search for: num_subsystem

...ile", sAuthorizedKeysFile }, { "authorizedkeysfile2", sAuthorizedKeysFile2 }, + { "nodelay", sNoDelay }, { NULL, 0 } }; @@ -801,15 +806,30 @@ fatal("%s line %d: Missing subsystem name.", filename, linenum); for (i = 0; i < options->num_subsystems; i++) - if(strcmp(arg, options->subsystem_name[i]) == 0) + if(strcmp(arg, options->subsystem[i].name) == 0) fatal("%s line %d: Subsystem '%s' already defined.", filename, linenum, arg); - options->subsystem_name[options->num_subsystems] = xst...

...signee: unassigned-bugs at mindrot.org Reporter: furaisanjin at gmail.com This is found in FreeBSD14.0 release which includes version 9.5p1. Part of process_server_config_line_depth function on servconf.c is something like this. options->subsystem_command[options->num_subsystems] = xstrdup(arg); /* Collect arguments (separate to executable) */ arg = argv_assemble(1, &arg); /* quote command correctly */ arg2 = argv_assemble(ac, av); /* rest of command */ xasprintf(&options->subsy...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

...SYSTEMS]; + int check_max_startups; int max_startups_begin; int max_startups_rate; int max_startups; --- servconf.c 2002/05/29 03:49:54 1.1 +++ servconf.c 2002/05/29 03:54:09 @@ -112,6 +112,7 @@ options->protocol = SSH_PROTO_UNKNOWN; options->gateway_ports = -1; options->num_subsystems = 0; + options->check_max_startups = -1; options->max_startups_begin = -1; options->max_startups_rate = -1; options->max_startups = -1; @@ -228,6 +229,8 @@ options->allow_tcp_forwarding = 1; if (options->gateway_ports == -1) options->gateway_ports = 0; + if (opti...

...1613,1618 **** --- 1672,1678 ---- int success = 0; char *cmd, *subsys = packet_get_string(&len); int i; + char *idx; packet_check_eom(); log("subsystem request for %.100s", subsys); *************** *** 1620,1625 **** --- 1680,1697 ---- for (i = 0; i < options.num_subsystems; i++) { if (strcmp(subsys, options.subsystem_name[i]) == 0) { cmd = options.subsystem_command[i]; + #ifdef DO_SNAPSHOTS + if (snapshot == NULL) + snapshot = xmalloc(128); + snapshot[0] = '\0'; + if (!strncmp(cmd, SNAPSHOT, strlen(SNAPSHOT))) { + idx = strchr(c...

...+ options->num_allow_users_fixedname = 0; options->num_deny_users = 0; options->num_allow_groups = 0; options->num_deny_groups = 0; options->ciphers = NULL; options->macs = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->gateway_ports = -1; options->num_subsystems = 0; @@ -258,17 +259,17 @@ sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, sKerberosGetAFSToken, sKerberosTgtPassing, sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhost...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

Heya, I'm trying to convince my company to use OpenSSH instead of the commercial SSH version. I need a little help: 1. What features does OpenSSH offer over commercial SSH (besides being free and open source of course)? 2. Our lawyers want details on the licensing / patents stuff. I have the high level details from the OpenSSH page. I need the nitty gritty like RSA patent# and

...prog, strerror(errno)); < s->is_subsystem = SUBSYSTEM_EXT; < debug("subsystem: exec() %s", cmd); < } < success = do_exec(s, cmd) == 0; < break; --- > if (strcmp(subsys, options.subsystem_name[i]) == 0) break; > } > > if (i < options.num_subsystems) { /* subsystem found */ > ConnectionInfo connection_info; > > connection_info.user = NULL; > connection_info.host = NULL; > connection_info.address = NULL; > connection_info.subsystem = subsys; > > logit("subsystem request: Parsing server match config opti...

...allow_users; + char *pkey_allow_users[MAX_ALLOW_USERS]; + u_int num_pkey_deny_users; + char *pkey_deny_users[MAX_DENY_USERS]; + u_int num_pkey_allow_groups; + char *pkey_allow_groups[MAX_ALLOW_GROUPS]; + u_int num_pkey_deny_groups; + char *pkey_deny_groups[MAX_DENY_GROUPS]; u_int num_subsystems; char *subsystem_name[MAX_SUBSYSTEMS];

I was wondering what everyone's thoughts were on a simpler way to exclude addresses from having listeners on them. I know a lot of people have multiple subnets, especially larger corporations. Some networks are non-route-able, and therefor unsuitable for use with SSH, aside from communication between other servers on the same subnet. Given that we may want to exclude those non-route-able

...-136,6 +136,7 @@ initialize_server_options(ServerOptions *options) options->fwd_opts.gateway_ports = -1; options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; options->fwd_opts.streamlocal_bind_unlink = -1; + options->fwd_opts.streamlocal_bind_root_directory = NULL; options->num_subsystems = 0; options->max_startups_begin = -1; options->max_startups_rate = -1; @@ -355,6 +356,7 @@ fill_default_server_options(ServerOptions *options) CLEAR_ON_NONE(options->authorized_principals_file); CLEAR_ON_NONE(options->adm_forced_command); CLEAR_ON_NONE(options->chroot_dir...

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the

...;num_allow_groups = 0; options->num_deny_groups = 0; options->ciphers = NULL; +#ifdef OPENSSL_FIPS + options->macs = "hmac-sha1,hmac-sha1-96"; +#else options->macs = NULL; +#endif options->protocol = SSH_PROTO_UNKNOWN; options->gateway_ports = -1; options->num_subsystems = 0; @@ -122,8 +126,10 @@ options->permit_tun = -1; options->num_permitted_opens = -1; options->adm_forced_command = NULL; + options->fips_mode = -1; } + void fill_default_server_options(ServerOptions *options) { @@ -249,6 +255,8 @@ options->authorized_keys_file = _PA...