Displaying 20 results from an estimated 20 matches for "xauth_location".
2000 Aug 13
1
Patches for openssh port forwarding
...f -u -r openssh-2.1.1p4/servconf.c openssh-2.1.1p4-jhchanges/servconf.c
--- openssh-2.1.1p4/servconf.c Sat Jul 15 07:14:17 2000
+++ openssh-2.1.1p4-jhchanges/servconf.c Sun Aug 13 00:06:25 2000
@@ -45,6 +45,7 @@
options->x11_forwarding = -1;
options->x11_display_offset = -1;
options->xauth_location = NULL;
+ options->port_forwarding = -1;
options->strict_modes = -1;
options->keepalives = -1;
options->log_facility = (SyslogFacility) - 1;
@@ -116,6 +117,8 @@
if (options->xauth_location == NULL)
options->xauth_location = XAUTH_PATH;
#endif /* XAUTH_PATH */
+ if (opt...
2013 Jan 31
2
OpenSSH NoPty patch
...:38.000000000 +0000
+++ openssh-6.1p1-new/servconf.c 2013-01-31 17:12:36.000000000 +0000
@@ -85,6 +85,7 @@ initialize_server_options(ServerOptions
options->x11_forwarding = -1;
options->x11_display_offset = -1;
options->x11_use_localhost = -1;
+ options->no_pty = -1;
options->xauth_location = NULL;
options->strict_modes = -1;
options->tcp_keep_alive = -1;
@@ -201,6 +202,8 @@ fill_default_server_options(ServerOption
options->x11_use_localhost = 1;
if (options->xauth_location == NULL)
options->xauth_location = _PATH_XAUTH;
+ if (options->no_pty == -1)
+ op...
2001 Jun 21
0
Patch for removing X11 fwding cookies
...session_close(Session *s)
{
+ char cmd[1024];
+ FILE *f = NULL;
+ int xauth_present = s->auth_proto != NULL && s->auth_data != NULL;
+
+ memset(cmd, 0, sizeof (cmd));
+
+ if (xauth_present && options.xauth_location != NULL) {
+ debug("Running %.100s remove %.100s",
+ options.xauth_location, s->display);
+ temporarily_use_uid(s->pw->pw_uid);
+ snprintf(cmd, sizeof (cmd), "%s -q -",
+ optio...
2001 Nov 27
1
[PATCH] tcp-wrappers support extended to x11 forwards
Hi!
Here is the patch to support tcp wrappers with x11-forwarded connections.
The patch is for openssh-3.0.1p1 but it works fine with 2.9.9p2 too.
I've understood that this will not be included in the official version
because it adds complexity (?!) to openssh.
Binding the forwarded port to localhost doesn't solve all problems. I've
understood that you should also implement
2017 Oct 13
2
X11forwarding yes: how to debug/setup after xauth fix
...lt wrote:
> This verifies it is xauth related:
>
> debug3: sending debug message: No xauth program; cannot forward with
> spoofing.
>
> so, added an extra debug - and this is what I see:
>
> debug1: session_input_channel_req: session 0 req x11-req
> debug3: setup_x11fwd: xauth_location == /usr/X11R6/bin/xauth
> debug3: sending debug message: No xauth program; cannot forward with
> spoofing.
>
...
> And, I expect noone from IBM has ever said anything - as they still
> use OpenSSH-6.0 as a base, although they are also using OpenSSH-7.1,
> both of which are not...
2002 Feb 12
0
[Patch] Xauthority file in /tmp
...diff -r --unified openssh-3.0.2p1.orig/servconf.c openssh-3.0.2p1/servconf.c
--- openssh-3.0.2p1.orig/servconf.c Wed Nov 14 00:03:15 2001
+++ openssh-3.0.2p1/servconf.c Tue Feb 12 14:21:14 2002
@@ -64,6 +64,7 @@
options->x11_forwarding = -1;
options->x11_display_offset = -1;
options->xauth_location = NULL;
+ options->xauthority_in_tmp = -1;
options->strict_modes = -1;
options->keepalives = -1;
options->log_facility = (SyslogFacility) - 1;
@@ -258,7 +259,7 @@
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,...
2001 Dec 05
1
DISPLAY=localhost
...int row, col, xpixel, ypixel;
char tty[TTYSZ];
/* X11 */
+ int display_number;
char *display;
int screen;
+ char *auth_display[2];
char *auth_proto;
char *auth_data;
int single_connection;
@@ -1415,32 +1417,28 @@
_PATH_SSH_SYSTEM_RC);
} else if (do_xauth && options.xauth_location != NULL) {
/* Add authority data to .Xauthority if appropriate. */
- char *screen = strchr(s->display, ':');
-
if (debug_flag) {
fprintf(stderr,
"Running %.100s add "
"%.100s %.100s %.100s\n",
- options.xauth_location, s->dis...
2001 Jun 05
1
OpenSSH tmp cleanup
Hi,
I noticed that Markus has fixed the temporary file cleanup problems in
OpenSSH cvs. What files need patching for this ? I only noticed
changes in: session.c, channels.h and channels.c.
-Jarno
--
Jarno Huuskonen <Jarno.Huuskonen at uku.fi>
2002 Feb 04
0
[Bug 101] New: session.c modifications for correct UNICOS behavior
...d_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
+#endif /* _CRAY */
#ifdef _AIX
if ((cp = getenv("AUTHSTATE")) != NULL)
@@ -1392,11 +1419,13 @@
"%.100s %.100s %.100s\n",
options.xauth_location, s->auth_display[0],
s->auth_proto, s->auth_data);
+#ifndef _CRAY
if (s->auth_display[1])
fprintf(stderr,
"add %.100s %.100s %.100...
2017 Oct 13
2
X11forwarding yes: how to debug/setup after xauth fix
On 13/10/2017 08:03, Damien Miller wrote:
> On Thu, 12 Oct 2017, Michael Felt wrote:
>
>> On 08/10/2017 23:32, Michael Felt wrote:
>>> On 04/10/2017 11:07, Michael Felt wrote:
>>>> I do not often use X11 - but when I do I prefer to enable
>>>> X11forwarding, and when finished - turn it off. This is preferable,
>>>> imho, to having
2001 Feb 21
3
X11 display issues
...each socket. */
for (n = 0; n < num_socks; n++) {
sock = socks[n];
*** session.c.orig Sun Feb 18 20:13:34 2001
--- session.c Wed Feb 21 11:39:06 2001
***************
*** 1361,1366 ****
--- 1361,1369 ----
"Running %.100s add %.100s %.100s %.100s\n",
options.xauth_location, display,
auth_proto, auth_data);
+ #if 0
+ /* it's redundant! really! sshd *never* listens for X11 on a UNIX socket.
+ * <appro at fy.chalmers.se> */
#ifndef HAVE_CYGWIN /* Unix sockets are not supported */
if (screen != NULL)
fprintf(stderr,
***********...
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2000 Oct 27
0
Segfault in 2.2.0p1 due to connect() changes in Linux 2.4
..., SOCK_STREAM, 0);
if (sock < 0) {
if (errno != EINVAL) {
error("socket: %.100s", strerror(errno));
return NULL;
} else {
debug("Socket family %d not supported [X11 disp create]",
ai->ai_family);
continue;
}
}
session.c, do_child, line 1219:
} else if (options.xauth_location != NULL) {
/* Add authority data to .Xauthority if appropriate. */
if (auth_proto != NULL && auth_data != NULL) {
char *screen = strchr(display, ':');
The problem seems to be that the socket() function not returning EINVAL
(as the man page suggests), but is instead returning EA...
2003 Jan 29
0
[PATCH] features for restricted shell environments
...rwarding },
+ { "permittcpconnect", sPermitTcpConnect },
+ { "permittcplisten", sPermitTcpListen },
{ "allowusers", sAllowUsers },
{ "denyusers", sDenyUsers },
{ "allowgroups", sAllowGroups },
@@ -705,6 +720,30 @@
charptr = &options->xauth_location;
goto parse_filename;
+ case sRestrictedShell:
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing restrictions.",
+ filename, linenum);
+ options->restrictions = 0;
+ while ((p = strsep(&arg, ",")) != NULL) {
+ i...
2000 Aug 23
1
Protocol 2 remote forwarding patch
...xmalloc.h"
#include "compat.h"
+/* Jarno: import */
+extern int allow_port_forwarding;
+
/* add listen address */
void add_listen_addr(ServerOptions *options, char *addr);
@@ -45,6 +48,7 @@
options->x11_forwarding = -1;
options->x11_display_offset = -1;
options->xauth_location = NULL;
+ allow_port_forwarding = -1;
options->strict_modes = -1;
options->keepalives = -1;
options->log_facility = (SyslogFacility) - 1;
@@ -116,6 +120,8 @@
if (options->xauth_location == NULL)
options->xauth_location = XAUTH_PATH;
#endif /* XAUTH_PATH */
+ if (allow_por...
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the
2024 Apr 25
1
[PATCH] Enable ssh_config to set LogPath option (-E)
ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs.
This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`.
[0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683
[1] GitHub PR:
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi,
sorry if it is the wrong approuch to suggest improvments to OpenSSH,
but here comes my suggestion:
I recently stumbled upon the scponly shell which in it's chroot:ed form is
an ideal solution when you want to share some files with people you trust
more or less.
The problem is, if you use the scponlyc as shell, port forwarding is still
allowed. This can of course be dissallowed in
2015 Jul 29
2
[PATCH] ssh: Add option to present certificates on command line
..._FILES)
+ fatal("%.200s line %d: Too many identity files specified (max %d).",
+ filename, linenum, SSH_MAX_CERTIFICATE_FILES);
+ add_certificate_file(options, NULL,
+ arg, flags & SSHCONF_USERCONF);
+ }
+ break;
+
case oXAuthLocation:
charptr=&options->xauth_location;
goto parse_string;
@@ -1625,6 +1672,7 @@ initialize_options(Options * options)
options->hostkeyalgorithms = NULL;
options->protocol = SSH_PROTO_UNKNOWN;
options->num_identity_files = 0;
+ options->num_certificate_files = 0;
options->hostname = NULL;
options->host_ke...
2010 Jan 14
1
ssh(1) multiplexing rewrite
...;%s: no channel for id %d", __func__, id);
-
- display = getenv("DISPLAY");
- if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
- char *proto, *data;
- /* Get reasonable local authentication information. */
- client_x11_get_proto(display, options.xauth_location,
- options.forward_x11_trusted, &proto, &data);
- /* Request forwarding with authentication spoofing. */
- debug("Requesting X11 forwarding with authentication spoofing.");
- x11_request_forwarding_with_spoofing(id, display, proto, data);
- /* XXX wait for reply */
- }
-...