search for: pechanec

...on: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Solaris Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: Jan.Pechanec at Sun.COM Created an attachment (id=1447) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1447) fix for the bug reported sshd permits 2 more auth failures then it should have according to MaxAuthTries. See example: sshd -o MaxAuthTries=4 .... and the output shows that there were 5 fail...

...ication: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: Jan.Pechanec at Sun.COM Created an attachment (id=1366) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1366) fix for the bug if anything goes wrong and Fwd was filled then listen_host/connect_host are not freed. patch attached. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=e...

...ication: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: Jan.Pechanec at Sun.COM there are 2 issues for hostname len check in parse_forward() (a) the len is checked against NI_MAXHOST while it should be checked against (SSH_CHANNEL_PATH_LEN - 1). (b) the check should be also performed against listen_host when in remote fwd mode; otherwise hostname of any length i...

...ication: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: Jan.Pechanec at Sun.COM Created an attachment (id=1380) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1380) patch against 4.7p1 RekeyLimit option allows to set the limit up to 2^31 bytes only since it's a signed integer. However, the default value for rekeying limit is 2^32 since AES's block...

...hibited to non-root users when it is not. I can file a bug in bugzilla and send a patch if you agree that it should be fixed. If this behaviour should be preserved, I suggest to update the man page, it should read "The file must be world-readable" in that case. cheers, J. -- Jan Pechanec http://blogs.sun.com/janp

...candidate. since we try to avoid divergence with upstream (= OpenSSH) if possible I would like to ask, in case you would be interested in adding such functionality to OpenSSH in which case I can provide a patch then, whether this would be an acceptible syntax for both. thanks, Jan. -- Jan Pechanec Sun Microsystems

...0 0 1500 0 axxem.hide:~# ping6 fe80:0006::02d0:baff:fef4:0e80 PING6(56=40+8+8 bytes) fe80::290:27ff:fe78:9275%tun0 --> fe80:6::2d0:baff:fef4:e80 16 bytes from fe80::2d0:baff:fef4:e80%tun0, icmp_seq=0 hlim=64 time=49.115 ms ^C any help? Thanks in advance, Jan. -- Jan Pechanec <jp_at_devnull_cz>

...umask then agent-getpeereid.sh test can PASS even if getpeereid() functionality wasn't checked at all because the path to socket is unreachable which means 2 is returned. Or it could be changed to greater-then 128. proposed change is already present in OpenSolaris. regards, Jan. -- Jan Pechanec -------------- next part -------------- diff -ur openssh/config.h.in openssh-SNAP-20060921-patched//config.h.in --- openssh/config.h.in Wed Sep 20 16:30:40 2006 +++ openssh-SNAP-20060921-patched//config.h.in Mon Sep 25 11:49:06 2006 @@ -354,6 +354,9 @@ /* Define to 1 if you have the `getpeereid...

Okay - We went around and around on the idea that adding an option to restrict scp to only allow files to be copied to a certain directory (or below) based on a different startup param. I was told to use all sorts of different options, parameters, methods, etc... All because no one wanted to modify the scp code, for whatever reasoning. I'm sitting here laughing right now, seriously

...- s/ZIO_CRYPT_INERIT/ZIO_CRYPT_INHERIT/ - s/mater of policy/matter of policy/ and one question - I''m probably missing some background - why is AES CBC mode linked to HMAC-SHA256? I understand that SHA-1 is not enough now but why it is limited to HMAC-SHA when CCM not? Jan. -- Jan Pechanec

...ctory=none Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: Solaris Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: Jan.Pechanec at Sun.COM Created an attachment (id=1608) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1608) suggested patch ChrootDirectory=none is the same as not specifying ChrootDirectory at all. In both cases, sshd should report when the user's directory can't be cd into. It does that on...

...---------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Comment #1 from dtucker at zip.com.au 2007-03-21 21:40 ------- Patch has been applied and will be in 4.7. Thanks to Jan Pechanec at Sun. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...ication: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: Jan.Pechanec at Sun.COM Created an attachment (id=1365) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1365) fix for the bug the check whether ports were parsed OK is not correct; it doesn't recognize when only one of the ports is incorrect: # ./ssh -L 99999:localhost:4444 localhost Password: #...

...nclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org ReportedBy: Jan.Pechanec at Sun.COM The RB_PROTOTYPE macro in usr/src/cmd/ssh/include/sys-tree.h has a backslash on the last line of the macro. This backslash is not needed, and it's a maintenance hazard. If somebody puts non-null text on the line following the macro, it will get sucked into the macro definition. Thi...

Hi, Just feel curiously. I am using sun SSH 1.0.1 and 1.1 on different machines, and get different password promts as follows. ------------------------------------ root> ssh -V SSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0. root>ssh 10.193.106.90 root at 10.193.106.90's Password: ------------------------------------ root> ssh -V Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL

By looking at the code, I saw that PAM_RUSER is not set by sshd. Is there a reason why ? If I write a patch to add that feature, is there a chance for it to be included in the main distrib ? Best regards, Arnauld

...if (log_level == SYSLOG_FACILITY_NOT_SET) + if (log_facility == SYSLOG_FACILITY_NOT_SET) error("Invalid log facility \"%s\"", optarg); break; case 'h': -- Jan Pechanec

...h initial alloc */ *str = string; } else if (ret == INT_MAX || ret < 0) { /* Bad length */ + free(string); goto fail; } else { /* bigger than initial, realloc allowing for nul */ len = (size_t)ret + 1; -- Jan Pechanec

hi, the corner case of '-HF' hashes the whole hostline and not just the host xor IP address which means that usually it will hash "HOST,IP". This will never be matched if manually included into the known_host file. Patch against 4.7p1 attached. J. -- Jan Pechanec -------------- next part -------------- --- openssh-4.7p1/ssh-keygen.c Mon Feb 19 12:10:25 2007 +++ openssh-4.7p1-patched/ssh-keygen.c Wed Oct 10 17:38:05 2007 @@ -598,7 +598,7 @@ } static void -print_host(FILE *f, char *name, Key *public, int hash) +print_host(FILE *f, const char *name, Key *p...

...Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Solaris Status: NEW Severity: minor Priority: P4 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: Jan.Pechanec at Sun.COM Created an attachment (id=1607) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1607) suggested patch it may be a nit picking: EXPAND_MAX_KEYS, as any MAX macro, suggests that we can have up to EXPAND_MAX_KEYS keys. That's not true since if we reach the maximum, the followi...