search for: rfc4254

Displaying 18 results from an estimated 18 matches for "rfc4254".

Did you mean: rfc4253
2010 Jun 17
0
signals and RFC4254
...TF mailing list but I figured I'd start here first. I ran across this because signals need to be sent as explicit commands, not as special characters, when using EXTPROC. So I started implementing the "signal" channel request. However, the description of the request is inadequate. RFC4254 section 6.9 says the 'signal name' values are the same as discussed in 6.10 for the "exit-signal" message. But that list of signals is specifically limited to values that can cause a program to exit, and be returned in a program's exit status. This list of signals you can *...
2017 Jan 16
2
SOCKS5 and UDP
Hi, Currently, OpenSSH only accepts the SOCKS5 command "CONNECT": <https://anongit.mindrot.org/openssh.git/tree/channels.c#n1281> The RFC also specifies the commands "BIND" and "UDP ASSOCIATE": <https://tools.ietf.org/html/rfc1928#section-4> As a consequence, in particular, a SOCKS5 server started with "ssh -D" cannot proxify UDP packets. Are
2018 Jul 05
2
trying to resurrect discussion about "Cannot signal a process over a channel (rfc 4254, section 6.9)"
Hi everybody I?d like to resurrect the discussion on a known issue with the openssh server, regarding signal delivery as described in rfc4254 This has been originally reported about ten years ago in this thread: https://bugzilla.mindrot.org/show_bug.cgi?id=1424 I am taking he liberty to copy a few people who contributed that thread over time The discussion does not seem to expose the reasons that lead to the feature being held back fo...
2006 Dec 09
0
Local software flow control
...vices and thus they had to use rlogin because it handles local flow control correctly for them. An easy and quick/dirty method was to remove IXON & IXOFF flags from sshtty.c:enter_raw_mode(), but it can easily brake transparency. Another standart method to use was a must. According to IETF RFC4254 ssh server can provide client an idea of doing the control flow at the client side. A special SSH_MSG_CHANNEL_REQUEST message with "xon-xoff" string MUST be used, and client MAY ignore this message. This feature is not implemented in OpenSSH, nor in client nor in the server. As we ha...
2012 Dec 17
2
How to control which command is executed with "plain ssh" from remote machine?
Hi! Is it possible to override in OpenSSH so that the shell specified in the /etc/passwd (or what comes from the LDAP server) is not executed at login? We have na?vely tried to specify this with subsystem but found out that by default the ssh client does not specify any subsystem. So how to override something that is unset from the client? /John -- John Olsson Ericsson AB BSC/BSS System
2014 Nov 13
2
[Bug 2312] New: [Query] Window resizing support in ssh
https://bugzilla.mindrot.org/show_bug.cgi?id=2312 Bug ID: 2312 Summary: [Query] Window resizing support in ssh Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: major Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org
2014 Dec 30
2
CVE-2002-0083 - whats the problem? beginners question
Hi, I'm not a programmer nor able to fully understand the code of openssh in detail - hence my question here. Out of curiosity I was looking at the patch for CVE-2002-0083 and tried to understand what the actual problem is, but failed: --- channels_old.c?? ?Mon Mar? 4 02:07:06 2002 +++ channels.c?? ?Mon Mar? 4 02:07:16 2002 @@ -151,7 +151,7 @@ ?channel_lookup(int id) ?{ ??? ?Channel *c; -??
2016 May 31
2
[Bug 2578] New: -W should honor -4 and -b
https://bugzilla.mindrot.org/show_bug.cgi?id=2578 Bug ID: 2578 Summary: -W should honor -4 and -b Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org
2007 Jul 06
2
[Bug 1334] New: Bind tunnels to given interface on the server
http://bugzilla.mindrot.org/show_bug.cgi?id=1334 Summary: Bind tunnels to given interface on the server Product: Portable OpenSSH Version: 4.6p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy:
2017 Jan 17
2
SOCKS5 and UDP
...r started with "ssh -D" > > cannot proxify UDP packets. > > > > Are there deep reasons why OpenSSH does not implement them (security, or > > whatever)? > > ssh -D accepts SOCKS CONNECT requests and maps them to SSH > "direct-tcpip" requests (see RFC4254 section 7.2). These are only > defined for TCP, there's no equivalent for UDP. Thank you for your answer. So if I understand correctly, making "ssh -D" create a "full" SOCKS5 server, including UDP relay?, would require to add a new SSH request type (like "relay-ud...
