search for: max_deny_group

...changed "servconf.h" file by this type: ???#define MAX_ALLOW_USERS ????????10000 ????/* Max # users on allow list. */ ???#define MAX_DENY_USERS ???????????10000 ????/* Max # users on deny list. */ ???#define MAX_ALLOW_GROUPS ?????10000 ????/* Max # groups on allow list. */ ???#define MAX_DENY_GROUPS ????????10000 ????/* Max # groups on deny list. */ and configured with this additional options: # ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ipv4-default --with-pam --without-4in6 --without-zlib-version-check # make # make install. After compiling and restarting service ssh (# servic...

...type: > #define MAX_ALLOW_USERS 10000 /* Max # users on allow list. */ > #define MAX_DENY_USERS 10000 /* Max # users on deny list. */ > #define MAX_ALLOW_GROUPS 10000 /* Max # groups on allow list. */ > #define MAX_DENY_GROUPS 10000 /* Max # groups on deny list. */ > > and configured with this additional options: > # ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ipv4-default --with-pam --without-4in6 --without-zlib-version-check > # make > # make install. >...

...ey allow groups.", + filename, linenum); + options->pkey_allow_groups[options->num_pkey_allow_groups++] = xstrdup(arg); + } + break; + + case sPubkeyDenyGroups: + while ((arg = strdelim(&cp)) && *arg != '\0') { + if (options->num_pkey_deny_groups >= MAX_DENY_GROUPS) + fatal("%s line %d: too many public key deny groups.", + filename, linenum); + options->pkey_deny_groups[options->num_pkey_deny_groups++] = xstrdup(arg); } break; Index: servconf.h =================================================================== RCS file: /c...

...:26 2002 @@ -20,6 +20,7 @@ #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ #define MAX_DENY_USERS 256 /* Max # users on deny list. */ +#define MAX_CHROOT_USERS 256 /* Max # users on chroot list. */ #define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */ #define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */ #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ @@ -104,6 +105,8 @@ char *allow_users[MAX_ALLOW_USERS]; u_int num_deny_users; char *deny_users[MAX_DENY_USERS]; + u_int num_chroot_users; + char *chroot_users[MAX_CHROOT_USERS]; u_i...

...derr, "%s line %d: Missing handler for opcode %s (%d)\n", --- openssh-1.2pre13/servconf.h.orig Fri Nov 19 23:31:16 1999 +++ openssh-1.2pre13/servconf.h Fri Nov 19 23:32:08 1999 @@ -70,6 +70,7 @@ char *allow_groups[MAX_ALLOW_GROUPS]; unsigned int num_deny_groups; char *deny_groups[MAX_DENY_GROUPS]; + int max_connections; /* Maximum number of simultaneous connections. */ } ServerOptions; /* Initializes the server options to special values that indicate that they --- openssh-1.2pre13/sshd.c.orig Fri Nov 19 21:00:51 1999 +++ openssh-1.2pre13/sshd.c Sat Nov 20 00:01:48 1999 @@ -11...

...eInterval: Index: servconf.h =================================================================== RCS file: /cvs/openssh/servconf.h,v retrieving revision 1.42 diff -u -r1.42 servconf.h --- servconf.h 21 Dec 2001 03:45:49 -0000 1.42 +++ servconf.h 23 Jan 2002 11:11:29 -0000 @@ -24,6 +24,7 @@ #define MAX_DENY_GROUPS 256 /* Max # groups on deny list. */ #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ #define MAX_HOSTKEYS 256 /* Max # hostkeys. */ +#define MAX_AUTHKEYFILES 256 /* Max # authorized_keys statements */ /* permit_root_login */ #define PERMIT_NOT_SET -1 @@ -126,8 +127,12 @@ *...

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

...s_fixedname[MAX_ALLOW_USERS]; + u_int num_allow_users_ipaddr; + char *allow_users_ipaddr[MAX_ALLOW_USERS]; u_int num_deny_users; char *deny_users[MAX_DENY_USERS]; u_int num_allow_groups; char *allow_groups[MAX_ALLOW_GROUPS]; u_int num_deny_groups; char *deny_groups[MAX_DENY_GROUPS]; u_int num_subsystems; diff -r -U 8 openssh-3.9p1.orig/sshd.8 openssh-3.9p1.jpmg/sshd.8 --- openssh-3.9p1.orig/sshd.8 2004-05-02 13:15:08.000000000 +0100 +++ openssh-3.9p1.jpmg/sshd.8 2005-01-20 10:11:24.697069880 +0000 @@ -330,16 +330,18 @@ .Cm RhostsRSAAuthentication , .Cm HostbasedAuthen...

...Sat Jan 26 17:47:25 2002 @@ -34,6 +34,12 @@ typedef struct { + char *name; + int nodelay; + char *command; +} Subsystem; + +typedef struct { u_int num_ports; u_int ports_from_cmdline; u_short ports[MAX_PORTS]; /* Port number to listen on. */ @@ -108,8 +114,7 @@ char *deny_groups[MAX_DENY_GROUPS]; u_int num_subsystems; - char *subsystem_name[MAX_SUBSYSTEMS]; - char *subsystem_command[MAX_SUBSYSTEMS]; + Subsystem subsystem[MAX_SUBSYSTEMS]; int max_startups_begin; int max_startups_rate; @@ -129,6 +134,7 @@ char *authorized_keys_file; /* File containing public keys */ cha...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the