search for: syslog_facility_user

..._FACILITY_AUTH, 0,NULL); #endif in = dup(STDIN_FILENO); diff -urN openssh-3.5p1-orig/sftp.c openssh-3.5p1/sftp.c --- openssh-3.5p1-orig/sftp.c 2002-12-18 10:10:13.000000000 -0500 +++ openssh-3.5p1/sftp.c 2002-12-18 10:43:04.000000000 -0500 @@ -183,7 +183,7 @@ } } - log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1); + log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1, NULL); if (sftp_direct == NULL) { if (optind == argc || argc > (optind + 2)) diff -urN openssh-3.5p1-orig/ssh-agent.c openssh-3.5p1/ssh-agent.c --- openssh-3.5p1-orig/ssh-agent.c 2002-12-18 10:10:13.000000000 -0500 +++ openssh-3.5p1/ss...

...configuration data %.200s", filename); --- Goes to /dev/null. This is caused by the fact, that in ssh.c there is: --- /* * Initialize "log" output. Since we are the client all output * actually goes to stderr. */ ==> log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); /* Read per-user configuration file. */ snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE); read_config_file(buf, host, &options); /* Read systemwide configuration file. */ read_config_file(_PATH_HOST_CONFI...

Hi ! While browsing Linux manpages (man 3 syslog) I noticed that the manual says that the LOG_AUTH facility is deprecated use LOG_AUTHPRIV instead. Is there a good reason why OpenSSH doesn't have an option to use LOG_AUTHPRIV facility ? (Looks like that tcpd/telnet etc. use the AUTHPRIV facility (in RH6.2)). Shouldn't be too hard to add the AUTH_PRIV facility ? Cheers, -Jarno --

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

...0.1e-freebsd 11 Feb 2013 Patch: Index: ssh.c =================================================================== RCS file: /cvs/openssh/ssh.c,v retrieving revision 1.398 diff -u -r1.398 ssh.c --- ssh.c 26 Feb 2014 23:17:13 -0000 1.398 +++ ssh.c 31 Mar 2014 20:48:30 -0000 @@ -876,7 +876,7 @@ SYSLOG_FACILITY_USER, !use_syslog); if (debug_flag) - logit("%s, %s", SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); + logit("%s, %s", SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); /* Parse the configuration files */ process_config_files(pw); DES -- Dag-Erling Sm?rgrav - des at des.no

...buffer_len(&command) == 0) - fatal("Cannot fork into background without a command to execute."); - /* Allocate a tty by default if no command specified. */ if (buffer_len(&command) == 0) tty_flag = 1; @@ -511,6 +507,29 @@ /* reinit */ log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); + /* -N option only makes sense with protocol 2. It doesn't make sense + without port forwarding ?????? + */ + if ( options.num_local_forwards == 0 && options.num_remote_forwards == 0 && + no_shell_flag ) { + fprintf(stderr, "-N makes sense only with port forwa...

...t(args, fmt); - do_log(SYSLOG_LEVEL_FATAL, fmt, args); - va_end(args); - if (nonfatal_fatal) + if (nonfatal_fatal) { + fatal_cleanup_called = 0; longjmp(kexjmp, -1); - else - fatal_cleanup(); + } } static void @@ -777,6 +778,7 @@ usage(); log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1); + fatal_add_cleanup(fatal_callback, NULL); maxfd = fdlim_get(1); if (maxfd < 0) --- log.c.orig Tue Feb 26 12:52:15 2002 +++ log.c Wed Mar 20 21:13:04 2002 @@ -216,15 +216,16 @@ } /* Cleanup and exit */ +int fatal_cleanup_called = 0; void fatal_cleanup(void) { struct fatal_cle...

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

Hi all, attached is a patch that enables using hardware crypto accelerators available through OpenSSL library for SSH operations. Especially in ssh/sshd it can bring a significant speed improvement. OTOH if no crypto engine is available, nothing bad happens and default software crypto routines are used. This patch is used in SUSE Linux OpenSSH package and proved to work (at least it didn't

I'd like a feature whereby ssh puts itself in the background after the first successful X11 (or other port) forwarding. The reason for this is simple: error handling. If the application fails to open the X display and exits, then the client can still exit with the application's exit code. But if the application opens the X display successfully, then it can just display any errors by

...uot;Y")) != -1) { switch (opt) { +#ifdef OPENSSL_FIPS + case 'y': + fips_mode = 0; + break; +#endif case '1': options.protocol = SSH_PROTO_1; break; @@ -637,6 +662,36 @@ log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1); seed_rng(); +#ifdef OPENSSL_FIPS +/* + Priority setting: + !command line + env OPENSSH_FIPS + !env OPENSSH_NO_FIPS + ssh_config options (default: false) +*/ + if (fips_mode) { /* !command line */ + if (getenv("OPENSSH_FIPS")) { /* env OPENSSH_FIPS */ + } + else if (getenv...

...= '-') + fatal("Please separate options T and v from any other options."); + goto triple_break; + } } - if (timeout <= 0) - usage(); +double_break: + argno++; } +triple_break: if (argc <= argno) usage(); + log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1); + fatal_add_cleanup(fatal_callback, NULL); + maxfd = fdlim_get(1); if (maxfd < 0) fatal("%s: fdlim_get: bad value", __progname); @@ -603,6 +780,9 @@ fdcon = xmalloc(maxfd * sizeof(con)); memset(fdcon, 0, maxfd * sizeof(con)); + init_rng(); + seed_rng(); + read_wait_...

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

...buffer_len(&command) == 0) - fatal("Cannot fork into background without a command to execute."); - /* Allocate a tty by default if no command specified. */ if (buffer_len(&command) == 0) tty_flag = 1; @@ -511,6 +507,29 @@ /* reinit */ log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); + /* -N option only makes sense with protocol 2. It doesn't make sense + without port forwarding ?????? + */ + if ( options.num_local_forwards == 0 && options.num_remote_forwards == 0 && + no_shell_flag ) { + fprintf(stderr, "-N makes sense only with port forwa...