Displaying 20 results from an estimated 81 matches for "parse_flags".
Did you mean:
parse_flag
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the
2000 Jan 13
2
sshd doesn't set SSH_AUTH_RHOSTS as supported authentication
Okay...I've got it narrowed down, just don't know why this is happening...
In sshd.c, auth_mask is set to "supported authentication methods":
/* Declare supported authentication types. */
auth_mask = 0;
if (options.rhosts_authentication)
auth_mask |= 1 << SSH_AUTH_RHOSTS;
if (options.rhosts_rsa_authentication)
2017 Jan 15
4
[Bug 2664] New: Boolean option parsing is excessively case-sensitive
https://bugzilla.mindrot.org/show_bug.cgi?id=2664
Bug ID: 2664
Summary: Boolean option parsing is excessively case-sensitive
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
URL: https://bugs.launchpad.net/bugs/1656557
OS: Linux
Status: NEW
Severity: enhancement
Priority:
2001 Mar 03
0
[PATCH] PrintLastLog option
Some time ago, Ben wrote about a PrintLastLog patch:
> If the person who originally submitted it wants to write a complete
> patch and submit it. Then we would be happy to debate if it will be
> included.
Well, here it is, because: "You Asked For It!"
PS: I'm tired of maintaining my own version of Debian's ssh just to
have this option available, so I hope you find
2001 Oct 26
2
Patch to add "warn" value to ForwardX11 and ForwardAgent
Because ForwardX11 and ForwardAgent are so useful but introduce risk when
used to a not well-secured server, I added a "warn" value to the ForwardX11
and ForwardAgent options which causes the ssh client to print a big warning
whenever the forwarding is actually used. I plan to make "ForwardX11=warn"
the default in my ssh_config distribution.
I'm not proposing that this
2002 Jan 23
1
Fix AFS and Kerberos interaction
Hello,
I going to use ssh with Kerberos V5 support along with support for AFS. I
don't want to use Kerberos V4 or AFS token passing. The only thing I need
from AFS is creating an AFS token (using appropriate function from krb5 API)
after user's authentication. It seems to me that such scenario is not much
supported by the current code. Rather it is assumed only Kerberos 4 will be
used
2002 Jul 25
3
[PATCH] prevent users from changing their environment
We have a system on which users are given a very restricted environment
(their shell is a menu) where they should not be able to run arbitrary
commands. However, because their shell is not statically linked, ld.so
provides a nice clutch of holes for them to exploit. The patch below
adds a new configuration option to sshd which quashes their attempts
to set LD_PRELOAD etc. using ~/.ssh/environment
2000 Aug 04
0
Combining RSA host authentication with another method
Precedence: bulk
Hi folks,
It seemed to me that it would be useful to be able to control access to
my server with the /etc/ssh_known_hosts file, using RSA authentication
of the remote host. But the protocol only allows RSA host authentication
in conjunction with rhosts, while I prefer RSA user authentication.
I've made a patch to the server which adds a new configuration option:
2003 Mar 02
0
[RFC][PATCH] Require S/KEY before other authentication methods.
I need a way to make sshd require S/KEY authentication to succeed before
allowing either password or public-key authentication.
Currently, we can only have S/KEY+password, by using PAM for
authentication, and configuring PAM accordingly. But PAM of course can't
handle SSH public keys.
I thought for a while that ideally we could actually use PAM to tell
sshd what methods of authentication to
2005 Jun 23
0
ControlPersist.
This is a better approach to persistent control masters than my previous
attempt. Instead of forking before we make the connection, do so only
when the original session has closed -- much like the code for '~&'
backgrounding already does.
My earlier patch for 'ControlPath none' still applies and is required, btw.
--- openssh/clientloop.c~ 2005-06-17 03:59:35.000000000 +0100
2001 Oct 09
1
TISviaPAM patch
Here is a patch that does TIS auth via PAM. It's controlled by a switch
in the sshd_config. You'd use it by having a PAM module that sets
PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs.
The patch is against the 2.9.9p2 distribution.
I'm not on the list, a reply if this patch is accepted would be great.
(But not required, I know some folks have a distaste for
2003 Nov 04
0
ServerLiesWarning
I'm trying to replace some sshv1 clients and servers in a modular way,
and the "Server Lies" warning (when the server says the key has one
more bit than it really has) is causing heartache. Per the FAQ, this
is relatively benign. Here's a patch that allows an admin or user to
disable the warning.
- Morty
diff -Nur openssh-3.7.1p2/readconf.c
2010 Mar 18
3
problem of adding a new option of sshd
Dear all,
I want to add a new option "newoption" to the sshd server, I have just add some codes in servconf.h and
servconf.c like the other options. But it seems that the "newoption" can not be enable,when i set
the "newoption" to "yes" in sshd_config file. I have add a debug message in main function of sshd.c
....
debug("main sshd
2006 Jan 08
3
Allow --without-privsep build.
I've been trying to cut down the size of openssh so I can run it on my
Nokia 770. One thing which helps a fair amount (and will help even more
when I get '-ffunction-sections -fdata-sections --gc-sections' working)
is to have the option of compiling out privilege separation...
Is it worth me tidying this up and trying to make it apply properly to
the OpenBSD version? Does the openbsd
2003 Mar 04
0
hashing known_hosts
Scenario:
I have access to a semi-public (about 30 users) server where I keep my
webpage. Occasionally, especially if I'm on the road. I use this as a
bounce point to get to "secured" systems which only allow ssh from
certian IP's. (Ignoring the discussion on spoofing, since we have host
keys)
But host keys are the problem. If anyone gets root on this hypothetical
2000 Dec 07
1
[PATCH] tis authserv support
Hi,
We at BalaBit IT Security Ltd developed a patch against openssh 2.3.0p1 to
support TIS authserv authentication. TIS authserv uses a simple protocol,
and supports CryptoCard, SKey, password etc. authentication.
The commercial versions of SSH support this protocol, OpenSSH implemented
SKey on its own using the protocol primitives originally invented for TIS
authentication.
Our patch is an
2001 Aug 24
2
[PATCH] SO_KEEPALIVE for port forwards
Attached is a patch to allow a user to turn on TCP keepalives for port
forwarded connections. It's mainly useful when the connections to the
ssh listener are coming from many different boxes, some of which
crash, leaving the service on the other side of the port forwarder
waiting on connections indefinitely.
It creates a new option named "KeepAliveForward" to control this
behavior.
2013 Mar 22
1
[PATCH] Allow matching HostName against Host entries
It would be useful to allow matching HostName entries against Host
entries. That's to say, I would find it very convenient to have an
ssh_config like:
Host zeus
HostName zeus.greek.gods
User hades
Host hera
HostName hera.greek.gods
# [ ... ]
Host *.greek.gods
User poseidon
UserKnownHostsFile ~/.ssh/known_hosts.d/athens
# [ Default settings for *.greek.gods ]
where I
2004 Apr 07
2
Requiring multiple auth mechanisms
I looked around for a while, but couldn't find any code for requiring multiple
authentication mechanisms in openssh. So I wrote an implemention.
I thought at first I should change the PasswordAuthentication,
PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some
funky stuff in auth2.c with respect to keyboard interactive auth that would make
this kind of