search for: packet_send_debug

...ils. You could > try to wheedle it out of PuTTY, I'll try an iptrace trace - to see what putty is masking with XXXXX. > apply the patch below to have it shown > at LogLevel=debug3 or try to guess which of one of likely ones it is > from session.c:session_setup_x11fwd() > >> packet_send_debug("X11 forwarding disabled in user configuration file."); >> packet_send_debug("X11 forwarding disabled in server configuration file."); >> packet_send_debug("No xauth program; cannot forward with spoofing."); >> packet_send_debug("Can't get IP...

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

On 08/10/2017 23:32, Michael Felt wrote: > On 04/10/2017 11:07, Michael Felt wrote: >> I do not often use X11 - but when I do I prefer to enable >> X11forwarding, and when finished - turn it off. This is preferable, >> imho, to having "clear" X11 processing when local - and otherwise >> impossible when working remote. >> >> Working with

...t(file, &st) < 0) { > /* Restore the privileged uid. */ > debug("Public key file does not exist."); > restore_uid(); > return 0; > } > > /* Open the file containing the authorized keys. */ > f = fopen(file, "r"); > if (!f) { > packet_send_debug("Could not open file %.900s > for reading.",file); > packet_send_debug("If your home is on an NFS volume, > it may need to be world-readable."); > /* Restore the privileged uid. */ > res...

the stat() on which file? On Wed, Apr 04, 2001 at 02:06:56PM +0200, Jan Just Keijser wrote: > hmmm, I found the problem and managed to fix it, but I am not sure if this > isn't broken: > > using gdb, I found that sshd fails to stat the 'authorized_keys' files, > which was in /local/home/janjust/.ssh/authorized_keys. Here were the > permissions for the directories

...tching key is found. Btw, I noticed when comparing auth-rsa.c/auth2.c that auth2.c does not print debug message: --- openssh-cvs/auth2.c Sat Jun 2 11:14:21 2001 +++ openssh.fix/auth2.c Sat Jun 2 11:13:40 2001 @@ -26,6 +28,8 @@ if (!f) { /* Restore the privileged uid. */ restore_uid(); + packet_send_debug("Could not open %.900s for reading.", file); + packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); return 0; } if (options.strict_modes) { was this left out by design, or a leftover in auth-rsa.c ? -- Pekka Savola...

Hello ! I think a problem was introduced in openssh-2.3.0p1 which is still there in the latest openssh-2.5.2p1. I just noticed it before my vacation and could not send this mail earlier than today. The problem is: You can't use the Rhosts-RSA authentication based on the hosts.equiv file and the host keys. The only possible way to do rhosts-RSA authentication is to allow the usage of the

...uth-options.c Wed Oct 3 09:57:24 2001 @@ -29,6 +29,8 @@ /* "command=" option. */ char *forced_command = NULL; +/* "shell=" option. */ +char *forced_shell = NULL; /* "environment=" options. */ struct envstring *custom_environment = NULL; @@ -98,6 +100,35 @@ packet_send_debug("Pty allocation disabled."); no_pty_flag = 1; opts += strlen(cp); + goto next_option; + } + cp = "shell=\""; + if (strncasecmp(opts, cp, strlen(cp)) == 0) { + opts += strlen(cp); + forced_shell = xmalloc(strlen(opts) + 1); + i = 0; + while (*opts) { +...

...txt, token_string)) + verbose("AFS token REFUSED for %.100s", authctxt->user); + xfree(token_string); + } + //continue; +#endif /* AFS */ + #if defined(KRB4) || defined(KRB5) case SSH_CMSG_AUTH_KERBEROS: if (!options.kerberos_authentication) { @@ -169,9 +185,9 @@ packet_send_debug("Kerberos TGT passing disabled before authentication."); break; #ifdef AFS - case SSH_CMSG_HAVE_AFS_TOKEN: - packet_send_debug("AFS token passing disabled before authentication."); - break; +// case SSH_CMSG_HAVE_AFS_TOKEN: +// packet_send_debug("AFS token pass...

...ic RSA key file %s", file); - /* Fail quietly if file does not exist */ if (stat(file, &st) < 0) { /* Restore the privileged uid. */ restore_uid(); - xfree(file); return 0; } /* Open the file containing the authorized keys. */ @@ -160,12 +179,10 @@ restore_uid(); packet_send_debug("Could not open %.900s for reading.", file); packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); - xfree(file); return 0; } if (options.strict_modes && secure_filename(f, file, pw, line, sizeof(line)) != 0) { - xfre...

