search for: serveroptions

Displaying 20 results from an estimated 134 matches for "serveroptions".

2016 May 03
3
StreamLocal forwarding
...ddr=196.209.244.243" | grep -i > stream > streamlocalbindmask 0177 > allowstreamlocalforwarding yes oh, that's a bug in the config dump support. diff --git a/servconf.c b/servconf.c index 6111c5a..2094c48 100644 --- a/servconf.c +++ b/servconf.c @@ -2293,6 +2293,7 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); + dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bi...
2014 Feb 10
0
[PATCH] Basic SCTP support for OpenSSH client and server
...mitted_cnames[MAX_CANON_DOMAINS]; + int connect_via_sctp; char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ } Options; diff --git a/servconf.c b/servconf.c index 7ba65d5..b106458 100644 --- a/servconf.c +++ b/servconf.c @@ -57,6 +57,8 @@ static void add_listen_addr(ServerOptions *, char *, int); static void add_one_listen_addr(ServerOptions *, char *, int); +static void add_one_listen_addr_proto(ServerOptions *, char *, + int, int); /* Use of privilege separation or not */ extern int use_privsep; @@ -153,6 +155,7 @@ initialize_server_options(ServerOptions *options)...
2006 Mar 29
7
sshd config parser
Hi All. For various reasons, we're currently looking at extending (or even overhauling) the config parser used for sshd_config. Right now the syntax I'm looking at is a cumulative "Match" keyword that matches when all of the specified criteria are met. This would be similar the the Host directive used in ssh_config, although it's still limiting (eg you can't easily
2002 Nov 24
1
[PATCH] PamServiceNameAppend
...============================================ RCS file: /cvs/openssh/auth-pam.c,v retrieving revision 1.54 diff -u -w -u -w -b -p -r1.54 auth-pam.c --- auth-pam.c 28 Jul 2002 20:24:08 -0000 1.54 +++ auth-pam.c 24 Nov 2002 18:43:41 -0000 @@ -378,10 +378,13 @@ void start_pam(const char *user) extern ServerOptions options; extern u_int utmp_len; const char *rhost; + char buf[1024]; debug("Starting up PAM with username \"%.200s\"", user); - pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &__pamh); + strlcpy(buf, SSHD_PAM_SERVICE, sizeof(buf)); + strlcat(buf, options...
2024 Jun 27
1
Proposal to add a DisableAuthentication option to sshd ServerOptions
On 6/26/2024 9:34 PM, Henry Qin wrote: > Hi folks, > > I've recently started to work on a patch for openssh that introduces a new > option to disable authentication. > I'd like to explain why I think this might be generally useful, and solicit > opinions on whether such a patch would be acceptable to the maintainers as > a pull request. Why not just use a different
2024 Jun 27
1
Proposal to add a DisableAuthentication option to sshd ServerOptions
When I looked at `man pam_unix`, I did not see any obvious options that would cause ssh to authenticate without prompting for a password at all, short of setting an empty password which is similar to PermitEmptyPasswords option. However, I am not very familiar with the internals of PAM, so pointers to documentation would be greatly appreciated. Also, I think adding a single line to sshd_config
2024 Jun 27
1
Proposal to add a DisableAuthentication option to sshd ServerOptions
On 27.06.24 06:34, Henry Qin wrote: > *Specific use cases:* > 1. Combine sshd on an unprivileged port with kubectl port-forward to > replace kubectl exec for shelling into containers running in a secure > Kubernetes environment. Kubectl exec does not kill processes on disconnect, > and does not support remote port forwarding, while ssh does both of these > things. > 2. Run an
2024 Jun 27
1
Proposal to add a DisableAuthentication option to sshd ServerOptions
see pam_permit(8) On Thu, Jun 27, 2024 at 10:37?AM Henry Qin <hq6 at cs.stanford.edu> wrote: > > When I looked at `man pam_unix`, I did not see any obvious options that > would > cause ssh to authenticate without prompting for a password at all, short of > setting an empty password which is similar to PermitEmptyPasswords option. > > However, I am not very familiar
2024 Jun 27
2
Proposal to add a DisableAuthentication option to sshd ServerOptions
Hi folks, I've recently started to work on a patch for openssh that introduces a new option to disable authentication. I'd like to explain why I think this might be generally useful, and solicit opinions on whether such a patch would be acceptable to the maintainers as a pull request. *Why is this useful?* Openssh has useful capabilities such as remote and local port-forwarding, as well
2024 Jun 27
1
Proposal to add a DisableAuthentication option to sshd ServerOptions
Thanks for the pointer! I played around with PamServiceName set to 'sshd_disable_auth' and got it working with the minimum contents below in the file /etc/pam.d/sshd_disable_auth. auth required pam_permit.so account required pam_permit.so session required pam_permit.so Thus, this does indeed enable disabling authentication. Unfortunately, as far as I can tell, only root can create files
2024 Jun 27
1
Proposal to add a DisableAuthentication option to sshd ServerOptions
i'm not a maintainer, but my personal opinion is that it's probably easier to prepare a container with this pam configuration On Thu, Jun 27, 2024 at 2:26?PM Henry Qin <hq6 at cs.stanford.edu> wrote: > > Thanks for the pointer! > I played around with PamServiceName set to 'sshd_disable_auth' and got it working with the minimum contents below in the file
2002 Dec 05
1
patch to add a PAMServiceName config option
...nssh-3.5p1.orig/servconf.h Thu Aug 1 02:28:39 2002 +++ openssh-3.5p1/servconf.h Tue Dec 3 14:10:55 2002 @@ -132,6 +132,7 @@ char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; int pam_authentication_via_kbd_int; + char *pam_service_name; } ServerOptions; void initialize_server_options(ServerOptions *); @@ -139,5 +140,8 @@ void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int); +#if !defined(SSHD_PAM_SERVICE) +# define SSHD_PAM_SERVICE __progname +#endif #endif...
