Wednesday, June 28, 2000 5:02 PM > To: Gilbert.R.Loomis at saic.com > Cc: nikhil at mailsafe.org; openssh-unix-dev at mindrot.org > Subject: Please test this snapshot > > > On Wed, 28 Jun 2000, Rip Loomis wrote: > > > Hey Damien--would it be reasonable to release a > > 2.1.1p2 sometime soon to stop this FAQ? > &gt...

...ed out the call to arp since that one change decreases SSH session startup time significantly on our Solaris boxen. Related question: Is anyone actively trying to get Yarrow or some other algorithmic source of entropy into OpenSSH? I suppose this is really a question for the OpenSSL folks... Rip Loomis Voice Number: (410) 953-6874 -------------------------------------------------------- Senior Security Engineer Center for Information Security Technology Science Applications International Corporation http://www.cist.saic.com > -----Original Message----- > From: Nico De Ranter [mailto:nic...

...er training. Forcing that by disabling a long-standing feature is not the best to proceed IMHO. Getting people to think about what they're doing is better--but raising user awareness is one of those things that security always seems to depend upon... > -----Original Message----- > From: Loomis, Rip > Sent: Friday, June 01, 2001 9:46 AM > To: openssh-unix-dev at mindrot.org > Subject: Disabling Password-based auth? (was RE: recent breakins) > > > All-- > > But it's not as simple as forwarding the password-based > authentication. Regardless of what meth...

Hi, I must access several hosts through reverse masquerading gateways which are visible on the Internet under a single IP address, with different ports (2, 22, 222, 2222 etc..) forwarding to port 22 of various internal ssh servers, each with its own hostkey. This setup totally confuses the openssh client because it does not store the port numbers in the known_hosts* file, and thus falsely

I went to go use it today since I'll be putting together some packages for a national project and I found them in pretty *BAD* shape. By tonight, I should have some partial patches to resolve a lot of the issues, but I really feel we need to either need to fix it, remove it, or replace it with a better version. It's old enought to lakc RSA v2 key generation, lack of slogin, sftp,

When doing a simple configure of OpenSSh 2.5.2p2 on a Sparc running RedHat 6.0 I get: ... updating cache ./config.cache creating ./config.status creating Makefile sed: file conftest.s1 line 1: Unknown command: ``^'' creating openbsd-compat/Makefile sed: file conftest.s1 line 1: Unknown command: ``^'' creating ssh_prng_cmds sed: file conftest.s1 line 1: Unknown command:

...articular: - ssh-agent and ssh-add now handle DSA keys. NB. this does not interop with ssh.com's ssh-agent. (Markus Friedl) - Fix crashes when sshd is run out of inetd - More fixes for SunOS4 and NeXT (Nate Itkin and Charles Levert) - Add Solaris package support in contrib/solaris/ (Rip Loomis) - Random Early Drop connection rate limiting for sshd (Markus Friedl) - Fix duplicate lastlog logging (Markus & me) - Add -u option to sshd to make wtmp logging more like login's (Markus) - Use pipes instead of socketpairs to avoid scp not exiting problem on SunOS4 and HPUX 10. (Kl...

...s set to `yes'. (Markus Friedl) - Escape character `~' support in SSH2 (Markus Friedl) - Interop with SSH.COM ssh 2.3.0 (Markus Friedl) - Fix problems when sshd is run from inetd - Better SunOS 4.1.x support (Nate Itkin and Charles Levert) - Solaris package support, see contrib/solaris (Rip Loomis) - Work around connection freezes on HPUX and SunOS 4 (Lutz Jaenicke, Tamito KAJIYAMA) - Fix ^C ignored issue on Solaris. (Gert Doering, John Horne and Garrick James) - Further improved NeXT support. (Ben Lindstrom, Mark Miller) - Lots of other minor fixes (see ChangeLog for details) This re...

> -----Original Message----- > From: Rip Loomis [mailto:loomisg at cist.saic.com] > Sent: Wednesday, August 30, 2000 11:52 AM > To: openssh-unix-dev at mindrot.org > Subject: Solaris/IRIX audit support: login.c vs loginrec.c > > Comments requested: > I have internally-generated patches against > commercial SSH 1.2.27 that...

...s set to `yes'. (Markus Friedl) - Escape character `~' support in SSH2 (Markus Friedl) - Interop with SSH.COM ssh 2.3.0 (Markus Friedl) - Fix problems when sshd is run from inetd - Better SunOS 4.1.x support (Nate Itkin and Charles Levert) - Solaris package support, see contrib/solaris (Rip Loomis) - Work around connection freezes on HPUX and SunOS 4 (Lutz Jaenicke, Tamito KAJIYAMA) - Fix ^C ignored issue on Solaris. (Gert Doering, John Horne and Garrick James) - Further improved NeXT support. (Ben Lindstrom, Mark Miller) - Lots of other minor fixes (see ChangeLog for details) This re...

In case it is any help, here is the patch against openssh-3.0.1p1 that corrects the problem with last reporting on Solaris that I sent to the list a week or so ago against 3.0p1. There was no conversation about this aside from Rip Loomis' comment about including it to support BSM auditing - does this present a problem for other OSes to include the ut_name field in the utmpx entry? Should this patch be changed to only apply to Solaris hosts? Thoughts? Bill Knox Senior Operating Systems Programmer/Analyst The MITRE Cor...

Hey everyone, I have been using sftp for quite some time now and we have just hit 256 sftp users. Line 21 of servconf.h reads: #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ I am curious why this is in a header file and not something that is in sshd_config that can be changed without recompile? Thanks in advance! -- James Dennis Harvard Law School "Not

Is it possible to use encryption only for authenticate and then switch to no encryption? I've looked at the code for OpenSSH 3.5p1, cipher.c, and it looks like the answer is no, at least for protocol 1. However, I cannot tell if that is a deliberate design limitation of the implementation or if it is inherent in ssh protocol 2. My dilemma is a customer who wants to use their network IDS

I've been happily using the pre-packaged OpenSSH on my Debian systems for several weeks. Yesterday I finally started the process of getting OpenSSH up and running on all our Solaris boxes, to replace the existing (patched) 1.2.27 non-free version. (Our in-house patches to 1.2.27 include generation of kernel-level audit data for both IRIX and Solaris, and I want to port/contribute that code