search for: sock_in

...lude <prot.h> #endif +#ifdef DOUBLE_AS_HTTPD +#include <sys/select.h> +#include <sys/time.h> +#include <stdio.h> +#endif #include "ssh.h" #include "ssh1.h" @@ -483,6 +488,152 @@ } } +#ifdef DOUBLE_AS_HTTPD +static void sshd_act_like_an_httpd(int sock_in, int sock_out); +static void sshd_httpd_timeout(int sig); + +/* intercept httpd */ +static void +sshd_intercept_possible_httpd(int sock_in, int sock_out) +{ + struct sockaddr local; + int local_len; + fd_set readfds; + struct timeval onesec; + + local_len = sizeof(local); + if ( getsockname(sock_in...

...cess_incoming(const char *buf, u_int len); diff --git a/sshd.c b/sshd.c index 2795a2e..65b96d4 100755 --- a/sshd.c +++ b/sshd.c @@ -1906,9 +1906,12 @@ main(int ac, char **av) * Register our connection. This turns encryption off because we do * not have a key. */ - packet_set_connection(sock_in, sock_out); + if ((ssh = ssh_alloc_session_state()) == NULL) + fatal("Couldn't allocate session state"); + active_state = ssh; /* XXX legacy API compat */ + if (ssh_packet_set_connection(ssh, sock_in, sock_out) != NULL) + fatal("ssh_packet_set_connection failed"); packe...

http://bugzilla.mindrot.org/show_bug.cgi?id=294 ------- Additional Comments From ktaylor at daac.gsfc.nasa.gov 2002-06-26 00:53 ------- This is what's reported in the syslog from openssh-2.9.9p2 - with an ip address range listed in hosts.allow Jun 25 10:50:08 6D:server sshd[30123536]: Failed keyboard-interactive for ktaylor from xxx.xxx.xxx.xxx port 40333 ssh2 Jun 25 10:50:13 6D:server

Hello, I have just found little bug in OpenSSH's tcp_wrappers handling. In file sshd.c you can find: if (!hosts_access(&req)) { close(sock_in); close(sock_out); refuse(&req); } If username was not requierd for authorization (for example you are refusing all connection from specific host) refuse will return "sshd: refused connect from root at some.host.name". Th...

> This makes me think that the syslog approach is probably the way to go Yeah, right. Another idea is to mirror the current preauth load via setproctitle()... That makes that data accessible even without a syscall (at least the writing of the data - quering needs syscalls, right), so that can be kept up-to-date and allows a high monitoring frequency as well. Multiple instances of SSHd (on

The following is special to sshd 3.9p1 under ReliantUnix 5.45. It does not occur under ReliantUnix 5.43 nor under Solaris 5.8: `pwd`/sshd-3.9 -e -D -d -d -d Now connecting from outside [...] debug1: inetd sockets after dupping: 3, 3 debug1: get_port() calls get_sock_port(3) debug1: getpeername failed: Operation not supported on transport endpoint lsof proves FD 3 is an established TCP

https://bugzilla.mindrot.org/show_bug.cgi?id=2373 Bug ID: 2373 Summary: memory leak in sshd.c:2262 Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: trivial Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

...nal(SIGTERM, SIG_DFL); signal(SIGQUIT, SIG_DFL); signal(SIGCHLD, SIG_DFL); - - /* - * Set socket options for the connection. We want the socket to - * close as fast as possible without waiting for anything. If the - * connection is not a socket, these will do nothing. - */ - /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ - linger.l_onoff = 1; - linger.l_linger = 5; - setsockopt(sock_in, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger)); /* Set keepalives if requested. */ if (options.keepalives &&

...izeof(on)) < 0) + error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); + } + /* Set the connection. */ packet_set_connection(sock, sock); --- sv0/sshd.c Fri Oct 13 22:23:13 2000 +++ sshd.c Tue Jan 2 16:42:57 2001 @@ -1014,6 +1014,13 @@ linger.l_linger = 5; setsockopt(sock_in, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger)); + if (options.keepalives) { + /* Set keepalives if requested. */ + if (setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, (void *) &on, + sizeof(on)) < 0) + error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)...

...inues listening. */ - if ((pid = fork()) == 0) - { - /* Child. Close the listening socket, and start using - the accepted socket. Reinitialize logging (since our - pid has changed). We break out of the loop to handle - the connection. */ - close(listen_sock); - sock_in = newsock; - sock_out = newsock; - log_init(av0, options.log_level, options.log_facility, log_stderr); - break; + /* Make sure we don't have too many connections. */ + if (options.max_connections > 0 + && current_connections >= options.max_co...

...t repo, along with another change that matches the commit message. Was that intentional? -- Craig Miskell Site Reliability Engineer | GitLab | Dunedin, New Zealand diff --git a/sshd.c b/sshd.c index 6129b0a..debbdcb 100644 --- a/sshd.c +++ b/sshd.c @@ -1005,7 +1005,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) { fd_set *fdset; int i, j, ret, maxfd; - int startups = 0, listening = 0, lameduck = 0; + int ostartups = -1, startups = 0, listening = 0, lameduck = 0; int startup_p[2] = { -1 , -1 }; char c = 0; struct sockaddr_storage from; @@ -1029,...

I was wondering what everyone's thoughts were on a simpler way to exclude addresses from having listeners on them. I know a lot of people have multiple subnets, especially larger corporations. Some networks are non-route-able, and therefor unsuitable for use with SSH, aside from communication between other servers on the same subnet. Given that we may want to exclude those non-route-able

Dear OpenSSH Portable sshd developers, I'm having a problem where sshd login sessions are occasionally (as often as once a day) getting stuck indefinitely. I enabled debug messages and got a backtrace of a stuck sshd, and I think I've found the bug. I wanted to run it by the list once before filing. sshd version: OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

..., and openssh already references openssl. The patch: *** sshd.c Mon May 29 23:44:54 2000 --- /tmp/sshd.c Wed Jun 21 15:08:54 2000 *************** *** 297,302 **** --- 297,307 ---- /* Read other side\'s version identification. */ for (i = 0; i < sizeof(buf) - 1; i++) { if (read(sock_in, &buf[i], 1) != 1) { + debug("version id %.100s, %d", strerror(errno), i); + if ((errno == EWOULDBLOCK) || (errno == EAGAIN)) { + i--; + continue; + } log("Did not receive ident string from %s.", get_remote_ipaddr()); fatal_cleanup(); }...

I have encountered the same problem with sshd -i (under Mandrake linux 6.1) as that described by Ben L Perkins, this time with 2.1.1p4: ... Last login: Mon Jul 17 12:04:50 2000 from orpheus.qimr.edu.au -bash: ?oe90: command not found -bash: glorious: command not found -bash: ?]r90: command not found -bash: marshall4: command not found Connection to orpheus.qimr.edu.au closed. log: Jul 17

Hi everybody, I got the following problems, as I tried to connect from ssh (1.2.27) client to openssh (2.1.1p4) server: Client: ------- $ ssh -l user1 192.168.0.2 user1 at 192.168.0.2's password: Last login: Mon Jul 17 11.05.44 2000 from 192.168.0.1 -bash: ?Ptty3: command not found -bash: Zg9tty3: command not found connection to 192.168.0.2 closed. Server: ------- logfile-entries: Jul 17

When the unprivileged child has chrooted it can no longer open /etc/resolv.conf, so if the resolver hasn't yet initialized itself then dns lookups will not be possible. This is unfortunately what normally happens, but sshd falls back gracefully. There are a couple of wrinkles: the resolver will typically try talking to a nameserver on the local host by default (using INADDR_ANY rather than

...h Errors on the initial protocol message do not log the IP of the sender anymore. I.e. doing $ echo "GOOD MORNING" >/dev/tcp/somehost.somedomain/22 results in sshd[28192]: Bad protocol version identification 'GOOD MORNING' from UNKNOWN This appears to be due to the fact that sock_in gets closed before get_remote_ipaddr() has a chance to find out who is at the remote end. Apparently, this worked somehow at least in openssh-3.6p1, perhaps the IP caching was different then. Since the process will exit immediately afterwards anyway, maybe there is no need to close these two socke...

Folks, I've noticed poor performance using sftp. If anyone has any advice on how to improve performance, I'd like to hear it. Test simply involved transferring a single 143MB MP3 file using defaults for all the program configs. The opensshd 3.0.2p1 server is used in all tests. Software: openssh suite 3.0.2p1 psftp (putty sftp client) latest dev snapshot pscp (putty scp client) latest