search for: servconf

...g command still doesn't show streamlocalbindunlink set: > > sshd -T -C "user=sshvpn,host=196.209.244.243,addr=196.209.244.243" | grep -i > stream > streamlocalbindmask 0177 > allowstreamlocalforwarding yes oh, that's a bug in the config dump support. diff --git a/servconf.c b/servconf.c index 6111c5a..2094c48 100644 --- a/servconf.c +++ b/servconf.c @@ -2293,6 +2293,7 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); dump_cfg_fmtint(sAllowStre...

...an using __progname or having it hardwired to SSHD_PAM_SERVICE at compile time. I expect this to be useful if one wants to run multiple instances of sshd using different PAM configurations. With this patch SSHD_PAM_SERVICE is not used in auth-pam.c so I moved the definition out of auth-pam.h into servconf.h. Effectively SSHD_PAM_SERVICE now merely supplies the default service name. I'm not convinced that servconf.h is the correct place for it. ==========pam-service.diff follows========== diff -ru openssh-3.5p1.orig/auth-pam.c openssh-3.5p1/auth-pam.c --- openssh-3.5p1.orig/auth-pam.c Sun Jul...

Dear all, I want to add a new option "newoption" to the sshd server, I have just add some codes in servconf.h and servconf.c like the other options. But it seems that the "newoption" can not be enable,when i set the "newoption" to "yes" in sshd_config file. I have add a debug message in main function of sshd.c .... debug("main sshd %d",options->newoption); ......

...ytti.uku.fi> - Bugfixes +Jani Jaakkola <jjaakkol at cs.helsinki.fi> - IdleTimeOut Jim Knoble <jmknoble at jmknoble.cx> - Many patches Jonchen (email unknown) - the original author of PAM support of SSH Juergen Keil <jk at tools.de> - scp bugfixing diff -ru openssh-2.9p2.orig/servconf.c openssh-2.9p2/servconf.c --- openssh-2.9p2.orig/servconf.c Wed Apr 25 15:44:15 2001 +++ openssh-2.9p2/servconf.c Wed Aug 15 22:10:23 2001 @@ -102,6 +102,7 @@ options->client_alive_interval = -1; options->client_alive_count_max = -1; options->pam_authentication_via_kbd_int = -1; + o...

...hers, MACs and KexAlgorithms available in Match blocks. Now I can reach a -current machine with some Android terminal app without changing the default ciphers for all clients: Match Address 192.168.1.2 Ciphers aes128-cbc MACs hmac-sha1 KexAlgorithms diffie-hellman-group-exchange-sha1 Index: servconf.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/servconf.c,v retrieving revision 1.249 diff -u -p -u -r1.249 servconf.c --- servconf.c 29 Jan 2014 06:18:35 -0000 1.249 +++ servconf.c 6 Jun 2014 08:04:06 -0000 @@ -399,8 +399,8 @@ static struct {...

...r, &conv, &__pamh); + strlcpy(buf, SSHD_PAM_SERVICE, sizeof(buf)); + strlcat(buf, options.pam_service_name_append, sizeof(buf)); + pam_retval = pam_start(buf, user, &conv, &__pamh); if (pam_retval != PAM_SUCCESS) fatal("PAM initialisation failed[%d]: %.200s", Index: servconf.c =================================================================== RCS file: /cvs/openssh/servconf.c,v retrieving revision 1.97 diff -u -w -u -w -b -p -r1.97 servconf.c --- servconf.c 5 Sep 2002 04:35:15 -0000 1.97 +++ servconf.c 24 Nov 2002 18:43:41 -0000 @@ -57,6 +57,9 @@ initialize_server_opt...

...first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2 box. (I would appreciate some feedback from a core developer as to whether this looks to be a useful approach or not.) --- openssh-3.4p1.vanilla/servconf.c Mon Jun 24 23:22:04 2002 +++ openssh-3.4p1/servconf.c Wed Jul 3 11:23:26 2002 @@ -292,7 +292,7 @@ sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sKeepAlives, sUseLogin, sAllowTcpForwarding, sCompression, - sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups...

...be removed if this more general patch is accepted. Thanks, Adam Tilghman, UC San Diego -- Adam Tilghman | Systems Support / Academic Computing | +1 858 822 0711 agt at ucsd.edu | University of California, San Diego | fax +1 858 534 7018 --- cut here --- diff -r -c openssh-2.5.1p1/servconf.c openssh-2.5.1p1-1/servconf.c *** openssh-2.5.1p1/servconf.c Wed Feb 14 19:08:27 2001 --- openssh-2.5.1p1-1/servconf.c Thu Mar 1 15:45:03 2001 *************** *** 81,86 **** --- 81,87 ---- options->challenge_reponse_authentication = -1; options->permit_empty_passwd = -1; options-&g...

