search for: mordechai

I'm looking to move some Solaris 2.6 and 7 machines to openssh. Showstopper bug: openssh (up to 3.1p1) doesn't seem to correctly implement expired passwords. Looking back through the archive, it looks like Dave Dykstra submitted a patch for this problem relative to an older version of openssh at least as early as last August:

If I scp from/to a server that has a banner using scp -q, it still shows the banner. If I ssh -q to the same server, the banner is skipped. scp -o "LogLevel quiet" does the trick, but is excessively cumbersome. - Morty

We recently upgraded to openss 5.8p2 from a somewhat older version. This broke openssh login to ScreenOS devices. These devices don't support PTY allocation. Apparently, ssh now reacts to PTY allocation failure by failing the login. This is a change from the previous behavior. The simple workaround is ssh -T $device. I see in the ChangeLog that some device would hang with PTY allocation

Hi all, Is there a straightforward way to enable the none cipher for v1 and v2 in the server? Please include my email address in your reply, as I'm not subscribed to this list. Thanks! Mordy -- Mordy Ovits Network Engineer Bloomberg L.P.

First off, thanks for the --with-pam fix that lets users with expired passwords change their passwords. It's wonderful, and has finally allowed us to migrate to openssh after a couple of years. Problem: after openssh allows a user with an expired password to log in, said user does not have any X11 and agent forwardings that have been set up. This can be a support issue for naive users who

I'm trying to replace some sshv1 clients and servers in a modular way, and the "Server Lies" warning (when the server says the key has one more bit than it really has) is causing heartache. Per the FAQ, this is relatively benign. Here's a patch that allows an admin or user to disable the warning. - Morty diff -Nur openssh-3.7.1p2/readconf.c