search for: rdomain

...ng winbind on our companies email servers. That part is currently working. I have been trying to add an existing "Trusted" child domain and allow authentication from that domain as well. I am part of the way there, but not quite to the functional point as of yet. Our primary domain is rdomainprv or rdomain.prv and the child domain is kid.rdomain.prv. Below is what I am seeing, followed by my configs. Also, we had to open ports 88, 139 and 389 (I believe those are the correct ports, though the networking guys opened them) from the email/winbind server to the child domain, at the firewa...

https://bugzilla.mindrot.org/show_bug.cgi?id=3126 Bug ID: 3126 Summary: Mark the RDomain configuration option unsupported on non-openbsd builds Product: Portable OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5...

Hi all, What options exists under CentOS hosts to work with isolated networks?. For example, on BSD systems it is really trivial. In FreeBSD you can use setfib tools and on OpenBSD it is possible to use rdomain options. In 30 secs it is possible to work with isolated networks and assign process, ip address and routes (hidden from the main route table and ip addresses), etc. But I can't find a similar solution for CentOS environments. I have found two similar options: a/ Network namespaces (but doe...

...ll: Add experimental support for PQC XMSS keys (Extended Hash- Based Signatures) based on the algorithm described in https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 The XMSS signature code is experimental and not compiled in by default. * sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword to allow conditional configuration that depends on which routing domain a connection was received on (currently supported on OpenBSD and Linux). * sshd_config(5): Add an optional rdomain qualifier to the ListenAddress directive to allow...

...ll: Add experimental support for PQC XMSS keys (Extended Hash- Based Signatures) based on the algorithm described in https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 The XMSS signature code is experimental and not compiled in by default. * sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword to allow conditional configuration that depends on which routing domain a connection was received on (currently supported on OpenBSD and Linux). * sshd_config(5): Add an optional rdomain qualifier to the ListenAddress directive to allow...

...ll: Add experimental support for PQC XMSS keys (Extended Hash- Based Signatures) based on the algorithm described in https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 The XMSS signature code is experimental and not compiled in by default. * sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword to allow conditional configuration that depends on which routing domain a connection was received on (currently supported on OpenBSD and Linux). * sshd_config(5): Add an optional rdomain qualifier to the ListenAddress directive to allow...

...7:42:50.131668 ifav87-apic2 sshd[1090464]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7 Jul 23 17:42:50.146955 ifav87-apic2 sshd[1090464]: debug1: inetd sockets after dupping: 4, 4 Jul 23 17:42:50.147065 ifav87-apic2 sshd[1090464]: Connection from 10.0.0.1 port 35782 on 10.0.0.2 port 1022 rdomain "" Jul 23 17:42:50.147151 ifav87-apic2 sshd[1090464]: debug1: Local version string SSH-2.0-OpenSSH_9.6 Jul 23 17:42:50.147256 ifav87-apic2 sshd[1090464]: debug1: Remote protocol version 2.0, remote software version OpenSSH_9.6 Jul 23 17:42:50.147292 ifav87-apic2 sshd[1090464]: debug1: com...

...vvv ... debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent Connection reset by 192.168.1.2 port 2232 The server log messages from `/var/log/auth.log` are 2023-12-02T12:28:41.051665-08:00 host1 sshd[3790]: Connection from 192.168.1.3 port 62155 on 192.168.1.2 port 2232 rdomain "" 2023-12-02T12:28:41.050817-08:00 host1 sshd[3790]: Connection from 192.168.1.3 port 62155 on 192.168.1.2 port 2232 rdomain "" 2023-12-02T12:28:41.053381-08:00 host1 audit[3791]: SECCOMP auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=3791 comm="sshd" exe="...

I have a customer who is complaining about slow SFTP transfers over a long haul connection. The current transfer rate is limited by the TCP window size and the RTT. I looked at HPN-SSH, but that won't work because we don't control what software the peer is using. I was thinking about coding a much more modest enhancement that just does SO_RCVBUF for specific subsystems. In the interest

...15:06:58 > Subject: [CentOS-virt] Network isolation for KVM guests > Hi all, > > What options exists under CentOS hosts to work with isolated networks?. For > example, on BSD systems it is really trivial. In FreeBSD you can use setfib > tools and on OpenBSD it is possible to use rdomain options. In 30 secs it is > possible to work with isolated networks and assign process, ip address and > routes (hidden from the main route table and ip addresses), etc. > > But I can't find a similar solution for CentOS environments. I have found two > similar options: > &g...

...samba shares running with AD [sfu-erp] comment = Mandant path = /share # ; valid users = @"RZ-DOMAIN\linuxtest" @"RZ-DOMAIN\linuxtest" valid users = DOMAIN # valid users = @"RZ-DOMAIN+dom?nen-benutzer" # valid users = @"RZ-DOMAIN" #valid users = %S, RDOMAIN\%S #valid users = @DOMAIN #valid users = linuxtest # force user = fuhste # guest ok = yes # force group = @"RZ-DOMAIN+dom?nen-benutzer" # force group = @"RZ-ODOMAIN" # ; force group = dom?nen-benutzer force create mode = 0660 force directory mode = 0770 readonly = no...

https://bugzilla.mindrot.org/show_bug.cgi?id=2624 Bug ID: 2624 Summary: ListenAddress and Port directives only accept a single value Product: Portable OpenSSH Version: 7.3p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=3702 Bug ID: 3702 Summary: sshd fork crashed when compiled with seccomp Product: Portable OpenSSH Version: 9.7p1 Hardware: ARM64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=3117 Bug ID: 3117 Summary: Tracking bug for 8.2 release Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

Hi, sifting through my system's logs, I noticed many break-in attempts by rogue ssh clients trying long lists of common passwords. For some time now I pondered different approaches to counter these, but could not come up with a solution that really satisfied me. I finally reached the conclusion that any countermeasures required support in sshd itself, and created the attached patch. If

...d as keyword=value pairs and " "may be supplied in any order, either with multiple E<.Fl C> options or as a " "comma-separated list. The keywords are E<.Dq addr,> E<.Dq user>, E<.Dq " "host>, E<.Dq laddr>, E<.Dq lport>, and E<.Dq rdomain> and correspond to " "source address, user, resolved source host name, local address, local port " "number and routing domain respectively." Issue: fork ? E<.Xr fork 2> "Debug mode. The server sends verbose debug output to standard error, and " "...

https://bugzilla.mindrot.org/show_bug.cgi?id=3666 Bug ID: 3666 Summary: sshd crash Product: Portable OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW Severity: critical Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: