search for: petesea

Will Simon Wilkinson's GSSAPI Key Exchange patch ever be incorporated into the OpenSSH source? http://www.sxw.org.uk/computing/patches/openssh.html I'm sure I'm not the only one that uses it and would like to see it become part of the OpenSSH source. Is there something missing or is there some technical/philosophical reason for not including it?

Is it possible to move a server's public and private keys from one host to another? Or perhaps a better way to ask what I really want... is it possible to configure a server on a new host to return the same public key it did on the old host? I'm in the process of migrating our CVS server from a Solaris host to a Linux host (this weekend) and I just realized the hostkey is going to

I'm randomly getting the following error on a server from various remote hosts: ssh_exchange_identification: Connection closed by remote host The server is running OpenSSH 4.5p1 w/GSSAPI Key Exchange patch. The hosts connecting to it should all be using OpenSSH 5.0p1 w/GSSAPI Key Exchange patch and using gssapi-keyex authentication. Normally, when I've seen this error, it means

...make tests Product: Portable OpenSSH Version: 5.4p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: unassigned-bugs at mindrot.org ReportedBy: petesea at bigfoot.com While building the latest OpenSSH from CVS (2010-04-09), "make tests" fails with the error "no sshd running on port 4242". The real cause in my case is that something is already running on port 4242 (the Juniper Network Connect client). It would be nice if the...

...messages on client Product: Portable OpenSSH Version: 5.4p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: petesea at bigfoot.com A server started with debugging options (eg "sshd -e -ddd -p4242") will print debug and "Environment" messages on the client: $ ssh -p4242 127.0.0.1 'date' Environment: USER=... LOGNAME=... HOME=... PATH=... MAIL=......

Is there any way to define openssh options via an env var? Something like: SSH_OPTIONS='-oBatchMode=yes ...' or SSH_CONFIG=/path/to/alternate/ssh_config The reason I'd like to be able to use this is so I can override certain options without interfering with the users normal configuration file. In the case of commands that indirectly call ssh, like cvs, there's no way

Has anyone successfully built openssh with MIT's KfW (Kerberos for Windows) under Cygwin? Is it even possible? Searching around I found one reference to Nicolas Williams attempting to do this several years ago, but no indication of success and nothing more recent. http://www.cygwin.com/ml/cygwin/2002-01/msg00100.html What about compiling openssh using a native windows compiler? Is

>From a security standpoint, if the default keytab (/etc/krb5.keytab) contains only ONE principal, does it matter if GSSAPIStrictAcceptorCheck is set to "yes" or "no"? My company uses an internally built OpenSSH package that includes the GSSAPI Key Exchange patch. Because we have 1000s of hosts, we need to use a "standard" sshd_config file that works for the

I'm using Cygwin OpenSSH 5.1 on a Windows XP SP3 system. Is sshd supposed to create a new "login session" for each user that logs in? Or, is there a way to force it to create a new "login session" for each user that logs in? Once logged in, I'm trying to use the Kerberos for Windows command line utilities (klist/kinit), but I'm told by one of the KfW

Last June I asked the following question, but didn't receive any responses: http://marc.info/?l=openssh-unix-dev&m=124406679122871&w=2 I just did the same test using openssh-5.3p1 and the results are the same. Is this a bug? Or intentional? If it's a bug, I'll report it. If it's intentional, any chance it could be changed? Or a server-side way to override it?

Starting with openssh 5.1 the following code fails (when executed on a remote host)... prior to 5.0 this worked, ie S_ISSOCK says STDIN is a socket. struct stat s; fstat(STDIN_FILENO, &s); if (S_ISSOCK(s.st_mode)) // STDIN is a socket else // STDIN is not a socket Soo... if I have a command on a remote host that includes the above code and I ssh to the remote host

How difficult would it be to enhance the client ssh_config file to allow command-based declarations similar to that provided by the "Host" keyword? The main reason I need something like this is when ssh is used via CVS and Subversion. I want all CVS/Subversion traffic to use a different SSH port and different authentication options. So... you might have an ssh_config file that

I'm a bit confused how scp works... could someone please explain the local/remote external calls that happen when scp is started... in particular how it relates to ssh on the remote site? To be more specific... I use Kerberos for authentication and I've been working on an ssh wrapper script that checks my Kerberos credentials before running the ssh command. If the credentials are

I noticed "make tests" for openssh-5.2p1 fails the multiplex.sh tests. Turns out this is because I happen to have some non-standard configuration options in $HOME/.ssh/config and most of the multiplex.sh tests do not use a "-F $OBJ/ssh_config" option, which means they end up reading the users $HOME/.ssh/config. Is this on purpose or a bug?

It looks to me like GSSAPICleanupCredentials doesn't work if UsePrivilegeSeparation is set to "no". Is this a bug, or am I doing something wrong? On a related note, is there a SERVER way to disable GSSAPIDelegateCredentials?

If a server is started in debug mode (-ddd), it triggers a few debug messages to appear on the client. Shouldn't debug messages appear on the client only if the client uses the -v option? The problem is, it's often useful to start a debug server to help track down problems without interfering with the client... and those extra client-side debug messages can sometimes cause issues for

While building OpenSSH 5.2p1, "make tests" was failing on my system with the error "no sshd running on port 4242". After much head scratching, cursing and rooting around in the test scripts I finally figured out the real cause... something is already running on port 4242 (in my case, the Juniper Network Connect client). This got me thinking, it might be nice if the code

I'm tracking some custom OpenSSH changes (based on 4.3p2) in a local CVS repository and have run into a few problems... mainly (I believe) because of the .cvsignore files. Keep in mind the main idea here is to commit the OpenSSH source without changes, tag, then add my custom changes and add a new tag. I can probably fix these by making local modes, but I'm just wondering if there

How reasonable, acceptable and difficult would it be to "enhance" openssh so authorizations using kerberos (specifically kerberos tickets) consulted the authorized_keys file? And to be a bit more precise... consulted authorized_keys so it could utilize any "options" (eg. from=, command=, environment=, etc) that may be present? I'm willing to make custom changes, but