search for: strictmode

Displaying 20 results from an estimated 147 matches for "strictmode".

Did you mean: strictmodes
2005 Sep 22
3
[Bug 1089] StrictModes needs runtime granularity
http://bugzilla.mindrot.org/show_bug.cgi?id=1089 Summary: StrictModes needs runtime granularity Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org...
2008 Jul 15
2
Risk of StrictMode (but read only)
Is there a risk associated with having authorized_keys files set to readable but "StrictMode no"? I am thinking particularly in the case of having public keys all centralized in a directory in /etc or something. Is it really a potential hack vector if someone can read a public key, or is the only real danger if they were writable? --- Don Hoover dxh at yahoo.com
2014 May 15
1
[patch/cygwin] contrib/cygwin/ssh-host-config
...mind to apply the below patch? It fixes Cygwin's ssh-host-config script in various ways: - Remove old code to remove the "sshd/22" entry from /etc/services. This code fixes a problem which only existed in installations which are more than 10 years old. - Handle the StrictMode setting interactively. - Fix regular expressions looking for white spaces. - Make the script independent of whether /etc/passwd exists or not. This allows to run ssh-host-config under the upcoming Cygwin release 1.7.30, which will introduce the passwd/group handling via the exis...
2008 Oct 24
7
[Bug 1532] New: SSH ignoring "StrictModes no"
https://bugzilla.mindrot.org/show_bug.cgi?id=1532 Summary: SSH ignoring "StrictModes no" Product: Portable OpenSSH Version: 5.1p1 Platform: ix86 URL: http://www.networksecurityarchive.org/html/Secure-Shel l/2005-08/msg00058.html OS/Version: Linux Status: NEW...
2015 Nov 18
0
[Bug 2498] New: Allow StrictModes to be controlled by Match
https://bugzilla.mindrot.org/show_bug.cgi?id=2498 Bug ID: 2498 Summary: Allow StrictModes to be controlled by Match Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org...
2005 Feb 28
1
[Bug 988] sshd StrictModes check failed with fs acl
http://bugzilla.mindrot.org/show_bug.cgi?id=988 Summary: sshd StrictModes check failed with fs acl Product: Portable OpenSSH Version: 3.9p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org...
2003 Jul 10
0
[Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes
http://bugzilla.mindrot.org/show_bug.cgi?id=615 Summary: OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes Product: Portable OpenSSH Version: 3.6.1p2 Platform: ix86 OS/Version: other Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: vi...
2002 Mar 21
0
StrictModes yes fails in some cases on AIX
...a AIX 4.3 box (OpenSSH 3.1p1) secure_filename() fails with "realpath /users/fmohr/.ssh/authorized_keys failed: Permission denied" in a (realy special) case: - /users/fmohr/ is mounted by the automounter - the directory is exported via a dfs/nfs gateway - StrictModes is set to yes it works if the mounted directory is directly exported via nfs or StrictModes is set to no (no secure_filename check). the problem is caused by AIX realpath(), if I define BROKEN_REALPATH and use the realpath() function from openbsd-compat the authentication works fine. is this a...
2017 May 07
2
[Bug 2713] New: Please provide a StrictModes-like setting (command line parameter) for ssh (client)
https://bugzilla.mindrot.org/show_bug.cgi?id=2713 Bug ID: 2713 Summary: Please provide a StrictModes-like setting (command line parameter) for ssh (client) Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5 Component: ssh...
2003 Jul 09
3
OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes
Greetings, I have compiled OpenSSH-3.6.1p2 on SCO 3.2v4.2 and the following problem occurs: I am unable to login as root using when strictmode is set to yes. output of debug: Failed none for root from 192.168.1.1 port 1199 ssh2 debug1: userauth-request for user root service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptabl...
2003 Jul 29
6
[Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen)
...47;show_bug.cgi?id=615 vikashb at comparexafrica.co.za changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|OpenSSH 3.6.1p2 ON SCO |OpenSSH 3.6.1p2 ON SCO |3.2v4.2 + STRICTMODES -->yes|3.2v4.2 + STRICTMODES -->yes | |(broken dirname in libgen) ------- Additional Comments From vikashb at comparexafrica.co.za 2003-07-29 15:48 ------- After some more effort on my part, i have been able to determine that the problem is i...
