Displaying 20 results from an estimated 152 matches for "strictmodes".
2005 Sep 22
3
[Bug 1089] StrictModes needs runtime granularity
http://bugzilla.mindrot.org/show_bug.cgi?id=1089
Summary: StrictModes needs runtime granularity
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org...
2008 Jul 15
2
Risk of StrictMode (but read only)
Is there a risk associated with having authorized_keys files set to readable but "StrictMode no"?
I am thinking particularly in the case of having public keys all centralized in a directory in /etc or something.
Is it really a potential hack vector if someone can read a public key, or is the only real danger if they were writable?
---
Don Hoover
dxh at yahoo.com
2008 Oct 24
7
[Bug 1532] New: SSH ignoring "StrictModes no"
https://bugzilla.mindrot.org/show_bug.cgi?id=1532
Summary: SSH ignoring "StrictModes no"
Product: Portable OpenSSH
Version: 5.1p1
Platform: ix86
URL: http://www.networksecurityarchive.org/html/Secure-Shel
l/2005-08/msg00058.html
OS/Version: Linux
Status: NEW
Severity: normal...
2014 May 15
1
[patch/cygwin] contrib/cygwin/ssh-host-config
...coreutils
/usr/bin/rm coreutils
/usr/bin/cygpath cygwin
+ /usr/bin/mkpasswd cygwin
/usr/bin/mount cygwin
/usr/bin/ps cygwin
/usr/bin/setfacl cygwin
@@ -59,8 +60,9 @@ PREFIX=/usr
SYSCONFDIR=/etc
LOCALSTATEDIR=/var
+sshd_config_configured=no
port_number=22
-privsep_configured=no
+strictmodes=yes
privsep_used=yes
cygwin_value=""
user_account=
@@ -89,28 +91,8 @@ update_services_file() {
# Depends on the above mount
_wservices=`cygpath -w "${_services}"`
- # Remove sshd 22/port from services
- if [ `/usr/bin/grep -q 'sshd[ \t][ \t]*22' "${_ser...
2015 Nov 18
0
[Bug 2498] New: Allow StrictModes to be controlled by Match
https://bugzilla.mindrot.org/show_bug.cgi?id=2498
Bug ID: 2498
Summary: Allow StrictModes to be controlled by Match
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org...
2005 Feb 28
1
[Bug 988] sshd StrictModes check failed with fs acl
http://bugzilla.mindrot.org/show_bug.cgi?id=988
Summary: sshd StrictModes check failed with fs acl
Product: Portable OpenSSH
Version: 3.9p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
Repor...
2003 Jul 10
0
[Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes
http://bugzilla.mindrot.org/show_bug.cgi?id=615
Summary: OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: ix86
OS/Version: other
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: vikashb...
2002 Mar 21
0
StrictModes yes fails in some cases on AIX
...I've got a strange error on a AIX 4.3 box (OpenSSH 3.1p1)
secure_filename() fails with
"realpath /users/fmohr/.ssh/authorized_keys failed: Permission denied"
in a (realy special) case:
- /users/fmohr/ is mounted by the automounter
- the directory is exported via a dfs/nfs gateway
- StrictModes is set to yes
it works if the mounted directory is directly exported
via nfs or StrictModes is set to no (no secure_filename check).
the problem is caused by AIX realpath(), if I define BROKEN_REALPATH
and use the realpath() function from openbsd-compat the authentication
works fine.
is this a...
2017 May 07
2
[Bug 2713] New: Please provide a StrictModes-like setting (command line parameter) for ssh (client)
https://bugzilla.mindrot.org/show_bug.cgi?id=2713
Bug ID: 2713
Summary: Please provide a StrictModes-like setting (command
line parameter) for ssh (client)
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: Other
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh...
2003 Jul 09
3
OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes
Greetings,
I have compiled OpenSSH-3.6.1p2 on SCO 3.2v4.2 and
the following problem occurs:
I am unable to login as root using when strictmode is set to yes.
output of debug:
Failed none for root from 192.168.1.1 port 1199 ssh2
debug1: userauth-request for user root service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1:
2003 Jul 29
6
[Bug 615] OpenSSH 3.6.1p2 ON SCO 3.2v4.2 + STRICTMODES -->yes (broken dirname in libgen)
...rg/show_bug.cgi?id=615
vikashb at comparexafrica.co.za changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|OpenSSH 3.6.1p2 ON SCO |OpenSSH 3.6.1p2 ON SCO
|3.2v4.2 + STRICTMODES -->yes|3.2v4.2 + STRICTMODES -->yes
| |(broken dirname in libgen)
------- Additional Comments From vikashb at comparexafrica.co.za 2003-07-29 15:48 -------
After some more effort on my part, i have been able to determine that
the problem is in...
