search for: server_accept_loop

> This makes me think that the syslog approach is probably the way to go Yeah, right. Another idea is to mirror the current preauth load via setproctitle()... That makes that data accessible even without a syscall (at least the writing of the data - quering needs syscalls, right), so that can be kept up-to-date and allows a high monitoring frequency as well. Multiple instances of SSHd (on

...9642a in the portable git repo, along with another change that matches the commit message. Was that intentional? -- Craig Miskell Site Reliability Engineer | GitLab | Dunedin, New Zealand diff --git a/sshd.c b/sshd.c index 6129b0a..debbdcb 100644 --- a/sshd.c +++ b/sshd.c @@ -1005,7 +1005,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) { fd_set *fdset; int i, j, ret, maxfd; - int startups = 0, listening = 0, lameduck = 0; + int ostartups = -1, startups = 0, listening = 0, lameduck = 0; int startup_p[2] = { -1 , -1 }; char c = 0; struct sockaddr_storage fr...

...horizedPrincipalsFile option handles intptr, without any possible label (therefore always null), which is dead code (probably copy-paste error from sHostKeyFile) 4. box variable for sandbox context is not freed in the child process after calling ssh_sandbox_child(), which makes it memory leak. 5. server_accept_loop() allocates fdset variable, but does not free it in the end. These are the most obvious problems and it would be nice to have them addressed in the next release. -- You are receiving this mail because: You are watching the assignee of the bug.

On Wed, 2018-08-22 at 09:02 -0500, kevin martin wrote: > Simple seems to have fixed it. I was also trying with "forking" as > the > type and that was failing as well. That is not as simple as that -- we lived with "simple" for long time, but it was not covering some corner cases so we ended up using the sd_notify, since that was the only reliable way for systemd to

...tive_data.have_ssh1_key = 1; + break; + case KEY_RSA: + case KEY_DSA: + sensitive_data.have_ssh2_key = 1; + break; + default: + fatal("%s: unsupported host key type", __func__); + } + } + buffer_free(&m); debug3("%s: done", __func__); @@ -1308,6 +1350,41 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) } } +static Key * +sshd_key_load_private(const char *filename) +{ + Key *key; + char prompt[300], *passphrase = ""; + int quit, i; + + key = key_load_private(filename, passphrase, NULL); + + if (key == NULL) { + snprintf(prom...

...ac check for (Linux-only) SCM_CREDENTIALS? I think the minimum viable product would be to emit READY=1 once startup is complete and RELOADING=1 on SIGHUP receipt. STOPPING=1 would also make sense in sshd exit paths if something could end up blocking along the way, but at least the SIGTERM case in server_accept_loop() doesn't seem to need that. STATUS= and ERRNO= could be nice-to-haves for error messages. So I wrote a simple sd_notify() and am attaching it here, but the address part and a connect() may need to be outside the function with privilege separation. Thoughts on this idea? //Peter ----------...

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

https://bugzilla.mindrot.org/show_bug.cgi?id=2158 Bug ID: 2158 Summary: Race condition in receiving SIGTERM Product: Portable OpenSSH Version: 6.2p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org