2015 Nov 18
0
[Bug 1089] StrictModes needs runtime granularity
https://bugzilla.mindrot.org/show_bug.cgi?id=1089 cab at bongalow.net changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cab at bongalow.net -- You are receiving this mail because: You are watching the assignee of the bug.
2003 Sep 16
0
[PATCH] contrib/cygwin: ssh-host-config and README file update
...g @@ -407,7 +409,7 @@ Port $port_number # Authentication: -#LoginGraceTime 120 +#LoginGraceTime 2m #PermitRootLogin yes # The following setting overrides permission checks on host key files # and directories. For security reasons set this to "yes" when running @@ -418,10 +420,6 @@ StrictModes no #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys -# rhosts authentication should not be used -#RhostsAuthentication no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes # For this to work you will also need host keys in ${SY...
2006 Jan 19
3
ownership of authorized_keys
Hi, I would like to make it impossible for users to change the contents of the authorized_keys-file. I just found out about the sshd_config setting: AuthorizedKeysFile /etc/ssh/authorized_keys/%u But even in that case that file has to be owned by the user, unless I set ``StrictModes no'' which would allow other nastyness. I would like to request that that file could also be owned by root, so I can make that file immutable for the user, even on filesystems which don't support the immutable flag, for example jfs on GNU/Linux. # Han -- \ / The t...
2015 Apr 22
6
SIG - Hardening
...f the members of the community who are also interested in this. Therefore, I am extending that email to this community; where there is a larger community. Some things that we will like to achieve are as follows: SSH: disable root (uncomment 'PermitRootLogin' and change to no) enable 'strictMode' modify 'MaxAuthTries' modify 'ClientAliveInterval' modify 'ClientAliveCountMax' Gnome: disable Gnome user list Console: Remove reboot, halt poweroff from /etc/security/console.app Applying security best practises from various compliance perspective, e.g....
2003 Jun 28
1
[Bug 219] authorized_keys documentation
http://bugzilla.mindrot.org/show_bug.cgi?id=219 ------- Additional Comments From dtucker at zip.com.au 2003-06-28 14:52 ------- Created an attachment (id=340) --> (http://bugzilla.mindrot.org/attachment.cgi?id=340&action=view) Change authorized_keys description. How about something like the attached? Or should this bug be closed as WONTFIX? ------- You are
2002 Feb 20
1
Is there a way to tell the sshd to ignore the security check on t he user's home permissions?
Is there a way to tell the sshd to ignore the security check on the user's home permissions? debug3: secure_filename: checking '/ftpdata/pxdata/pold/data/.ssh' debug3: secure_filename: checking '/ftpdata/pxdata/pold/data' Authentication refused: bad ownership or modes for directory /ftpdata/pxdata/fold/data debug1:
2000 Apr 09
2
Password Login Failing... (Not sure this went through)
...;etc/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # RSAAuth...
2014 Nov 10
7
[Bug 2311] New: simple attack when control channel muxing is used
.... ssh will just do so without any complains. And even when one uses something like %h, %p or that like, an attacker can easily guess these. Since it doesn't seem to be documented that the socket must be created in a secure location and since neither there are any owner checks like sshd's StrictMode... I'd probably consider that a security hole. Any further possible attack vectors? Things like the other typical attacks on /tmp files? Cheers, Chris. [0] https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-November/033124.html -- You are receiving this m...
2003 Oct 09
1
Key-based auth fails - OpenSSH 3.7.1p2 (cygwin)
...ward Administ 1228 Oct 9 09:40 known_hosts drwx------+ 2 hayward Administ 4096 Oct 9 09:41 . -rw------- 1 hayward Administ 618 Oct 9 09:41 authorized_keys2 drwx------+ 3 hayward Administ 0 Oct 9 10:07 .. Here are the sshd_config params not commented out: Port 22 StrictModes no Subsystem sftp /usr/sbin/sftp-server *** No matter what I do with filesystem permissions, I can't get ssh key-based authentication to work. I have tried both with StrictModes no and yes. Here is the output of sshd -ddd pertaining to key-based authentication: debug1: useraut...