Displaying 20 results from an estimated 152 matches for "strictmode".
Did you mean:
strictmodes
2005 Sep 22
3
[Bug 1089] StrictModes needs runtime granularity
http://bugzilla.mindrot.org/show_bug.cgi?id=1089
Summary: StrictModes needs runtime granularity
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org...
2008 Jul 15
2
Risk of StrictMode (but read only)
Is there a risk associated with having authorized_keys files set to readable but "StrictMode no"?
I am thinking particularly in the case of having public keys all centralized in a directory in /etc or something.
Is it really a potential hack vector if someone can read a public key, or is the only real danger if they were writable?
---
Don Hoover
dxh at yahoo.com
2008 Oct 24
7
[Bug 1532] New: SSH ignoring "StrictModes no"
https://bugzilla.mindrot.org/show_bug.cgi?id=1532
Summary: SSH ignoring "StrictModes no"
Product: Portable OpenSSH
Version: 5.1p1
Platform: ix86
URL: http://www.networksecurityarchive.org/html/Secure-Shel
l/2005-08/msg00058.html
OS/Version: Linux
Status: NEW
Severity: normal...
2014 May 15
1
[patch/cygwin] contrib/cygwin/ssh-host-config
...,
would you mind to apply the below patch? It fixes Cygwin's
ssh-host-config script in various ways:
- Remove old code to remove the "sshd/22" entry from /etc/services.
This code fixes a problem which only existed in installations which
are more than 10 years old.
- Handle the StrictMode setting interactively.
- Fix regular expressions looking for white spaces.
- Make the script independent of whether /etc/passwd exists or not.
This allows to run ssh-host-config under the upcoming Cygwin
release 1.7.30, which will introduce the passwd/group handling
via the existing Windows...
2015 Nov 18
0
[Bug 2498] New: Allow StrictModes to be controlled by Match
https://bugzilla.mindrot.org/show_bug.cgi?id=2498
Bug ID: 2498
Summary: Allow StrictModes to be controlled by Match
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org...
2005 Feb 28
1
[Bug 988] sshd StrictModes check failed with fs acl
http://bugzilla.mindrot.org/show_bug.cgi?id=988
Summary: sshd StrictModes check failed with fs acl
Product: Portable OpenSSH
Version: 3.9p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
Repo...
2003 Jul 10
0
[Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes
http://bugzilla.mindrot.org/show_bug.cgi?id=615
Summary: OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: ix86
OS/Version: other
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: vikash...
2002 Mar 21
0
StrictModes yes fails in some cases on AIX
...I've got a strange error on a AIX 4.3 box (OpenSSH 3.1p1)
secure_filename() fails with
"realpath /users/fmohr/.ssh/authorized_keys failed: Permission denied"
in a (realy special) case:
- /users/fmohr/ is mounted by the automounter
- the directory is exported via a dfs/nfs gateway
- StrictModes is set to yes
it works if the mounted directory is directly exported
via nfs or StrictModes is set to no (no secure_filename check).
the problem is caused by AIX realpath(), if I define BROKEN_REALPATH
and use the realpath() function from openbsd-compat the authentication
works fine.
is this a...
2017 May 07
2
[Bug 2713] New: Please provide a StrictModes-like setting (command line parameter) for ssh (client)
https://bugzilla.mindrot.org/show_bug.cgi?id=2713
Bug ID: 2713
Summary: Please provide a StrictModes-like setting (command
line parameter) for ssh (client)
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: Other
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh...
2003 Jul 09
3
OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes
Greetings,
I have compiled OpenSSH-3.6.1p2 on SCO 3.2v4.2 and
the following problem occurs:
I am unable to login as root using when strictmode is set to yes.
output of debug:
Failed none for root from 192.168.1.1 port 1199 ssh2
debug1: userauth-request for user root service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
de...
2003 Jul 29
6
[Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen)
...rg/show_bug.cgi?id=615
vikashb at comparexafrica.co.za changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|OpenSSH 3.6.1p2 ON SCO |OpenSSH 3.6.1p2 ON SCO
|3.2v4.2 + STRICTMODES -->yes|3.2v4.2 + STRICTMODES -->yes
| |(broken dirname in libgen)
------- Additional Comments From vikashb at comparexafrica.co.za 2003-07-29 15:48 -------
After some more effort on my part, i have been able to determine that
the problem is i...
