search for: streamlocalbindmask

Displaying 12 results from an estimated 12 matches for "streamlocalbindmask".

2016 May 03
3
StreamLocal forwarding
...eamLocalBindUnlink yes > > And, surprisingly, even having set the directive outside the Match block, > the following command still doesn't show streamlocalbindunlink set: > > sshd -T -C "user=sshvpn,host=196.209.244.243,addr=196.209.244.243" | grep -i > stream > streamlocalbindmask 0177 > allowstreamlocalforwarding yes oh, that's a bug in the config dump support. diff --git a/servconf.c b/servconf.c index 6111c5a..2094c48 100644 --- a/servconf.c +++ b/servconf.c @@ -2293,6 +2293,7 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp...
2006 Apr 22
1
[Patch] Unix Domain Socket Forwarding
...ask Mask to use when binding a control socket ControlAllowUsers List of users and uids allowed to connect ControlAllowGroups List of groups and gids allows to connect ControlDenyUsers List of users and uids disallowed ControlDenyGroups List of groups and gids disallowed -> new stuff <- StreamLocalBindMask Mask to use when binding a forward socket StreamLocalBindUnlink Attempt an unlink before binding FakeStreamLocalForwards Fake a connection originating from a socket as tcpip. This isn't currently honored, but is the default and only behavior. See channel_post_port_listener(). Ser...
2016 Jul 21
7
[Bug 2601] New: StreamLocalBindUnlink not working
https://bugzilla.mindrot.org/show_bug.cgi?id=2601 Bug ID: 2601 Summary: StreamLocalBindUnlink not working Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org
2016 May 03
2
StreamLocal forwarding
Hi, The code definitely attempts to unlink any old listener beforehand (see misc.c:unix_listener()) so I don't understand why that isn't being called. You might try simulating your configuration using sshd's -T and -C to make sure the flag is correctly being set. Could chroot be interfering? Some platforms implement additional restrictions on devices and sockets inside chroot. -d
2015 Feb 19
2
[Bug 2353] New: options allowed for Match blocks missing form documentation
...Reporter: calestyo at scientia.net Hi. AFAIU such options which are allowed for Match blocks are marked with "SSHCFG_ALL" in servconf.c. Going through the list, a number of the is apparently allowed but missing from sshd_config(5): AllowStreamLocalForwarding IPQoS RevokedKeys StreamLocalBindMask StreamLocalBindUnlink TrustedUserCAKeys Could you please add these? I'd have written a patch, but since all my pull requests are apparently generally ignored it's probably just a waste of time :( Cheers, Chris. -- You are receiving this mail because: You are watching the assignee of t...
2015 Jan 30
5
[Bug 2346] New: sshd -T doesn't write all configuration options in valid format
...proposed patch During walk through output of sshd -T in different versions of openssh in our distributions I came up with some problems that are also applicable to upstream so I took time to report them here. Found issues: * UsePAM option is written in integer format, instead of yes/no format * StreamLocalBindMask is not written * AllowAgentForwarding is not written * VersionAddendum is written, but even without value which makes it invalid option when using output again as input sshd_config * AuthenticationMethods is written even if it is empty which causes the same problem like the previous option Thes...
2014 Sep 09
9
[Bug 2272] New: Global "PermitTunnel Yes" required to connect to a tunnel
https://bugzilla.mindrot.org/show_bug.cgi?id=2272 Bug ID: 2272 Summary: Global "PermitTunnel Yes" required to connect to a tunnel Product: Portable OpenSSH Version: 6.6p1 Hardware: amd64 OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd
2015 Jul 01
0
Announce: OpenSSH 6.9 released
...up size at 4Kbits for Cisco implementations as some would fail when attempting to use group sizes >4K; bz#2209 * ssh(1): fix out-of-bound read in EscapeChar configuration option parsing; bz#2396 * sshd(8): fix application of PermitTunnel, LoginGraceTime, AuthenticationMethods and StreamLocalBindMask options in Match blocks * ssh(1), sshd(8): improve disconnection message on TCP reset; bz#2257 * ssh(1): remove failed remote forwards established by muliplexing from the list of active forwards; bz#2363 * sshd(8): make parsing of authorized_keys "environment=" options i...
2015 Jul 01
5
Announce: OpenSSH 6.9 released
...up size at 4Kbits for Cisco implementations as some would fail when attempting to use group sizes >4K; bz#2209 * ssh(1): fix out-of-bound read in EscapeChar configuration option parsing; bz#2396 * sshd(8): fix application of PermitTunnel, LoginGraceTime, AuthenticationMethods and StreamLocalBindMask options in Match blocks * ssh(1), sshd(8): improve disconnection message on TCP reset; bz#2257 * ssh(1): remove failed remote forwards established by muliplexing from the list of active forwards; bz#2363 * sshd(8): make parsing of authorized_keys "environment=" options i...
2017 Jun 06
10
[Bug 2727] New: ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 8002: message authentication code incorrect
https://bugzilla.mindrot.org/show_bug.cgi?id=2727 Bug ID: 2727 Summary: ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 8002: message authentication code incorrect Product: Portable OpenSSH Version: 7.5p1 Hardware: ix86 OS: Linux Status: NEW Severity: major Priority: P5
2017 Jun 16
2
[PATCH] allow relative path in streamlocal forwarding
...i < options->num_host_key_files; i++) CLEAR_ON_NONE(options->host_key_files[i]); for (i = 0; i < options->num_host_cert_files; i++) @@ -417,6 +419,7 @@ typedef enum { sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, + sStreamLocalBindRootDirectory, sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, sDeprecated, sIgnore, sUnsupported } ServerOpCodes; @@ -558,6 +561,7 @@ static struct { { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, {...
2015 May 29
16
Call for testing: OpenSSH 6.9
...up size at 4Kbits for Cisco implementations as some would fail when attempting to use group sizes >4K; bz#2209 * ssh(1): fix out-of-bound read in EscapeChar configuration option parsing; bz#2396 * sshd(8): fix application of PermitTunnel, LoginGraceTime, AuthenticationMethods and StreamLocalBindMask options in Match blocks * ssh(1), sshd(8): improve disconnection message on TCP reset; bz#2257 * ssh(1): remove failed remote forwards established by muliplexing from the list of active forwards; bz#2363 * sshd(8): make parsing of authorized_keys "environment=" options i...