2015 Nov 18
0
[Bug 1089] StrictModes needs runtime granularity
https://bugzilla.mindrot.org/show_bug.cgi?id=1089
cab at bongalow.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |cab at bongalow.net
--
You are receiving this mail because:
You are watching the assignee of the bug.
2003 Sep 16
0
[PATCH] contrib/cygwin: ssh-host-config and README file update
...g
@@ -407,7 +409,7 @@ Port $port_number
# Authentication:
-#LoginGraceTime 120
+#LoginGraceTime 2m
#PermitRootLogin yes
# The following setting overrides permission checks on host key files
# and directories. For security reasons set this to "yes" when running
@@ -418,10 +420,6 @@ StrictModes no
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
-# rhosts authentication should not be used
-#RhostsAuthentication no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
# For this to work you will also need host keys in ${SYSCONFDIR}/ssh...
2006 Jan 19
3
ownership of authorized_keys
Hi,
I would like to make it impossible for users to change the
contents of the authorized_keys-file.
I just found out about the sshd_config setting:
AuthorizedKeysFile /etc/ssh/authorized_keys/%u
But even in that case that file has to be owned by the user,
unless I set ``StrictModes no'' which would allow other
nastyness. I would like to request that that file could also be
owned by root, so I can make that file immutable for the user,
even on filesystems which don't support the immutable flag, for
example jfs on GNU/Linux.
# Han
--
\ / The two things...
2015 Apr 22
6
SIG - Hardening
Dear All,
About a week ago; I posted a proposal over on the centos-devel mailing
list, the proposal is for a SIG 'CentOS hardening', there were a few of
the members of the community who are also interested in this. Therefore,
I am extending that email to this community; where there is a larger
community.
Some things that we will like to achieve are as follows:
SSH:
disable root
2003 Jun 28
1
[Bug 219] authorized_keys documentation
http://bugzilla.mindrot.org/show_bug.cgi?id=219
------- Additional Comments From dtucker at zip.com.au 2003-06-28 14:52 -------
Created an attachment (id=340)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=340&action=view)
Change authorized_keys description.
How about something like the attached? Or should this bug be closed as
WONTFIX?
------- You are receiving this mail
2002 Feb 20
1
Is there a way to tell the sshd to ignore the security check on t he user's home permissions?
Is there a way to tell the sshd to ignore the security check on the user's
home permissions?
debug3: secure_filename: checking '/ftpdata/pxdata/pold/data/.ssh'
debug3: secure_filename: checking '/ftpdata/pxdata/pold/data'
Authentication refused: bad ownership or modes for directory
/ftpdata/pxdata/fold/data
debug1: restore_uid
debug2: userauth_pubkey: authenticated 0 pkalg
2000 Apr 09
2
Password Login Failing... (Not sure this went through)
...HostKey /usr/local/etc/ssh_host_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthenticatio...
2003 Oct 09
1
Key-based auth fails - OpenSSH 3.7.1p2 (cygwin)
...ward Administ 1228 Oct 9 09:40 known_hosts
drwx------+ 2 hayward Administ 4096 Oct 9 09:41 .
-rw------- 1 hayward Administ 618 Oct 9 09:41 authorized_keys2
drwx------+ 3 hayward Administ 0 Oct 9 10:07 ..
Here are the sshd_config params not commented out:
Port 22
StrictModes no
Subsystem sftp /usr/sbin/sftp-server
***
No matter what I do with filesystem permissions, I can't get ssh key-based
authentication to work. I have tried both with StrictModes no and yes.
Here is the output of sshd -ddd pertaining to key-based authentication:
debug1: userauth-request for...
2014 Nov 10
7
[Bug 2311] New: simple attack when control channel muxing is used
https://bugzilla.mindrot.org/show_bug.cgi?id=2311
Bug ID: 2311
Summary: simple attack when control channel muxing is used
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P3
Component: ssh
Assignee: unassigned-bugs at