2015 Nov 18
0
[Bug 1089] StrictModes needs runtime granularity
https://bugzilla.mindrot.org/show_bug.cgi?id=1089
cab at bongalow.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |cab at bongalow.net
--
You are receiving this mail because:
You are watching the assignee of the bug.
2003 Sep 16
0
[PATCH] contrib/cygwin: ssh-host-config and README file update
...g
@@ -407,7 +409,7 @@ Port $port_number
# Authentication:
-#LoginGraceTime 120
+#LoginGraceTime 2m
#PermitRootLogin yes
# The following setting overrides permission checks on host key files
# and directories. For security reasons set this to "yes" when running
@@ -418,10 +420,6 @@ StrictModes no
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
-# rhosts authentication should not be used
-#RhostsAuthentication no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
# For this to work you will also need host keys in ${SYSCONFDIR}/ss...
2006 Jan 19
3
ownership of authorized_keys
Hi,
I would like to make it impossible for users to change the
contents of the authorized_keys-file.
I just found out about the sshd_config setting:
AuthorizedKeysFile /etc/ssh/authorized_keys/%u
But even in that case that file has to be owned by the user,
unless I set ``StrictModes no'' which would allow other
nastyness. I would like to request that that file could also be
owned by root, so I can make that file immutable for the user,
even on filesystems which don't support the immutable flag, for
example jfs on GNU/Linux.
# Han
--
\ / The two thing...
2015 Apr 22
6
SIG - Hardening
...f
the members of the community who are also interested in this. Therefore,
I am extending that email to this community; where there is a larger
community.
Some things that we will like to achieve are as follows:
SSH:
disable root (uncomment 'PermitRootLogin' and change to no)
enable 'strictMode'
modify 'MaxAuthTries'
modify 'ClientAliveInterval'
modify 'ClientAliveCountMax'
Gnome:
disable Gnome user list
Console:
Remove reboot, halt poweroff from /etc/security/console.app
Applying security best practises from various compliance perspective,
e.g. STIG, SOX, P...
2003 Jun 28
1
[Bug 219] authorized_keys documentation
http://bugzilla.mindrot.org/show_bug.cgi?id=219
------- Additional Comments From dtucker at zip.com.au 2003-06-28 14:52 -------
Created an attachment (id=340)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=340&action=view)
Change authorized_keys description.
How about something like the attached? Or should this bug be closed as
WONTFIX?
------- You are receiving this mail
2002 Feb 20
1
Is there a way to tell the sshd to ignore the security check on t he user's home permissions?
Is there a way to tell the sshd to ignore the security check on the user's
home permissions?
debug3: secure_filename: checking '/ftpdata/pxdata/pold/data/.ssh'
debug3: secure_filename: checking '/ftpdata/pxdata/pold/data'
Authentication refused: bad ownership or modes for directory
/ftpdata/pxdata/fold/data
debug1: restore_uid
debug2: userauth_pubkey: authenticated 0 pkalg
2000 Apr 09
2
Password Login Failing... (Not sure this went through)
...HostKey /usr/local/etc/ssh_host_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthenticati...
2003 Oct 09
1
Key-based auth fails - OpenSSH 3.7.1p2 (cygwin)
...ward Administ 1228 Oct 9 09:40 known_hosts
drwx------+ 2 hayward Administ 4096 Oct 9 09:41 .
-rw------- 1 hayward Administ 618 Oct 9 09:41 authorized_keys2
drwx------+ 3 hayward Administ 0 Oct 9 10:07 ..
Here are the sshd_config params not commented out:
Port 22
StrictModes no
Subsystem sftp /usr/sbin/sftp-server
***
No matter what I do with filesystem permissions, I can't get ssh key-based
authentication to work. I have tried both with StrictModes no and yes.
Here is the output of sshd -ddd pertaining to key-based authentication:
debug1: userauth-request fo...
2014 Nov 10
7
[Bug 2311] New: simple attack when control channel muxing is used
....
ssh will just do so without any complains.
And even when one uses something like %h, %p or that like, an attacker
can easily guess these.
Since it doesn't seem to be documented that the socket must be created
in a secure location and since neither there are any owner checks like
sshd's StrictMode... I'd probably consider that a security hole.
Any further possible attack vectors? Things like the other typical
attacks on /tmp files?
Cheers,
Chris.
[0]
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-November/033124.html
--
You are receiving this mail because:
You are watchin...