search for: num_auth_methods

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, I just came across a contradiction between the man page of AuthenticationMethods and the accepted methods list. According to the sshd_config manual page: """ AuthenticationMethods Specifies the authentication methods that must be successfully completed for a user to be granted access. This option must be followed by one

...feature working, we need to choose value for ANY (proposed "any"), use this value as default (enforced by fill_default_server_options) and make sure that it is handled everywhere in the code consistently. There are few design consideration, before posting a patch: * We can't use just num_auth_methods == 0, because this is considered as not-defined and it can't override previously definde authentication methods * We can use enforce num_auth_methods == 1 && strcmp(auth_methods[0], "any"), but it is not much elegant from my POV, but best I have got. * We can use num_auth_me...

I was wondering what everyone's thoughts were on a simpler way to exclude addresses from having listeners on them. I know a lot of people have multiple subnets, especially larger corporations. Some networks are non-route-able, and therefor unsuitable for use with SSH, aside from communication between other servers on the same subnet. Given that we may want to exclude those non-route-able

...ntu0.11, OpenSSL 1.1.1f 31 Mar 2020 I think I have narrowed it down to the code change in commit a10f929d1, between 8.6 and 8.7: servconf.c:process_server_config_line_depth(...) case sAuthenticationMethods: ... The code, before and after this change, rejects "any" if options->num_auth_methods>0. The working code ensures this to be 0 at the start of the loop with a surrounding if, so this does not trigger. The changed code misses the surrounding if. It may be that the old code resets the num_auth_count before processing the config line and the new code does not. But this seems to...

Dear OpenSSH Developers, I would like to propose a patch to OpenSSH for Linux. In the recent few months, I have encountered a scenario where a PAM module used for authentication in SSH should be informed about the previous successful authentication methods. I described the complete scenario here:

...int(sListenViaSCTP, o->listen_via_sctp); +#endif /* formatted integer arguments */ dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); diff --git a/servconf.h b/servconf.h index 752d1c5..77bb49e 100644 --- a/servconf.h +++ b/servconf.h @@ -183,6 +183,8 @@ typedef struct { u_int num_auth_methods; char *auth_methods[MAX_AUTH_METHODS]; + + int listen_via_sctp; } ServerOptions; /* Information about the incoming connection as used by Match */ diff --git a/ssh.c b/ssh.c index add760c..c2f663c 100644 --- a/ssh.c +++ b/ssh.c @@ -196,7 +196,7 @@ static void usage(void) { fprin...

I hacked zstd support into OpenSSH a while ago and just started to clean it up in the recent days. The cleanup includes configuration support among other things that I did not have. During testing I noticed the following differences compared to zlib: - highly interactive shell output (as in refreshed at a _very_ high rate) may result in higher bandwidth compared to zlib. Since zstd is quicker

I added ZSTD support to OpenSSH roughly over a year and I've been playing with it ever since. The nice part is that ZSTD achieves reasonable compression (like zlib) but consumes little CPU so it is unlikely that compression becomes the bottle neck of a transfer. The compression overhead (CPU) is negligible even when uncompressed data is tunneled over the SSH connection (SOCKS proxy, port