2002 Jan 29
2
Key fingerprint logging
...11 @@ options->reverse_mapping_check = -1; options->client_alive_interval = -1; options->client_alive_count_max = -1; options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; + options->log_key_fingerprint = -1; } void fill_default_server_options(ServerOptions *options) { @@ -227,10 +228,12 @@ else options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2; } if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; + if (options->log_key_fingerprint == -1) + options->log...
2013 Jan 31
2
OpenSSH NoPty patch
...not on the list. -------------- next part -------------- diff -rupN openssh-6.1p1/servconf.c openssh-6.1p1-new/servconf.c --- openssh-6.1p1/servconf.c 2012-07-31 02:22:38.000000000 +0000 +++ openssh-6.1p1-new/servconf.c 2013-01-31 17:12:36.000000000 +0000 @@ -85,6 +85,7 @@ initialize_server_options(ServerOptions options->x11_forwarding = -1; options->x11_display_offset = -1; options->x11_use_localhost = -1; + options->no_pty = -1; options->xauth_location = NULL; options->strict_modes = -1; options->tcp_keep_alive = -1; @@ -201,6 +202,8 @@ fill_default_server_options(ServerO...
2023 Nov 14
0
[PATCH v3 2/2] Permit %L and %l percent escapes in sshd Include
...including host-specific sshd configuration. --- servconf.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/servconf.c b/servconf.c index 86c2979360c5..daf8f2df15a2 100644 --- a/servconf.c +++ b/servconf.c @@ -1297,7 +1297,8 @@ process_server_config_line_depth(ServerOptions *options, char *line, struct connection_info *connectinfo, int *inc_flags, int depth, struct include_list *includes) { - char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword; + char *str, ***chararrayptr, **charptr, *arg, *arg2, *arg_pre, *p, *keyword; + char thishost[NI_MAXH...
2024 Jul 01
0
[PATCH RESEND 2/2] Permit %L and %l percent escapes in server Include
...ding host-specific sshd configuration. --- servconf.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/servconf.c b/servconf.c index 5b32f0bfc8db..0bc281784b73 100644 --- a/servconf.c +++ b/servconf.c @@ -1254,9 +1254,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, struct connection_info *connectinfo, int *inc_flags, int depth, struct include_list *includes) { - char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword; - int cmdline = 0, *intptr, value, value2, n, port, oactive, r; - int ca_only = 0, found = 0; + char...
2024 Jun 27
1
Proposal to add a DisableAuthentication option to sshd ServerOptions
I would like to understand your opinion a little more deeply. Are you suggesting that it's easier to (prepare the container and add a line at runtime) compared to (add a line to an sshd config at runtime)? The latter scenario would be the case if the patch is merged. Or did you mean that it's easier to prepare the container than to implement a correct patch into sshd to enable the option
2024 Jun 27
1
Proposal to add a DisableAuthentication option to sshd ServerOptions
it's not just adding a line at runtime. it's the openssh maintainers maintaining an odd codepath and testing it at each release and answering questions about the configuration, etc. On Thu, Jun 27, 2024 at 3:00?PM Henry Qin <hq6 at cs.stanford.edu> wrote: > > I would like to understand your opinion a little more deeply. > > Are you suggesting that it's easier to
2023 Nov 14
1
[PATCH v3 1/2] Permit %L and %l percent escapes in ssh Include
This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific ssh configuration. --- readconf.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/readconf.c b/readconf.c index a2282b562df0..ad47d0e9730a 100644 --- a/readconf.c +++ b/readconf.c @@ -1030,7 +1030,8 @@
2023 Dec 20
2
[PATCH RESEND 0/2] Permit %L and %l percent escapes in Include
Using these escapes, the include directive can be crafted to include differing, host-specific configuration. Ronan Pigott (2): Permit %L and %l percent escapes in ssh Include Permit %L and %l percent escapes in sshd Include readconf.c | 16 +++++++++++++--- servconf.c | 17 ++++++++++++++--- 2 files changed, 27 insertions(+), 6 deletions(-) base-commit: