Displaying 20 results from an estimated 24 matches for "use_dns".
2006 Sep 14
3
[PATCH] PermitRootLogin woes
...retrieving revision 1.18
diff -u -r1.18 auth-sia.c
--- auth-sia.c 7 Sep 2006 23:54:41 -0000 1.18
+++ auth-sia.c 14 Sep 2006 10:54:12 -0000
@@ -55,12 +55,14 @@
int ret;
SIAENTITY *ent = NULL;
const char *host;
+ struct passwd * pw = authctxt->pw;
- host = get_canonical_hostname(options.use_dns);
-
+ if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+ return (0);
if (!authctxt->user || pass == NULL || pass[0] == '\0')
return (0);
+ host = get_canonical_hostname(options.use_dns);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, authct...
2005 Jan 20
27
[Bug 974] Record Badlogins for all supported Authentication methods
http://bugzilla.mindrot.org/show_bug.cgi?id=974
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
Platform|HPPA |All
Summary|Enhancement : Record |Record Badlogins for
2016 Dec 18
4
Extend logging of openssh-server - e.g. plaintext password
...ated == 0 && !authctxt->postponed &&
(strcmp(method, "password") == 0 ||
strncmp(method, "keyboard-interactive", 20) == 0 ||
strcmp(method, "challenge-response") == 0))
record_failed_login(authctxt->user,
get_canonical_hostname(options.use_dns), "ssh");
# ifdef WITH_AIXAUTHENTICATE
if (authenticated)
sys_auth_record_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
# endif
#endif?
Now I?ve just thought adding ?authctxt->password? should do the trick?unfortunately not....
2016 Jun 02
2
MaxDisplays configuration option
...options->permit_user_rc = -1;
@@ -327,6 +328,8 @@
options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
if (options->max_sessions == -1)
options->max_sessions = DEFAULT_SESSIONS_MAX;
+ if (options->max_displays == -1)
+ options->max_displays = MAX_DISPLAYS;
if (options->use_dns == -1)
options->use_dns = 0;
if (options->client_alive_interval == -1)
@@ -429,7 +432,7 @@
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
sStreamLocalBindMask, sStreamLocalBindUnlink,
- sAllowStreamLocalForwarding, sFingerp...
2003 Sep 24
1
Patches for compatibility with Heimdal's libsia_krb5 SIA module
...t;sia.h>
#include <siad.h>
@@ -45,11 +46,12 @@
extern int saved_argc;
extern char **saved_argv;
+static SIAENTITY *ent = NULL;
+
int
auth_sia_password(Authctxt *authctxt, char *pass)
{
int ret;
- SIAENTITY *ent = NULL;
const char *host;
host = get_canonical_hostname(options.use_dns);
@@ -57,6 +59,12 @@
if (!authctxt->user || pass == NULL || pass[0] == '\0')
return (0);
+ if (ent) {
+ debug("Releasing old SIAENTITY!");
+ sia_ses_release(&ent);
+ ent = NULL;
+ }
+
if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user,...
2003 Jul 03
0
AIX cleanups: includes and arguments
...ving revision 1.10
diff -u -r1.10 port-aix.c
--- openbsd-compat/port-aix.c 3 Jun 2003 02:45:27 -0000 1.10
+++ openbsd-compat/port-aix.c 2 Jul 2003 05:01:34 -0000
@@ -68,9 +68,13 @@
void
record_failed_login(const char *user, const char *ttyname)
{
- char *hostname = get_canonical_hostname(options.use_dns);
+ char *hostname = (char *)get_canonical_hostname(options.use_dns);
- loginfailed(user, hostname, ttyname);
+# ifdef AIX_LOGINFAILED_4ARG
+ loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
+# else
+ loginfailed((char *)user, hostname, (char *)ttyname);
+# endif
}
# en...
2003 Jul 05
0
[PATCH] Replace AIX loginmsg with generic Buffer loginmsg
...success) {
+ char *msg;
+
+ debug3("AIX/authenticate succeeded for user %s: %.100s",
+ pw->pw_name, authmsg);
+
/* We don't have a pty yet, so just label the line as "ssh" */
if (loginsuccess(authctxt->user,
- get_canonical_hostname(options.use_dns),
- "ssh", &aixloginmsg) < 0) {
- aixloginmsg = NULL;
+ get_canonical_hostname(options.use_dns), "ssh", &msg) == 0){
+ if (msg != NULL) {
+ buffer_append(&loginmsg, msg, strlen(msg));
+ xfree(msg);
+ }
}
+ } else {
+ debug3("AIX/auth...
2012 May 17
2
New Subsystem criteria for Match option block in OpenSSH server
...icmut/Projects/OpenSSH-Portable/openssh-6.0p1/auth.c
src/auth.c
===============================================================================
546a547
> ConnectionInfo connection_info;
548,549c549,554
< parse_server_match_config(&options, user,
< get_canonical_hostname(options.use_dns), get_remote_ipaddr());
---
> connection_info.user = user;
> connection_info.host = get_canonical_hostname(options.use_dns);
> connection_info.address = get_remote_ipaddr();
> connection_info.subsystem = NULL;
>
> parse_server_match_config(&options, &connection_info);...
2009 Feb 07
0
Patch to 5.1p1 : Log X11 forwarding
...== NULL) {
logit("session_input_channel_req: no session %d req %.100s",
@@ -2267,6 +2269,10 @@
success = session_pty_req(s);
} else if (strcmp(rtype, "x11-req") == 0) {
success = session_x11_req(s);
+ if (success) {
+ host = get_canonical_hostname(options.use_dns);
+ verbose("X11 forwarding for %s to %s", s->pw->pw_name, host);
+ }
} else if (strcmp(rtype, "auth-agent-req at openssh.com") == 0) {
success = session_auth_agent_req(s);
} else if (strcmp(rtype, "subsystem") == 0) {
2012 Mar 18
2
Fail2ban problem
If there is a serious power failure, eg during an electric storm,
and the internet goes down
then my CentOS-6.2 server seems to take an inordinate time, maybe forever,
to get past fail2ban.
It is as though there is an extremely long - maybe an hour - timeout
if fail2ban cannot connect to the internet.
(I usually stop the machine with the power-button,
re-boot into a different OS (Fedora) and
2014 Jul 17
1
syslog-ng 2.1.4 - file sources are read only when reload or restart is performed?
...dir_group (root);
12 dir_owner (root);
13 dir_perm (0700);
14 group (root);
15 owner (root);
16 perm (0600);
17 flush_lines(1);
18 flush_timeout (1000);
19 keep_hostname (yes);
20 log_fifo_size (1);
21 use_dns (no);
22 use_fqdn (no);
23 };
...
39 source s_stdout {
40 # file ("/logs/stdout.log" flags(no-parse) follow_freq(1));
41 file ("/logs/stdout.log" flags(no-parse));
42 };
...
61 destination d_stdout { file("/var/log/$YEAR$MONTH$DAY/stdout&...
2005 Apr 07
1
PermitRootLogin and Tru64 SIA
...h-sia.c openssh/auth-sia.c
--- openssh-dist/auth-sia.c Thu Mar 4 05:59:37 2004
+++ openssh/auth-sia.c Thu Apr 7 07:52:13 2005
@@ -53,6 +53,9 @@
SIAENTITY *ent = NULL;
const char *host;
+ if (! auth_root_allowed ("password"))
+ return (0);
+
host = get_canonical_hostname(options.use_dns);
if (!authctxt->user || pass == NULL || pass[0] == '\0')
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
2003 Sep 16
1
OpenSSH 3.7p1, PrivSep, and Tru64 broken (sorry)
...diff -urN openssh-3.7p1-dist/auth-sia.c openssh-3.7p1/auth-sia.c
--- openssh-3.7p1-dist/auth-sia.c Mon Jun 2 19:25:48 2003
+++ openssh-3.7p1/auth-sia.c Tue Sep 16 14:02:56 2003
@@ -80,6 +80,7 @@
{
SIAENTITY *ent = NULL;
const char *host;
+ uid_t uid;
host = get_canonical_hostname(options.use_dns);
@@ -103,8 +104,11 @@
sia_ses_release(&ent);
- if (setreuid(geteuid(), geteuid()) < 0)
- fatal("setreuid: %s", strerror(errno));
+ uid = geteuid();
+ if (setuid(0) < 0)
+ fatal("setuid: %s", strerror(errno));
+ if (setuid(uid) < 0)
+ fatal("setuid:...
