search for: schlossnagl

...tting the SecurID patch integrated into OpenSSH? I think I asked before and was told that it could be done with PAM, but I (and others) are not satisfied with the PAM support. This "tight" integration seems to work much better. If not, I'll just sit on my rogue patches :-( -- Theo Schlossnagle 1024D/A8EBCF8F/13BD 8C08 6BE2 629A 527E 2DC2 72C2 AD05 A8EB CF8F 2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7

Howdy folks, The chroot patch in the contrib directory had gotten stale and didn't apply cleanly, so I've updated it... The attached patch works fine with 3.0p1. Is there any reason this patch stays in the contrib directory rather than being applied to the source? I find it incredibly useful. Thanks for your hard work on OpenSSH! Bret PS: Please cc me with any responses as I'm

Hello Theo, > > > Could you let me know where this test patch would be available. > > > > Try: > > http://www.omniti.com/~jesus/SecurID/ > > > > -- Regarding your patch, did you continue the integration (mainly: Handle PIN creation and changing ...)? Do you foreseen to transport it in new release 2.3.0p1? Kind regards, Joel

When comparing SSH 1.2.27 with OpenSSH 2.5.1 I see that the SecurID code/patch is not in OpenSSH 2.5.1. I'm not sure how or why that happened. Upon looking through the OpenSSH 2.5.1 source, I think I could fairly easily provide a 'SecurID Authentication Method' patch (which would rely on -DHAVE_SECURID, -I/blah/securid/include, and -L/blah/securid/lib... /blah/securid being a

A while back someone posted a patch for scp that updates it to deal with files > 2gb by using 64 bit offsets as defined by LFS (Large File Sumit). I belive the patch was tested on Linux but maybe not on other systems that support largefiles. I've tried this under Solaris and scp fails with a broken pipe on only the second write to the pipe between scp and ssh if the file is over 2gb. If

...ogin attempts (so you'll have to enter two passwords to log in). It does this to handle drift and prevent guessing (I think). Without integrated SecurID support, tools like scp and rsync (and anything else over ssh) can be excruciatingly painful if not impossible. What do you think? -- Theo Schlossnagle 1024D/A8EBCF8F/13BD 8C08 6BE2 629A 527E 2DC2 72C2 AD05 A8EB CF8F 2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7

...ly found some time in my schedule to port and test. The integrated SecurID patches for OpenSSH version 3.4p1 are now available at the same old place: http://www.omniti.com/~jesus/projects/ The porting effort included moving all auth code to the new privilege separation model. Enjoy. -- Theo Schlossnagle Principal Consultant OmniTI Computer Consulting, Inc. -- http://www.omniti.com/ Phone: +1 301 776 6376 Fax: +1 410 880 4879 1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984 2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7

Hello, I've redone Theo Schlossnagle's SecurID patches for openssh to support the ACE 5.0 API. The new API takes advantage of two-step authentication and multithreaded support. If anyone is interested, please let me know. I've tried contacting Theo for him to incorporate it, but haven't received any respose yet. Note...

I have a few questions: 1) Is OpenSSH 2.9p2 (or any other version of OpenSSH) vulnerable to the same problem as SSH3.0.0? (described here: http://www.kb.cert.org/vuls/id/737451 ) 2) There is a "SECURID" patch in the contrib section since 2.5.2p2. I am using it, but applying this patch to each new version is growing more difficult as time goes on. Would you consider merging this

I have just checked in a change which makes PAM support optional and disabled by default. Previously PAM support was detected and enabled automatically if found. The change was made because there is no workable way to make PAM work 'out of the box'. Each vendor implements PAM a little differently and there appears to be no standard on the naming of modules or the augments they take. To

The native SecurID support for OpenSSH patch has been updated to release 2.5.2p2 and incorporates fixes to the "validate next token" code. It is available at: http://www.omniti.com/~jesus/projects/ Enjoy.