search for: parse_filename

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

...key_files; > if (*intptr >= MAX_HOSTKEYS) > fatal("%s line %d: too many keys (max %d).", > filename, linenum, MAX_HOSTKEYS); > charptr = &options->host_key_files[*intptr]; > goto parse_filename; > > case sEngineConfigFile: > /* default set in fill_default_server_options */ > charptr = &options->engconffile; > goto parse_filename; > > case sEngineConfigStanza: > /* default set in fill_default...

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

...ding", sAllowTcpForwarding }, *************** *** 583,588 **** --- 585,594 ---- case sUseLogin: intptr = &options->use_login; goto parse_flag; + + case sSysEnvFile: + charptr = &options->sys_environment_file; + goto parse_filename; case sGatewayPorts: intptr = &options->gateway_ports; diff -r -c openssh-2.5.1p1/servconf.h openssh-2.5.1p1-1/servconf.h *** openssh-2.5.1p1/servconf.h Wed Feb 14 19:08:27 2001 --- openssh-2.5.1p1-1/servconf.h Thu Mar 1 15:46:40 2001 *************** *** 93,98 **** --- 93,99 ---...

Would anybody happen to have or know of a patch to make /etc/default/login PATH and SUPATH the default openssh path? We have customized paths for each school of engineering (each have their own customized site bin). This is easily controled with /etc/default/login. The --with-default-path option is too rigid. This is Solaris I am talking about. --mike

...rmittcpconnect", sPermitTcpConnect }, + { "permittcplisten", sPermitTcpListen }, { "allowusers", sAllowUsers }, { "denyusers", sDenyUsers }, { "allowgroups", sAllowGroups }, @@ -705,6 +720,30 @@ charptr = &options->xauth_location; goto parse_filename; + case sRestrictedShell: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing restrictions.", + filename, linenum); + options->restrictions = 0; + while ((p = strsep(&arg, ",")) != NULL) { + if (strcasecmp(p, "a...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...tion }, + { "xauthorityintmp", sXAuthorityInTmp }, { "strictmodes", sStrictModes }, { "permitemptypasswords", sEmptyPasswd }, { "uselogin", sUseLogin }, @@ -669,6 +671,10 @@ case sXAuthLocation: charptr = &options->xauth_location; goto parse_filename; + + case sXAuthorityInTmp: + intptr = &options->xauthority_in_tmp; + goto parse_flag; case sStrictModes: intptr = &options->strict_modes; diff -r --unified openssh-3.0.2p1.orig/servconf.h openssh-3.0.2p1/servconf.h --- openssh-3.0.2p1.orig/servconf.h Thu Sep 13 02:40:06...

...num_authorized_keys_files; + if (*intptr >= MAX_AUTHKEYFILES) + fatal("%s line %d: too many authorized keys " + "files specified (max %d).", + filename, linenum, MAX_AUTHKEYFILES); + + charptr = &options->authorized_keys_files[*intptr]; goto parse_filename; case sClientAliveInterval: Index: servconf.h =================================================================== RCS file: /cvs/openssh/servconf.h,v retrieving revision 1.42 diff -u -r1.42 servconf.h --- servconf.h 21 Dec 2001 03:45:49 -0000 1.42 +++ servconf.h 23 Jan 2002 11:11:29 -0000 @@ -2...

...e }, { "keepalive", sKeepAlives }, { "allowusers", sAllowUsers }, { "denyusers", sDenyUsers }, @@ -406,6 +410,10 @@ arg = strdelim(&cp); break; + case sPrngCommandFile: + charptr = &ssh_prng_command_file; /* globally def in ssh.h */ + goto parse_filename; + case sPermitRootLogin: intptr = &options->permit_root_login; arg = strdelim(&cp); diff -ur openssh-SNAP-20000823.orig/ssh.1 openssh-SNAP-20000823.new/ssh.1 --- openssh-SNAP-20000823.orig/ssh.1 Fri Aug 18 05:59:06 2000 +++ openssh-SNAP-20000823.new/ssh.1 Fri Aug 25 14:43:...

...cation }, + { "portforwarding", sPortForwarding }, { "strictmodes", sStrictModes }, { "permitemptypasswords", sEmptyPasswd }, { "uselogin", sUseLogin }, @@ -518,7 +522,11 @@ case sXAuthLocation: charptr = &options->xauth_location; goto parse_filename; - + + case sPortForwarding: + intptr = &options->port_forwarding; + goto parse_flag; + case sStrictModes: intptr = &options->strict_modes; goto parse_flag; diff -u -r openssh-2.1.1p4/servconf.h openssh-2.1.1p4-jhchanges/servconf.h --- openssh-2.1.1p4/servconf.h Tue...

...ot;, sStrictModes, SSHCFG_GLOBAL }, { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, @@ -1075,6 +1079,10 @@ process_server_config_line(ServerOptions charptr = &options->xauth_location; goto parse_filename; + case sNoPty: + intptr = &options->no_pty; + goto parse_flag; + case sStrictModes: intptr = &options->strict_modes; goto parse_flag; @@ -1657,6 +1665,7 @@ copy_set_server_options(ServerOptions *d M_CP_INTOPT(x11_display_offset); M_CP_INTOPT(x11_forwarding); M_CP_IN...

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

Hi, sifting through my system's logs, I noticed many break-in attempts by rogue ssh clients trying long lists of common passwords. For some time now I pondered different approaches to counter these, but could not come up with a solution that really satisfied me. I finally reached the conclusion that any countermeasures required support in sshd itself, and created the attached patch. If

...File2 }, { "useprivilegeseparation", sUsePrivilegeSeparation}, + { "logfile", sLogFile}, { NULL, sBadOption } }; @@ -909,6 +912,10 @@ intptr = &options->client_alive_count_max; goto parse_int; + case sLogFile: + charptr = &options->log_file; + goto parse_filename; + case sDeprecated: log("%s line %d: Deprecated option %s", filename, linenum, arg); diff -urN openssh-3.5p1-orig/servconf.h openssh-3.5p1/servconf.h --- openssh-3.5p1-orig/servconf.h 2002-12-18 10:10:13.000000000 -0500 +++ openssh-3.5p1/servconf.h 2002-12-18 10:18:01.0000000...

...CFG_GLOBAL }, { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */ #ifdef KRB5 @@ -738,6 +746,10 @@ } break; + case sCAKeyFile: + charptr = &options->ca_key_file; + goto parse_filename; + case sPidFile: charptr = &options->pid_file; goto parse_filename; @@ -803,6 +815,10 @@ case sRSAAuthentication: intptr = &options->rsa_authentication; + goto parse_flag; + + case sCertkeyAuthentication: + intptr = &options->certkey_authentication; goto pa...

...cation }, + { "portforwarding", sPortForwarding }, { "strictmodes", sStrictModes }, { "permitemptypasswords", sEmptyPasswd }, { "uselogin", sUseLogin }, @@ -518,7 +525,11 @@ case sXAuthLocation: charptr = &options->xauth_location; goto parse_filename; - + + case sPortForwarding: + intptr = &allow_port_forwarding; + goto parse_flag; + case sStrictModes: intptr = &options->strict_modes; goto parse_flag; diff -u -r openssh-2.1.1p4/serverloop.c openssh-2.1.1p4-jhchanges/serverloop.c --- openssh-2.1.1p4/serverloop.c Tue...