search for: strictmodes

http://bugzilla.mindrot.org/show_bug.cgi?id=1089 Summary: StrictModes needs runtime granularity Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org...

Is there a risk associated with having authorized_keys files set to readable but "StrictMode no"? I am thinking particularly in the case of having public keys all centralized in a directory in /etc or something. Is it really a potential hack vector if someone can read a public key, or is the only real danger if they were writable? --- Don Hoover dxh at yahoo.com

https://bugzilla.mindrot.org/show_bug.cgi?id=1532 Summary: SSH ignoring "StrictModes no" Product: Portable OpenSSH Version: 5.1p1 Platform: ix86 URL: http://www.networksecurityarchive.org/html/Secure-Shel l/2005-08/msg00058.html OS/Version: Linux Status: NEW Severity: normal...

...coreutils /usr/bin/rm coreutils /usr/bin/cygpath cygwin + /usr/bin/mkpasswd cygwin /usr/bin/mount cygwin /usr/bin/ps cygwin /usr/bin/setfacl cygwin @@ -59,8 +60,9 @@ PREFIX=/usr SYSCONFDIR=/etc LOCALSTATEDIR=/var +sshd_config_configured=no port_number=22 -privsep_configured=no +strictmodes=yes privsep_used=yes cygwin_value="" user_account= @@ -89,28 +91,8 @@ update_services_file() { # Depends on the above mount _wservices=`cygpath -w "${_services}"` - # Remove sshd 22/port from services - if [ `/usr/bin/grep -q 'sshd[ \t][ \t]*22' "${_ser...

https://bugzilla.mindrot.org/show_bug.cgi?id=2498 Bug ID: 2498 Summary: Allow StrictModes to be controlled by Match Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org...

http://bugzilla.mindrot.org/show_bug.cgi?id=988 Summary: sshd StrictModes check failed with fs acl Product: Portable OpenSSH Version: 3.9p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org Repor...

http://bugzilla.mindrot.org/show_bug.cgi?id=615 Summary: OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes Product: Portable OpenSSH Version: 3.6.1p2 Platform: ix86 OS/Version: other Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: vikashb...

...I've got a strange error on a AIX 4.3 box (OpenSSH 3.1p1) secure_filename() fails with "realpath /users/fmohr/.ssh/authorized_keys failed: Permission denied" in a (realy special) case: - /users/fmohr/ is mounted by the automounter - the directory is exported via a dfs/nfs gateway - StrictModes is set to yes it works if the mounted directory is directly exported via nfs or StrictModes is set to no (no secure_filename check). the problem is caused by AIX realpath(), if I define BROKEN_REALPATH and use the realpath() function from openbsd-compat the authentication works fine. is this a...

https://bugzilla.mindrot.org/show_bug.cgi?id=2713 Bug ID: 2713 Summary: Please provide a StrictModes-like setting (command line parameter) for ssh (client) Product: Portable OpenSSH Version: 7.5p1 Hardware: Other OS: Other Status: NEW Severity: enhancement Priority: P5 Component: ssh...

Greetings, I have compiled OpenSSH-3.6.1p2 on SCO 3.2v4.2 and the following problem occurs: I am unable to login as root using when strictmode is set to yes. output of debug: Failed none for root from 192.168.1.1 port 1199 ssh2 debug1: userauth-request for user root service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1:

...rg/show_bug.cgi?id=615 vikashb at comparexafrica.co.za changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|OpenSSH 3.6.1p2 ON SCO |OpenSSH 3.6.1p2 ON SCO |3.2v4.2 + STRICTMODES -->yes|3.2v4.2 + STRICTMODES -->yes | |(broken dirname in libgen) ------- Additional Comments From vikashb at comparexafrica.co.za 2003-07-29 15:48 ------- After some more effort on my part, i have been able to determine that the problem is in...

https://bugzilla.mindrot.org/show_bug.cgi?id=1089 cab at bongalow.net changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cab at bongalow.net -- You are receiving this mail because: You are watching the assignee of the bug.

...g @@ -407,7 +409,7 @@ Port $port_number # Authentication: -#LoginGraceTime 120 +#LoginGraceTime 2m #PermitRootLogin yes # The following setting overrides permission checks on host key files # and directories. For security reasons set this to "yes" when running @@ -418,10 +420,6 @@ StrictModes no #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys -# rhosts authentication should not be used -#RhostsAuthentication no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes # For this to work you will also need host keys in ${SYSCONFDIR}/ssh...

Hi, I would like to make it impossible for users to change the contents of the authorized_keys-file. I just found out about the sshd_config setting: AuthorizedKeysFile /etc/ssh/authorized_keys/%u But even in that case that file has to be owned by the user, unless I set ``StrictModes no'' which would allow other nastyness. I would like to request that that file could also be owned by root, so I can make that file immutable for the user, even on filesystems which don't support the immutable flag, for example jfs on GNU/Linux. # Han -- \ / The two things...

Dear All, About a week ago; I posted a proposal over on the centos-devel mailing list, the proposal is for a SIG 'CentOS hardening', there were a few of the members of the community who are also interested in this. Therefore, I am extending that email to this community; where there is a larger community. Some things that we will like to achieve are as follows: SSH: disable root

http://bugzilla.mindrot.org/show_bug.cgi?id=219 ------- Additional Comments From dtucker at zip.com.au 2003-06-28 14:52 ------- Created an attachment (id=340) --> (http://bugzilla.mindrot.org/attachment.cgi?id=340&action=view) Change authorized_keys description. How about something like the attached? Or should this bug be closed as WONTFIX? ------- You are receiving this mail

Is there a way to tell the sshd to ignore the security check on the user's home permissions? debug3: secure_filename: checking '/ftpdata/pxdata/pold/data/.ssh' debug3: secure_filename: checking '/ftpdata/pxdata/pold/data' Authentication refused: bad ownership or modes for directory /ftpdata/pxdata/fold/data debug1: restore_uid debug2: userauth_pubkey: authenticated 0 pkalg

...HostKey /usr/local/etc/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # RSAAuthenticatio...

...ward Administ 1228 Oct 9 09:40 known_hosts drwx------+ 2 hayward Administ 4096 Oct 9 09:41 . -rw------- 1 hayward Administ 618 Oct 9 09:41 authorized_keys2 drwx------+ 3 hayward Administ 0 Oct 9 10:07 .. Here are the sshd_config params not commented out: Port 22 StrictModes no Subsystem sftp /usr/sbin/sftp-server *** No matter what I do with filesystem permissions, I can't get ssh key-based authentication to work. I have tried both with StrictModes no and yes. Here is the output of sshd -ddd pertaining to key-based authentication: debug1: userauth-request for...

https://bugzilla.mindrot.org/show_bug.cgi?id=2311 Bug ID: 2311 Summary: simple attack when control channel muxing is used Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: security Priority: P3 Component: ssh Assignee: unassigned-bugs at