2018 Oct 21
3
The first command of a nested compound command receives no arguments
...command arguments to a single string without escaping them. (I concede there may be no "standard" way to do such escaping.) It also appears that the ssh protocol defines the command as a single string, not an argv-style list of multiple strings. (See section 6.5 of https://www.ssh.com/a/rfc4254.txt .) It might be worth documenting the escape-less flattening of the command (and the corresponding loss of information) on the ssh manpage. I could write something and submit a patch, if the openssh developers are interested. Cheers, Parke
2013 Apr 20
3
[Bug 2094] New: Executing commands via ssh on a remote host has different parameter passing properties
https://bugzilla.mindrot.org/show_bug.cgi?id=2094 Bug ID: 2094 Summary: Executing commands via ssh on a remote host has different parameter passing properties Classification: Unclassified Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: OpenBSD Status: NEW Severity:
2023 Dec 18
1
Announce: OpenSSH 9.6 released
...t subject to these restrictions, allowing configurations that use strange names to continue to be used, under the assumption that the user knows what they are doing in their own configuration files. Potentially incompatible changes -------------------------------- * ssh(1), sshd(8): the RFC4254 connection/channels protocol provides a TCP-like window mechanism that limits the amount of data that can be sent without acceptance from the peer. In cases where this limit was exceeded by a non-conforming peer SSH implementation, ssh(1)/sshd(8) previously discarded the extra data. Fro...
2015 Oct 09
10
[Bug 2477] New: backspace in interactive session does not delete multi-byte Unicode characters correctly
https://bugzilla.mindrot.org/show_bug.cgi?id=2477 Bug ID: 2477 Summary: backspace in interactive session does not delete multi-byte Unicode characters correctly Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5
2008 Mar 31
0
Announce: OpenSSH 4.9 released
...detect errors in either specified port number. (bz#1378) - Fix memory leak in ssh(1) ~ escape commandline handling. (bz#1379) - Make ssh(1) skip listening on the IPv6 wildcard address when a binding address of 0.0.0.0 is used against an old SSH server that does not support the RFC4254 syntax for wildcard bind addresses. (bz#1381) - Remove extra backslashes in the RB_PROTOTYPE macro definition. (bz#1385) - Support ssh(1) RekeyLimits up to the maximum allowed by the protocol: 2**32-1. (bz#1390) - Enable IPV6_V6ONLY socket option on sshd(8) listen socket, as...
2008 Mar 31
0
Announce: OpenSSH 4.9 released
...detect errors in either specified port number. (bz#1378) - Fix memory leak in ssh(1) ~ escape commandline handling. (bz#1379) - Make ssh(1) skip listening on the IPv6 wildcard address when a binding address of 0.0.0.0 is used against an old SSH server that does not support the RFC4254 syntax for wildcard bind addresses. (bz#1381) - Remove extra backslashes in the RB_PROTOTYPE macro definition. (bz#1385) - Support ssh(1) RekeyLimits up to the maximum allowed by the protocol: 2**32-1. (bz#1390) - Enable IPV6_V6ONLY socket option on sshd(8) listen socket, as...
2023 Dec 18
0
Announce: OpenSSH 9.6 released
...t subject to these restrictions, allowing configurations that use strange names to continue to be used, under the assumption that the user knows what they are doing in their own configuration files. Potentially incompatible changes -------------------------------- * ssh(1), sshd(8): the RFC4254 connection/channels protocol provides a TCP-like window mechanism that limits the amount of data that can be sent without acceptance from the peer. In cases where this limit was exceeded by a non-conforming peer SSH implementation, ssh(1)/sshd(8) previously discarded the extra data. Fro...
2014 Oct 02
15
[Bug 2283] New: option to execute command without shell
...ng fork()+exec() or similar, without invoking the shell. This would help avoid quoting confusion, shell metacharacter attacks and things like shellshock. This appears to require a protocol extension to work since RFC 4254 specifies just a string to be passed with exec: https://tools.ietf.org/html/rfc4254#section-6.5 There could be: A client-side option to turn it on. A server-side option (sshd_config, authorized_keys) to allow it. A server-side option (sshd_config, authorized_keys) to disallow in-shell commands and interactive shells. A way to pass the original command requested by the user to...