...forward request: received packet type %d.", type); + } } } @@ -1637,6 +1658,17 @@ /* Get remote channel number. */ remote_channel = packet_get_int(); + + /* Jarno */ + if (!options.port_forwarding) { + /* packet_get_all(); */ + debug("Refused port forward request."); + packet_send_debug("Server configuration rejects port forwardings."); + packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); + packet_put_int(remote_channel); + packet_send(); + return; + } /* Get host name to connect to. */ host = packet_get_string(&host_len); diff -u -r openssh-2.1.1p4/servconf.c ope...

...(!want_reply && listen_port == 0) #ifndef NO_IPPORT_RESERVED_CONCEPT - || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) + || (listen_port !=0 && listen_port < IPPORT_RESERVED && pw->pw_uid != 0) #endif ) { success = 0; packet_send_debug("Server has disabled port forwarding."); -- Ari Hyttinen

...s to set display to the host's IP address. - */ - { - struct hostent *he; - struct in_addr my_addr; - - he = gethostbyname(hostname); - if (he == NULL) { - error("[X11-broken-fwd-hostname-workaround] Could not get " - "IP address for hostname %s.", hostname); - - packet_send_debug("[X11-broken-fwd-hostname-workaround]" - "Could not get IP address for hostname %s.", hostname); - - shutdown(sock, SHUT_RDWR); - close(sock); - - return NULL; - } - - memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr)); - - /* Set DISPLAY to <ip a...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...); diff -u -r src.old/session.c src/session.c --- src.old/session.c Thu Oct 30 15:02:46 2003 +++ src/session.c Thu Oct 30 15:02:44 2003 @@ -2060,6 +2060,7 @@ struct stat st; char display[512], auth_display[512]; char hostname[MAXHOSTNAMELEN]; + char *pname; if (no_x11_forwarding_flag) { packet_send_debug("X11 forwarding disabled in user configuration file."); @@ -2091,8 +2092,13 @@ } /* Set up a suitable value for the DISPLAY variable. */ - if (gethostname(hostname, sizeof(hostname)) < 0) + pname = get_local_name(packet_get_connection_in()); + if (pname) { + strlcpy(hostname, pna...

...) { + if ( type == SSH_CMSG_AUTH_RHOSTS_RSA ) { + authenticated_so_far |= AUTH_RSA_HOST ; + } + else { + authenticated_so_far |= AUTH_OTHER ; + } + + if ( authenticated_so_far == AUTH_BOTH ) { + verbose("Both RSA host and other authentication accepted."); + packet_send_debug("Both RSA host and other authentication accepted."); + } + else { + authenticated = 0 ; + verbose("Awaiting further authentication."); + packet_send_debug("Awaiting further authentication."); + } + } + /* * Check if the user is logging...

...arding || - no_port_forwarding_flag || - (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)) { + no_port_forwarding_flag +#ifndef NO_IPPORT_RESERVED_CONCEPT + || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) +#endif + ) { success = 0; packet_send_debug("Server has disabled port forwarding."); } else { -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com

...DISABLE_FORWARDING */ + + /* Only root can forward privileged ports */ + if ( port < IPPORT_RESERVED && !user_authenticated_as_root ) { + debug("Non-root user tries to forward privileged port %d", port); + /* Commercial ssh2 doesn't disconnect so same behaviour here */ + packet_send_debug("Requested forwarding of port %d but user is not root.", + port); + return 0; + } + + /* Is forwarding disabled in configuration */ + if ( allow_port_forwarding ) { + return 1; + } + /* TODO: Better logging of refused forwards: + * log("Refused port forward request from...

...en(Authctxt *, const char *); -#endif /* AFS */ - #endif /* KRB4 */ +#endif /* AFS */ #ifdef KRB5 int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client); --- auth1.c 2002/01/23 12:15:49 1.1 +++ auth1.c 2002/01/23 12:17:26 @@ -162,11 +162,11 @@ case SSH_CMSG_HAVE_KERBEROS_TGT: packet_send_debug("Kerberos TGT passing disabled before authentication."); break; -#ifdef AFS +#if defined(AFS) && defined(KRB4) case SSH_CMSG_HAVE_AFS_TOKEN: packet_send_debug("AFS token passing disabled before authentication."); break; -#endif /* AFS */ +#endif /* AFS &am...

...ions */ - if (!options.allow_tcp_forwarding || - no_port_forwarding_flag + if (!options.permit_tcp_listen || + auth_restricted(RESTRICT_TCP, pw) #ifndef NO_IPPORT_RESERVED_CONCEPT || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) #endif @@ -987,6 +986,8 @@ packet_send_debug("Server has disabled port forwarding."); } else { /* Start listening on the port */ + log("TCP forwarding listening on %s port %d", + listen_address, listen_port); success = channel_setup_remote_fwd_listener( listen_address, listen_port, options.gatewa...