search for: x11_forwarding

...Index: servconf.h --- servconf.h.prev +++ servconf.h Thu Feb 22 20:59:45 2001 @@ -52,4 +52,5 @@ * for RhostsRsaAuth */ int print_motd; /* If true, print /etc/motd. */ + int print_lastlog; /* If true, print lastlog */ int check_mail; /* If true, check for new mail. */ int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ Index: servconf.c --- servconf.c.prev +++ servconf.c Thu Feb 22 20:59:45 2001 @@ -56,4 +56,5 @@ initialize_server_options(ServerOptions options->ignore_user_known_hosts = -1; options->print_motd = -1; + options->print_lastlog = -1; op...

...option to pkgadd. #TEST_DIR=/var/tmp # leave commented out for production build PKGNAME=OpenSSH SYSVINIT_NAME=opensshd MAKE=${MAKE:="make"} SSHDUID=67 # Default privsep uid SSHDGID=67 # Default privsep gid # uncomment these next two as needed #PERMIT_ROOT_LOGIN=no #X11_FORWARDING=yes +#USEPAM=yes # list of system directories we do NOT want to change owner/group/perms # when installing our package SYSTEM_DIR="/etc \ @@ -143,6 +144,9 @@ $FAKE_ROOT/${sysconfdir}/sshd_config [ "${X11_FORWARDING}" = yes ] && \ perl...

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

We are heading into a lock here. So we need to get people to test their respective platforms if they wish them to be supported out of the tar file. So if you have any patches you need to ensure your platform works speak up. We are looking at a lock on the 17th. I believe I have an AIX/Cray patch and a Tru64 patch sitting in my mailbox that I'll be looking at soon and more than likely

...--- next part -------------- diff -rupN openssh-6.1p1/servconf.c openssh-6.1p1-new/servconf.c --- openssh-6.1p1/servconf.c 2012-07-31 02:22:38.000000000 +0000 +++ openssh-6.1p1-new/servconf.c 2013-01-31 17:12:36.000000000 +0000 @@ -85,6 +85,7 @@ initialize_server_options(ServerOptions options->x11_forwarding = -1; options->x11_display_offset = -1; options->x11_use_localhost = -1; + options->no_pty = -1; options->xauth_location = NULL; options->strict_modes = -1; options->tcp_keep_alive = -1; @@ -201,6 +202,8 @@ fill_default_server_options(ServerOption options->x11_use_...

On Tue, 3 May 2016, Rogan Dawes wrote: > Hi Damien, > Thanks for the response! > > I tried moving the StreamLocalBindUnlink directive outside of the Match > rule, and it worked. But that doesn't explain why the Match was not > correctly setting the directive: > > This is running on an alternate port with -ddd: > > debug3: checking match for 'User

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hi Ben, Just a few things on openssh 3.4p1 Solaris package. 1) Solaris naming convention would be OPENssh for package 2) Need to add the "sed" edit of X11Forwarding for ssh_config also 3) I prefer sym links as default (I suppose thats personal) 4) Need to provide "response" file so that dont need interaction to install!! - I do all install via jumpstart scripts etc.

...rding) - channel_add_permitted_opens(host, port); xfree(patterns); goto next_option; } --- auth-pam.c 28 Jan 2003 18:06:51 -0000 1.1.1.2 +++ auth-pam.c 29 Jan 2003 20:39:19 -0000 1.2 @@ -358,7 +360,7 @@ no_port_forwarding_flag &= ~2; no_agent_forwarding_flag &= ~2; no_x11_forwarding_flag &= ~2; - if (!no_port_forwarding_flag && options.allow_tcp_forwarding) + if (!auth_restricted(RESTRICT_TCP, auth_get_user())) channel_permit_all_opens(); #endif } --- auth.c 28 Jan 2003 18:06:51 -0000 1.1.1.2 +++ auth.c 29 Jan 2003 21:26:11 -0000 1.4 @@ -291,6 +293,31 @@...

...removal of this code. Scott. -------------- next part -------------- diff -r --unified openssh-3.0.2p1.orig/servconf.c openssh-3.0.2p1/servconf.c --- openssh-3.0.2p1.orig/servconf.c Wed Nov 14 00:03:15 2001 +++ openssh-3.0.2p1/servconf.c Tue Feb 12 14:21:14 2002 @@ -64,6 +64,7 @@ options->x11_forwarding = -1; options->x11_display_offset = -1; options->xauth_location = NULL; + options->xauthority_in_tmp = -1; options->strict_modes = -1; options->keepalives = -1; options->log_facility = (SyslogFacility) - 1; @@ -258,7 +259,7 @@ sAllowUsers, sDenyUsers, sAllowGroups, sDe...

Hello, I am trying to force a command for all users *except* for users in the "wheel" group. My idea was to do the following in sshd_config: ForceCommand /usr/bin/validate-ssh-command Match Group wheel ForceCommand But obviously this doesn't work, because ForceCommand requires an argument. I couldn't find a way to achieve what I want. I wrote a patch that adds a

Hi. Solaris packages created by buildpkg.sh don't create privsep user or group and sshd won't start until they are created (or privsep is disabled): ## Executing postinstall script. starting /usr/local/sbin/sshd... Privilege separation user sshd does not exist /etc/init.d/opensshd: Error 255 starting /usr/local/sbin/sshd... bailing. The attached patch (against -cvs) ports the relevant

...host name to connect to. */ host = packet_get_string(&host_len); diff -u -r openssh-2.1.1p4/servconf.c openssh-2.1.1p4-jhchanges/servconf.c --- openssh-2.1.1p4/servconf.c Sat Jul 15 07:14:17 2000 +++ openssh-2.1.1p4-jhchanges/servconf.c Sun Aug 13 00:06:25 2000 @@ -45,6 +45,7 @@ options->x11_forwarding = -1; options->x11_display_offset = -1; options->xauth_location = NULL; + options->port_forwarding = -1; options->strict_modes = -1; options->keepalives = -1; options->log_facility = (SyslogFacility) - 1; @@ -116,6 +117,8 @@ if (options->xauth_location == NULL) o...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

...int); diff -Naur openssh-portable/servconf.c openssh-portable-maxdisplays/servconf.c --- openssh-portable/servconf.c 2016-06-01 21:14:01.820052926 -0400 +++ openssh-portable-maxdisplays/servconf.c 2016-06-01 21:14:22.976053858 -0400 @@ -96,6 +96,7 @@ options->print_lastlog = -1; options->x11_forwarding = -1; options->x11_display_offset = -1; + options->max_displays = -1; options->x11_use_localhost = -1; options->permit_tty = -1; options->permit_user_rc = -1; @@ -327,6 +328,8 @@ options->max_authtries = DEFAULT_AUTH_FAIL_MAX; if (options->max_sessions == -1) op...

...,6 +11,8 @@ # Options for building the package # You can create a config.local with your customized options # +REMOVE_FAKE_ROOT_WHEN_DONE=yes +# # uncommenting TEST_DIR and using # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty # and @@ -27,6 +29,22 @@ #PERMIT_ROOT_LOGIN=no #X11_FORWARDING=yes #USR_LOCAL_IS_SYMLINK=yes +# System V init run levels +SYSVINITSTART=S98 +SYSVINITSTOPT=K30 +# We will source these if they exist +POST_MAKE_INSTALL_FIXES=./pkg_post_make_install_fixes.sh +POST_PROTOTYPE_EDITS=./pkg_post_prototype_edit.sh +# We'll be one level deeper looking for these +PKG...

...ges/servconf.c Mon Aug 21 20:48:09 2000 @@ -19,6 +19,9 @@ #include "xmalloc.h" #include "compat.h" +/* Jarno: import */ +extern int allow_port_forwarding; + /* add listen address */ void add_listen_addr(ServerOptions *options, char *addr); @@ -45,6 +48,7 @@ options->x11_forwarding = -1; options->x11_display_offset = -1; options->xauth_location = NULL; + allow_port_forwarding = -1; options->strict_modes = -1; options->keepalives = -1; options->log_facility = (SyslogFacility) - 1; @@ -116,6 +120,8 @@ if (options->xauth_location == NULL) options...