...ctive authentication succeeded"); + options.challenge_response_authentication_first = 0; + options.kbd_interactive_authentication = options.pam_authentication_via_kbd_int; + options.challenge_response_authentication = 0; + authenticated = 0; + } } if (!authctxt->valid) Index: servconf.c =================================================================== RCS file: /cvs/openssh/servconf.c,v retrieving revision 1.98 diff -u -p -r1.98 servconf.c --- servconf.c 24 Feb 2003 01:04:34 -0000 1.98 +++ servconf.c 1 Mar 2003 17:37:42 -0000 @@ -100,6 +100,7 @@ initialize_server_options(Serve...

...#39;m unable to get Kerberos4 authentication working with openssh-3.4p1. I'm getting a message that privsep is not available on my platform (Irix 6.5.15) and another message stating that compression and privsep are mutually exclusive. But, ssh decided to turn off compression, I think because of servconf.c. I think it would be more usefull to have compression enabled and disable privsep as the encryption is almost useless when data is not compressed first. I think compression should never be disabled otherwise kerberos will be also efectively disabled. Any opinions? Below I'm just showing t...

Would anybody happen to have or know of a patch to make /etc/default/login PATH and SUPATH the default openssh path? We have customized paths for each school of engineering (each have their own customized site bin). This is easily controled with /etc/default/login. The --with-default-path option is too rigid. This is Solaris I am talking about. --mike

https://bugzilla.mindrot.org/show_bug.cgi?id=2278 Bug ID: 2278 Summary: 'configure --disable-lastlog' should mark PrintLastLog as unsupported in servconf.c Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Solaris Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: brent.paulson...

https://bugzilla.mindrot.org/show_bug.cgi?id=1748 Summary: getcwd being called with invalid argument in servconf.c Product: Portable OpenSSH Version: 5.4p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dan.mitt...

Heya, I'm trying to convince my company to use OpenSSH instead of the commercial SSH version. I need a little help: 1. What features does OpenSSH offer over commercial SSH (besides being free and open source of course)? 2. Our lawyers want details on the licensing / patents stuff. I have the high level details from the OpenSSH page. I need the nitty gritty like RSA patent# and

...nt's IP address in its environment. It could then block the originating host, possibly after a predefined number of such events in a certain interval, by reconfiguring the system's firewall or similar means. Comments welcome. Thomas Koeller (1): sshd: Added authentication failure hook servconf.c | 6 ++++++ servconf.h | 1 + sshd.c | 19 +++++++++++++++++++ sshd_config | 3 +++ sshd_config.5 | 11 +++++++++++ 5 files changed, 40 insertions(+) -- 2.24.1

...user_key_allowed2(pw, key, file); - xfree(file); + /* Iterate over all authorized_keys_files */ + while ( (file = authorized_keys_file(pw, authfileno++) ) != NULL) { + success = user_key_allowed2(pw, key, file); + xfree(file); + if (success) + return success; + } return success; } Index: servconf.c =================================================================== RCS file: /cvs/openssh/servconf.c,v retrieving revision 1.74 diff -u -r1.74 servconf.c --- servconf.c 22 Jan 2002 12:35:12 -0000 1.74 +++ servconf.c 23 Jan 2002 11:11:29 -0000 @@ -107,8 +107,7 @@ options->reverse_mapping_che...

...-1, 0); - if (address == MAP_FAILED) - fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); #else - fatal("%s: UsePrivilegeSeparation=yes not supported", + fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", __func__); #endif Index: servconf.c =================================================================== RCS file: /var/cvs/openssh/servconf.c,v retrieving revision 1.92 diff -u -r1.92 servconf.c --- servconf.c 23 Jun 2002 21:29:24 -0000 1.92 +++ servconf.c 25 Jun 2002 00:16:12 -0000 @@ -257,7 +257,7 @@ if (use_privsep == -1) u...

Hello, I have just installed OpenSSH 4.6p1 and it appears that ChallengeResponseAuthentication is not allowed unless I explicitly set it to "yes" in the sshd_config file. I am using the same config file as I did with 4.5p1 where it was allowed by default. Also, this is OpenSSH package from sunfreeware, but I believe that both versions were compiled with the same options. Is this the

...h put xauthority in /tmp), with a few minor modification, including security improvements for removing the files in /tmp, which I believe were what lead (at least in part) to the original removal of this code. Scott. -------------- next part -------------- diff -r --unified openssh-3.0.2p1.orig/servconf.c openssh-3.0.2p1/servconf.c --- openssh-3.0.2p1.orig/servconf.c Wed Nov 14 00:03:15 2001 +++ openssh-3.0.2p1/servconf.c Tue Feb 12 14:21:14 2002 @@ -64,6 +64,7 @@ options->x11_forwarding = -1; options->x11_display_offset = -1; options->xauth_location = NULL; + options->xauthority...

...o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o -SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o dh.o sshpty.o log-server.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o +SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o dh.o sshpty.o log-server.o sshlogin.o loginrec.o servconf.o serverl...