search for: unixwiz

...t doesn't properly deal with alloca() being called from the middle of another function call. The code dumps badly on this platform with all modes (debug, regular, optimized), and the workaround shown gets around the bug and likely obviates similar bugs on other platforms. Steve Friedl / steve@unixwiz.net / www.unixwiz.net 23 December 2002 --- Stephen J Friedl | Software Consultant | Tustin, CA | +1 714 544-6561 www.unixwiz.net | I speak for me only | KA8CMY | steve@unixwiz.net --- batch.c.orig Mon Dec 23 21:51:23 2002 +++ batch.c Mon Dec 23 21:51:28 2002 @@ -264,7 +264,7 @@ return...

http://bugzilla.mindrot.org/show_bug.cgi?id=729 Summary: Feature request + patch: DenyLockedAccounts option in sshd_config Product: Portable OpenSSH Version: -current Platform: All URL: http://www.unixwiz.net/blog/archives/001125.html OS/Version: All Status: NEW Severity: minor Priority: P3 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: steve at unixwiz.net The new behavior of denying locked users has caught many...

...ddress, but the inner destination remain unchanged, and I think Tinc encapsulates into UDP packet, where the outside S/D IP is the physical adapter IP address, but the whole original packet was encapsulated into the UDP content part. Conceptually, it’s the same as IPSec site-to-site VPN: http://www.unixwiz.net/images/IPSec-ESP-Tunnel-Mode.gif <http://www.unixwiz.net/images/IPSec-ESP-Tunnel-Mode.gif> 2. Regarding the “via 10.0.0.3”, you’re right, it’s only for Ethernet ARP resolution for the next hop. And after my test, my understanding is as below for the routing part of Tinc: a. When tinc ge...

...t sure if this is the proper vehicle for submitting them. It's been working great for us for months, and I hope it's seen as offering useful utility in general. Steve (who is not a subscriber to this list) --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | steve@unixwiz.net ---------------------------------------------------------------------------- Date: 2007/10/09 By: Stephen J. Friedl steve@unixwiz.net Purpose: This patch introduces a "nice = <N>" variable in the rsyncd.conf file s...

...ddress, but the inner destination remain unchanged, and I think Tinc encapsulates into UDP packet, where the outside S/D IP is the physical adapter IP address, but the whole original packet was encapsulated into the UDP content part. Conceptually, it’s the same as IPSec site-to-site VPN: http://www.unixwiz.net/images/IPSec-ESP-Tunnel-Mode.gif <http://www.unixwiz.net/images/IPSec-ESP-Tunnel-Mode.gif> Yes. But we were talking about traffic and routing inside the tunnels, that the VPN packets are encapsulated in UDP packets is not relevant. > 2. Regarding the “via 10.0.0.3”, you’re right, it’...

Hi All, Could anyone explain what is "enhance SSH so that sftp chrooted user sessions are loged in to syslog"? What is "chrooted user sessions"? I'm sorry for the interruption and the laughable question. Thanks and Regards, Bin.Bai.

Hi Team, I am just a curious individual user who reviewed the OpenSSH;not working for a company. I was just wondering why there is a restriction for chroot directory to be owned by root. The line of code below in session.c show them. The basic UNIX security permissions provide a sufficient access control. Have you guys found a way to bypass security if the directory is not owned by root? -

It seems the certificate-based login doesn't work on both sides of the remote connection when using scp? Scenario: User on PC A can SSH login to PCs B and C with his certificate, no password prompt. When User on PC A runs a scp operation from B to C he's asked for the password on C. Does the scp actually open a connection from B to C (User doesn't have a certificate on B)? This

Hello, I've tried many places, finally ending up here to ask my question: why is it so vital that the directory used with the ChrootDirectory directive is root-owned? Like many people I'm trying to use this in a webhosting environment where several users get sftp-only access to some directory, usually something like /home/user/web/part-of-website. I can be sure that there are no setuid

Hi all, authentication forwarding depends much on the environment it is used in, but generally on shared hosts it is considered insecure, as this documentation and common sense tell us: http://unixwiz.net/techtips/ssh-agent-forwarding.html Anyway, I have an auth forwarding security enhancement proposal. I hope I am not duplicating someone else's words/thoughts, please notify me if this is the case. How about if we make the auth socket configurable in such way, that it can be used for just...

Sure, let me reply all here for my finding. @Lars @Guus A’s tinc.conf: Name = bright AddressFamily = ipv4 ConnectTo = aly_hk A’s tinc-up: #!/bin/sh ifconfig $INTERFACE 10.0.0.110 netmask 255.255.255.0 A’s host config: Subnet = 10.0.0.110/32 (VPN address) Subnet = 192.168.31.0/24 (LAN address) IndirectData = yes (enabled for every tinc nodes) The node aly_hk (vpn address 10.0.0.3) connects with

Hi list this is actually a problem on a debian system but I thought you might be interested to hear of it and perhaps can offer some help. I have a woody box (dell pe750, dual cpu) running a kernel from backports.org (debian 'testing' packages built on a 'stable' box). The kernel version is 2.6.7-1.backports.org.1. This host is hooked up to an Apple Xserve RAID with a 2.3Tbyte