search for: privsep_preauth_child

Hi, A question regarding chroot, internal-sftp, and time zones: Is it possible to get the time stamps presented by the chrooted internal-sftp to always be aligned with the system global time zone setting? What is the reason this not done by default, that is couldn't the chrooted internal-sftp inherit the time zone information from the SSH daemon? /John -- John Olsson Ericsson AB

...the device permissions. Logging in with this method shows that a utmp entry does get made for the tty. There are several issues I see with this configuration, but I don't think any pose insurmountable problems: - There is an #if'd-out call to do_setusercontext() in the subroutine privsep_preauth_child(), which means that the SSH_PRIVSEP_USER would be run through the session_setup_sia() should the '#if 0' preprocessor directive be removed. I don't want SSH_PRIVSEP_USER to be passed through session_setup_sia(), because I like that account to be locked and the sessi...

...ld terminated by signal %d", + __func__, WTERMSIG(status)); + if (box != NULL) + ssh_sandbox_parent_finish(box); + return 1; } else { /* child */ close(pmonitor->m_sendfd); @@ -659,8 +676,11 @@ privsep_preauth(Authctxt *authctxt) if (getuid() == 0 || geteuid() == 0) privsep_preauth_child(); setproctitle("%s", "[net]"); + if (box != NULL) + ssh_sandbox_child(box); + + return 0; } - return (0); } static void

...r->m_pid, SIGALRM); - +#endif /* Log error and exit. */ fatal("Timeout before authentication for %s", get_remote_ipaddr()); } @@ -536,6 +539,7 @@ demote_sensitive_data(void) /* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */ } +#ifdef USE_PRIVSEP static void privsep_preauth_child(void) { @@ -678,6 +682,7 @@ privsep_postauth(Authctxt *authctxt) */ packet_set_authenticated(); } +#endif /* USE_PRIVSEP */ static char * list_hostkey_types(void) @@ -1691,10 +1696,11 @@ main(int ac, char **av) /* prepare buffer to collect messages to display to user after login */ b...

...for privilege separation */ int use_privsep; struct monitor *pmonitor; +#endif /* DISABLE_PRIVSEP */ /* message to be displayed after login */ Buffer loginmsg; @@ -526,6 +528,7 @@ /* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */ } +#ifndef DISABLE_PRIVSEP static void privsep_preauth_child(void) { @@ -674,6 +677,7 @@ /* It is safe now to apply the key state */ monitor_apply_keystate(pmonitor); } +#endif /* DISABLE_PRIVSEP */ static char * list_hostkey_types(void) @@ -1034,6 +1038,7 @@ } } +#ifndef DISABLE_PRIVSEP if (use_privsep) { struct passwd *pw; struct s...

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |