search for: ssh_proto_2

...without port forwarding ?????? + */ + if ( options.num_local_forwards == 0 && options.num_remote_forwards == 0 && + no_shell_flag ) { + fprintf(stderr, "-N makes sense only with port forwardings\n"); + usage(); + /* NOT REACHED */ + } + if ((options.protocol & SSH_PROTO_2) && no_shell_flag && + buffer_len(&command) > 0) { + fprintf(stderr,"-N option works only with protocol version 2 and w/out a command\n"); + usage(); + /* NOT REACHED */ + } + + /* Cannot fork to background if no command. + Command not needed for protocol 2...

...;kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->server = 1; CHANGE TO kex->we_need = buffer_get_int(m); kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; kex->server = 1; TO REMOVE DSA HOST KEY IN servconf.c if (options->protocol & SSH_PROTO_2) { options->host_key_files[options->num_host_key_files++] = _PATH_HOST_RSA_KEY_FILE; options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE; } CHANGE TO if (options->protocol & SSH_PROTO_2) { options->host_key_files[options->num_host...

OpenSSH still has this feature, SSH-1.2.27 no longer has it. Admittedly it can be useful sometimes, even though I'd prefer this to be done using a trivial shell wrapper, which would be the UNIX way of doing things. Not being able to call OpenSSH's ssh by another name (say ``ssh1'') can get in the way when having to maintain two versions of ssh in parallel because the ``ssh ->

...ly specify /home/klotz/.ssh/id_dsa.pub I looked in ssh-add.c from openssh-2.5.1p2-1.src.rpm from the OpenBSD rpm directory mentioned above, and I see that at line 295 it looks in _PATH_SSH_CLIENT_IDENTITY but no further. I see that readconf.c in line 810 does check options->protocol && SSH_PROTO_2 and will also check _PATH_SSH_CLIENT_ID_DSA, but this logic is not present in ssh-add. Since I don't have the CVS tree, I couldn't check to see if this log was previously present in ssh-add.c or not, or if it is a RedHat patch. Am I broken in some way to expect ssh-add simply to work with...

Hi, The name of the identity file defaults to what fill_default_options() in readconf.c does: SSH_PROTO_1: "~/%.100s", _PATH_SSH_CLIENT_IDENTITY SSH_PROTO_2: "~/%.100s", _PATH_SSH_CLIENT_ID_RSA "~/%.100s", _PATH_SSH_CLIENT_ID_DSA Identity files are always expanded by tilde_expand_filename() which gets the name of the home directory from getpwuid(my_uid)->pw_dir. This is not what I expect (well, hope :-) when my UID is 0 bu...

On Sun, Feb 11, 2018 at 11:27 PM, Darren Tucker <dtucker at dtucker.net> wrote: > Sigh. If you could provide the server's identity string (eg from "ssh > -v yourthing") we could add a bug bit to stop it from being sent. $ ssh -v nathan at 10.0.0.1 OpenSSH_7.4p1, LibreSSL 2.5.0 [snip] debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version

...gt;cipher = SSH_CIPHER_NOT_SET; /* options->ciphers, default set in myproposals.h */ /* options->macs, default set in myproposals.h */ + /* options->pkalgorithms, default set in myproposals.h */ if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED; if (options->num_identity_files == 0) { *** ../../openssh-2.5.1p2/readconf.h Wed Feb 14 22:02:00 2001 --- readconf.h Tue Mar 6 23:58:08 2001 *************** *** 69,74 **** --- 69,75 ---- int cipher; /* Cipher to use. */ char *ciphers; /* SSH2 ciphers in o...

Heya, I'm trying to convince my company to use OpenSSH instead of the commercial SSH version. I need a little help: 1. What features does OpenSSH offer over commercial SSH (besides being free and open source of course)? 2. Our lawyers want details on the licensing / patents stuff. I have the high level details from the OpenSSH page. I need the nitty gritty like RSA patent# and

...@ RCSID("$OpenBSD: servconf.c,v 1.50 2000/07/22 09:14:36 markus Exp $"); #include "ssh.h" +#include "entropy.h" #include "servconf.h" #include "xmalloc.h" #include "compat.h" @@ -162,6 +163,8 @@ options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->gateway_ports == -1) options->gateway_ports = 0; + if (ssh_prng_command_file == NULL) + ssh_prng_command_file = xstrdup(SSH_PRNG_COMMAND_FILE); if (options->max_startups == -1) options->max_startups = 10; if (options->max_startups_rate == -1) @@ -187,7 +190...

...sswd = 0; if (options->use_login == -1) options->use_login = 0; + if (options->use_chroot == -1) + options->use_chroot = 0; + if (options->chroot_group == -1) + options->chroot_group = 0; if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->gateway_ports == -1) @@ -189,6 +195,7 @@ sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, + sUseChroot, sChrootGroup, sIgnoreU...

...ff -up openssh-6.6p1/sshconnect.c.original openssh-6.6p1/sshconnect.c --- openssh-6.6p1/sshconnect.c.original 2015-05-23 11:56:55.235217137 +0200 +++ openssh-6.6p1/sshconnect.c 2015-05-27 01:14:02.563652677 +0200 @@ -560,6 +560,9 @@ ssh_exchange_identification(int timeout_ if (options.protocol == SSH_PROTO_2) { enable_compat20(); send_client_banner(connection_out, 0); + packet_send_ignore(0); + packet_send(); + packet_write_wait(); client_banner_sent = 1; } The question then is, would the security implications of adding these three lines be much worse than my original patch? -- Kasper...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

...ge_identification(int timeout_ms) +ssh_exchange_identification(int timeout_ms, const char *host) { char buf[256], remote_version[256]; /* must be same size! */ int remote_major, remote_minor, mismatch; @@ -559,7 +560,7 @@ ssh_exchange_identification(int timeout_ */ if (options.protocol == SSH_PROTO_2) { enable_compat20(); - send_client_banner(connection_out, 0); + send_client_banner(connection_out, 0, host); client_banner_sent = 1; } @@ -672,7 +673,7 @@ ssh_exchange_identification(int timeout_ logit("Server version \"%.100s\" uses unsafe RSA signature "...

...without port forwarding ?????? + */ + if ( options.num_local_forwards == 0 && options.num_remote_forwards == 0 && + no_shell_flag ) { + fprintf(stderr, "-N makes sense only with port forwardings\n"); + usage(); + /* NOT REACHED */ + } + if ((options.protocol & SSH_PROTO_2) && no_shell_flag && + buffer_len(&command) > 0) { + fprintf(stderr,"-N option works only with protocol version 2 and w/out a command\n"); + usage(); + /* NOT REACHED */ + } + + /* Cannot fork to background if no command. + Command not needed for protocol 2...

...lt_server_options(ServerOptions *options) { - /* Portable-specific options */ - if (options->pam_authentication_via_kbd_int == -1) - options->pam_authentication_via_kbd_int = 0; - - /* Standard Options */ if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->num_host_key_files == 0) { @@ -258,9 +249,6 @@ /* Keyword tokens. */ typedef enum { sBadOption, /* == unknown option */ - /* Portable-specific options */ - sPAMAuthenticationViaKbdInt, - /* Standard Options */ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegen...

On 26/05/15 15.50, Daniel Kahn Gillmor wrote: > The argument that the DNS lookup leaks this metadata is a bad argument: > if we followed this line of reasoning, then every problem that has > multiple contributors could never be solved (A says "but my fixing > things is useless if B does nothing", while B says "but my fixing things > is useless if A does nothing"

...; Process the option as if it was read from a configuration file.\n"); exit(1); *************** *** 287,292 **** --- 288,296 ---- optarg = NULL; } switch (opt) { + case '1': + options.protocol = SSH_PROTO_1; + break; case '2': options.protocol = SSH_PROTO_2; break; *** ./sshd.c.orig Thu Aug 17 23:59:07 2000 --- ./sshd.c Thu Aug 24 15:30:16 2000 *************** *** 90,95 **** --- 90,101 ---- char **saved_argv; int saved_argc; + /* Save these for use from log_connect_close(), called on fatal_cleanup, + * to make sure connection-close is ful...

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...lt_server_options(ServerOptions *options) { - /* Portable-specific options */ - if (options->pam_authentication_via_kbd_int == -1) - options->pam_authentication_via_kbd_int = 0; - - /* Standard Options */ if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->num_host_key_files == 0) { @@ -271,9 +262,6 @@ /* Keyword tokens. */ typedef enum { sBadOption, /* == unknown option */ - /* Portable-specific options */ - sPAMAuthenticationViaKbdInt, - /* Standard Options */ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegen...