search for: nently

First, all credit to Vladimir Parkhaev as this is his code. He may have submitted this before for all I know, but I for one definitely would like to see this end up in the codebase, so I'm submitting it. *** openssh-5.1p1/serverloop.c Fri Jul 4 09:10:49 2008 --- openssh-5.1p1-RCFHACKS/serverloop.c Thu Jan 29 08:56:11 2009 *************** *** 957,962 **** --- 957,968 ---- c =

I would like to suggest a logging enhancement that would contribute greatly to access auditing. Currently nothing is logged when a user connects to another server as a different user. The auditing trail is broken for tracing access. userA> ssh userB at hostB A simple syslog addition (for example) to ssh.c closes that gap. /* Log into the remote system. This never

Hi, After FreeBSD changed from using -O2 to using -O on their ARM port, I found that sshd stopped working. (gcc version 4.2.1 20070719 [FreeBSD]) I have downloaded openssh-SNAP-20080220.tar.gz and the code still look the same. Anyway looking into it, I found that the problem is in monitor_fdpass.c in the functions mm_send_fd and mm_receive_fd. Using -O2 used to align the tmp array on a 4 byte

Hi, I had developed a program which spawns a shell where i am trying to use ssh commands to log into a linux server. There is a pop up dialog window which is prompting me for key-ing the password. Actually i want to get rid of this pop up dialog box, as i don't want this to be visible in my program/code execution. Could you please let me know is there any way to resolve and stop this

How difficult would it be to enhance the client ssh_config file to allow command-based declarations similar to that provided by the "Host" keyword? The main reason I need something like this is when ssh is used via CVS and Subversion. I want all CVS/Subversion traffic to use a different SSH port and different authentication options. So... you might have an ssh_config file that

...ID: C6F31FFA >>>>>> http://www.pobox.com/~jmknoble/keys/ ) (GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA) +----------------------------------------------------------------------+ |[L]iberty, as we all know, cannot flourish in a country that is perma-| | nently on a war footing, or even a near-war footing. --Aldous Huxley| +----------------------------------------------------------------------+

Greetings, This request is in the grey area between a bug report and an enhancement request. Request ------- Please apply the following diff (or something functionally similar) to file ``match.c'' in OpenSSH-5.1p1: 161a162,164 > } else { > if (negated) > got_positive = 1; /* Negative match, negated = Positive */ In case the lines above wrapped in the email

Dear all, I have enhanced scp to do the following. 1) Check the SHA1 checksums of the file fragments at the source and destination and resume file transfer from where it left off last time 2) If the file checksums match and size also matches, then the file is assumed to be identical and skipped, the user is also informed of the same 3) If the destination file size is larger than the source,

Hello, I'm running a sshd server using the -e flag so that I can capture its whole output and later send it to the user. I'm also setting LogLevel to DEBUG1 in the configuration file and I don't want to disturb syslogd. But the problem is that it doesn't work as expected (or as I expect, which I think should be the correct behavior). The log file ends up being empty because the

Please consider adding the following features to sshd: 1. AlwaysDenyLogin - a setting that will result in always denying login regardless of the credentials given by the client. 2. LoginDelayTime - to specify a delay in milliseconds before the server responds to a client's login attempt. These would help to employ brute force bots. Regards

Is there a risk associated with having authorized_keys files set to readable but "StrictMode no"? I am thinking particularly in the case of having public keys all centralized in a directory in /etc or something. Is it really a potential hack vector if someone can read a public key, or is the only real danger if they were writable? --- Don Hoover dxh at yahoo.com

I need ssh-add to fail cleanly if it tries and fails to read a key, rather than prompting the user. I can't seem to figure out how to do that. This is on a Linux 2.6.26 system, running OpenSSH 5.1p1 (as built on debian lenny/sid) First, the things i've tried: * i've unset the DISPLAY and SSH_ASKPASS environment variables, so no X11-style prompting should happen. * i've

all, I've been looking into a secure way of accessing a remote loopback encrypted partition securely via openssh. The basic idea I have currently is that a file/partition is connected to /dev/loop0 on a remote server, which I have an ssh connection to. I hold the key (for cryptsetup via dm_crypt) on the local client. I'd like to mirror the loop device of the server on the client.

OpenSSH Unix Dev, Mac OS X 10.5 recently shipped with OpenSSH 4.5p1. This build includes a number of patches, some general bug fixes and some platform- specific fixes and enhancements. These patches are available from our open source site (http://www.opensource.apple.com/darwinsource/10.5/OpenSSH-87/ ). Following is a brief description of each patch. We'd be more than happy to

Hi, I configured openssh 5.1p1 for sftp server. Here the specifications in sshd_config file: Subsystem sftp internal-sftp Match Group sftp ForceCommand internal-sftp ChrootDirectory /home/%u AllowTcpForwarding no When a user is logged in, he can't upload his document and he receives this message: carlo at Music:~$ sftp user at 213.217.147.123 Connecting to

OpenSSH Security Advisory: cbc.adv Regarding the "Plaintext Recovery Attack Against SSH" reported as CPNI-957037[1]: The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary

I'd like to propose a couple of tweaks to ssh-copy-id: o Change the default ID_FILE from identity.pub to id_dsa.pub or perhaps {id_dsa,id_rsa,identity}.pub to cover all the bases, although the patch below deals only with id_dsa.pub - it would need some more tweaking to deal with more than one (possibly non-existent) file. o If the destination authorized_keys file already contains the

Is it possible to move a server's public and private keys from one host to another? Or perhaps a better way to ask what I really want... is it possible to configure a server on a new host to return the same public key it did on the old host? I'm in the process of migrating our CVS server from a Solaris host to a Linux host (this weekend) and I just realized the hostkey is going to

Somebody please forward this, if this is not an appropiate place to ask the OpenSSH developers for a new feature. As many of us have seen, any sshd left open on the internet eventually becomes the target of password guessing attacks. I am aware of tools for scanning the security logs, and manipulating iptables to block ongoing attacks, but I am not aware of a way to configure sshd itself to