search for: signorerhosts

It eventually gets where I want it ... doesn't work, but at least its set right ... but why is it done 12 times? Note, I just added fprintf(stderr) messages to the case statements in the read_conf() section of servconf.c ... ./sshd -d sPermitRootLogin triggered as yes sIgnoreRhosts triggered as yes sIgnoreRhosts triggered as no sIgnoreRhosts triggered as yes sIgnoreRhosts triggered as yes sIgnoreRhosts triggered as no sIgnoreRhosts triggered as no sIgnoreRhosts triggered as no sIgnoreRhosts triggered as no sIgnoreRhosts triggered as no sIgnoreRhosts triggered as yes sIgnoreRh...

...; if (options.rhosts_rsa_authentication) auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; if (options.rsa_authentication) auth_mask |= 1 << SSH_AUTH_RSA; Now, in servconf.c, options.rhosts_authentication is set to 0 if IgnoreRhosts is no: case sIgnoreRhosts: intptr = &options->ignore_rhosts; parse_flag: cp = strtok(NULL, WHITESPACE); fprintf(stderr, "sIgnoreRhosts triggered as %s\n", cp); if (!cp) { fprintf(stderr, "%s line %d: missing yes/no argument.\n", filename, linenum);...

...ptions->print_lastlog == -1) + options->print_lastlog = 1; if (options->x11_forwarding == -1) options->x11_forwarding = 0; @@ -209,5 +212,6 @@ typedef enum { sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, - sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, + sPrintMotd, sPrintLastLog, sIgnoreRhosts, + sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, sUseLogin, sAllowTcpForwarding, @@ -254,4 +258,5 @@ static struct { { "listenaddress", sListenAd...

...>use_login = -1; + options->sys_environment_file = NULL; options->allow_tcp_forwarding = -1; options->num_allow_users = 0; options->num_deny_users = 0; *************** *** 210,216 **** sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, ! sUseLogin, sAllowTcpForwarding, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthenticat...

Would anybody happen to have or know of a patch to make /etc/default/login PATH and SUPATH the default openssh path? We have customized paths for each school of engineering (each have their own customized site bin). This is easily controled with /etc/default/login. The --with-default-path option is too rigid. This is Solaris I am talking about. --mike

...ort_forwarding == -1) + options->port_forwarding = 1; /* Allow forwarding */ if (options->strict_modes == -1) options->strict_modes = 1; if (options->keepalives == -1) @@ -180,9 +183,9 @@ sSkeyAuthentication, #endif sPasswordAuthentication, sListenAddress, - sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, - sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, - sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, + sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, + sPortForwarding, sStrictModes, sEmptyPasswd, sRandomSeedFil...

...->permit_empty_passwd == -1) options->permit_empty_passwd = 0; + if (options->permit_user_env == -1) + options->permit_user_env = 1; if (options->use_login == -1) options->use_login = 0; if (options->compression == -1) @@ -259,7 +262,7 @@ sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sKeepAlives, - sUseLogin, sAllowTcpForwarding, sCompression, + sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, s...

...13/servconf.c Fri Nov 19 23:36:56 1999 @@ -62,6 +62,7 @@ options->num_deny_users = 0; options->num_allow_groups = 0; options->num_deny_groups = 0; + options->max_connections = -1; } void fill_default_server_options(ServerOptions *options) @@ -161,7 +162,7 @@ sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, - sIgnoreUserKnownHosts + sIgnoreUserKnownHosts, sMaxConnections } ServerOpCodes; /* Textual representation of the tok...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

...env == -1) @@ -289,7 +297,7 @@ typedef enum { #ifdef AFS sAFSTokenPassing, #endif - sChallengeResponseAuthentication, + sChallengeResponseAuthentication, sChallengeResponseAuthenticationFirst, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, @@ -345,6 +353,7 @@ static struct { { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, { "challengeresponseauthentication", sChallengeResponseAuthentication }, { "skeyauthentication", sChalle...

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of

...0; + if (ssh_prng_command_file == NULL) + ssh_prng_command_file = xstrdup(SSH_PRNG_COMMAND_FILE); if (options->max_startups == -1) options->max_startups = 10; if (options->max_startups_rate == -1) @@ -187,7 +190,7 @@ #endif sPasswordAuthentication, sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, - sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, + sStrictModes, sEmptyPasswd, sRandomSeedFile, sPrngCommandFile, sKeepAlives, sCheckMail, sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sHostDSAKey...

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...t;xauth_location = _PATH_XAUTH; + if (options->no_pty == -1) + options->no_pty = 0; if (options->strict_modes == -1) options->strict_modes = 1; if (options->tcp_keep_alive == -1) @@ -314,7 +317,7 @@ typedef enum { sListenAddress, sAddressFamily, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, - sStrictModes, sEmptyPasswd, sTCPKeepAlive, + sNoPty, sStrictModes, sEmptyPasswd, sTCPKeepAlive, sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownH...

...login = -1; options->allow_tcp_forwarding = -1; @@ -249,7 +250,7 @@ #ifdef AFS sAFSTokenPassing, #endif - sChallengeResponseAuthentication, + sChallengeResponseAuthentication, sTISviaPAM, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, @@ -304,6 +305,7 @@ { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, { "challengeresponseauthentication", sChallengeResponseAuthentication }, { "skeyauthentication", sChallengeResponseAuthentication }, /* ali...

...ns->use_chroot == -1) + options->use_chroot = 0; + if (options->chroot_group == -1) + options->chroot_group = 0; if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->gateway_ports == -1) @@ -189,6 +195,7 @@ sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, + sUseChroot, sChrootGroup, sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile, sGatewayPorts, sDSAAuth...

...h-2.5.1p2-tis/servconf.c Fri Mar 9 11:12:14 2001 @@ -206,6 +209,9 @@ #ifdef AFS sKerberosTgtPassing, sAFSTokenPassing, #endif +#ifdef TIS_AUTH + sAuthservAddress, +#endif sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, @@ -246,6 +252,9 @@ { "kerberostgtpassing", sKerberosTgtPassing }, { "afstokenpassing", sAFSTokenPassing }, #endif +#ifdef TIS_AUTH + { "authservaddress", sAuthservAddress }, +#endif { "passwordauthentication", sPass...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; if (options->use_login == -1) @@ -182,6 +189,9 @@ #ifdef SKEY sSkeyAuthentication, #endif +#ifdef PAM_TIS + sTISAuthentication, +#endif sPasswordAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, @@ -222,6 +232,9 @@ #ifdef SKEY { "skeyauthentication", sSkeyAuthentication }, #endif +#ifdef PAM_TIS + { "tisauthentication", sTISAuthentication }, +#endif { "...

...um_subsystems = 0; @@ -258,17 +259,17 @@ sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, sKerberosGetAFSToken, sKerberosTgtPassing, sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sTCPKeepAlive, sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, - sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, + sAllowUsers, sAllowUsersFixedname, sAllowUsersIpaddr, sDenyUsers, sAll...