2009 Nov 23
0
[PATCH] Bluetooth support.
This is just the first part -- it adds support for correctly reporting
incoming connections when there's an external d?mon accepting the
connections and invoking 'sshd -i' with them, like inetd does.
In later patches I'll extend sshd to listen on a Bluetooth socket (and
advertise the service in SDP) for itself, and extend the ssh client to
make the connection directly. For now,
2014 Jun 06
1
Patch: Ciphers, MACs and KexAlgorithms on Match
...0
@@ -1919,6 +1919,10 @@ main(int ac, char **av)
verbose("Connection from %s port %d on %s port %d",
remote_ip, remote_port,
get_local_ipaddr(sock_in), get_local_port());
+
+ /* Match configuration against the connection */
+ connection_info = get_connection_info(1, options.use_dns);
+ parse_server_match_config(&options, connection_info);
/*
* We don't want to listen forever unless the other side
Index: sshd_config.5
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd_config.5,v
retrieving revision 1.173
diff...
2004 Jun 01
1
Sending immediate PAM auth failure messages via kbd-int
Hi.
One thing that people seem to want to do with PAM is to deny a login
immediately without interacting but return a message to the user. (Some
platforms implement, eg, /etc/nologin via PAM this way.) Currently, sshd
will just deny the login and the user will not be told why.
Attached it a patch that return a keyboard-interactive packet with the
message in the "instruction"
2009 May 03
10
[Bug 1595] New: Server option PrintLastLog does not work on AIX
...dditional
parameter (value of options.print_lastlog) to the sys_auth_record_login
function in port-aix.c, port-aix.h and auth.c.
auth.c
# ifdef WITH_AIXAUTHENTICATE
if (authenticated)
sys_auth_record_login(authctxt->user,
get_canonical_hostname(options.use_dns), "ssh",
&loginmsg, options.print_lastlog);
# endif
port-aix.c
int
sys_auth_record_login(const char *user, const char *host, const char
*ttynm,
Buffer *loginmsg, int print_lastlog)
{
...
if(print_lastlog == 1)
buffer_append(loginmsg, msg, strlen(msg));
xfree(msg);...
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
...shpam_handle_holder);
+ grab_pamh(1, sshpam_handle_holder);
if (sshpam_err != PAM_SUCCESS) {
- pam_end(sshpam_handle, sshpam_err);
- sshpam_handle = NULL;
+ pam_end(grab_pamh(0, NULL), sshpam_err);
+ grab_pamh(1, NULL);
return (-1);
}
pam_rhost = get_remote_name_or_ip(utmp_len, options.use_dns);
debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
- sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
+ sshpam_err = pam_set_item(grab_pamh(0, NULL), PAM_RHOST, pam_rhost);
if (sshpam_err != PAM_SUCCESS) {
- pam_end(sshpam_handle, sshpam_err);
- sshpam_...
2013 Oct 07
4
Feature request: FQDN Host match
Hello!
I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :)
Anyway, my question relates to ssh_config. The problem I find is that
the Host pattern is only applied to the argument given on the command
line, as outlined in the man page:
"The host is the hostname argument given on the command line (i.e. the
name is not converted to a canonicalized host name
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
...n 0;
}
- if (options.num_deny_users > 0 || options.num_allow_users > 0) {
+ if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
+ options.num_allow_users_fixedname > 0 ||
+ options.num_allow_users_ipaddr > 0 ) {
hostname = get_canonical_hostname(options.use_dns);
ipaddr = get_remote_ipaddr();
}
/* Return false if user is listed in DenyUsers */
if (options.num_deny_users > 0) {
for (i = 0; i < options.num_deny_users; i++)
if (match_user(pw->pw_name, hostname, ipaddr,
options.deny_users[i])) {
logit("User %.100s...