search for: xauth_location

...f -u -r openssh-2.1.1p4/servconf.c openssh-2.1.1p4-jhchanges/servconf.c --- openssh-2.1.1p4/servconf.c Sat Jul 15 07:14:17 2000 +++ openssh-2.1.1p4-jhchanges/servconf.c Sun Aug 13 00:06:25 2000 @@ -45,6 +45,7 @@ options->x11_forwarding = -1; options->x11_display_offset = -1; options->xauth_location = NULL; + options->port_forwarding = -1; options->strict_modes = -1; options->keepalives = -1; options->log_facility = (SyslogFacility) - 1; @@ -116,6 +117,8 @@ if (options->xauth_location == NULL) options->xauth_location = XAUTH_PATH; #endif /* XAUTH_PATH */ + if (opt...

...:38.000000000 +0000 +++ openssh-6.1p1-new/servconf.c 2013-01-31 17:12:36.000000000 +0000 @@ -85,6 +85,7 @@ initialize_server_options(ServerOptions options->x11_forwarding = -1; options->x11_display_offset = -1; options->x11_use_localhost = -1; + options->no_pty = -1; options->xauth_location = NULL; options->strict_modes = -1; options->tcp_keep_alive = -1; @@ -201,6 +202,8 @@ fill_default_server_options(ServerOption options->x11_use_localhost = 1; if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; + if (options->no_pty == -1) + op...

...session_close(Session *s) { + char cmd[1024]; + FILE *f = NULL; + int xauth_present = s->auth_proto != NULL && s->auth_data != NULL; + + memset(cmd, 0, sizeof (cmd)); + + if (xauth_present && options.xauth_location != NULL) { + debug("Running %.100s remove %.100s", + options.xauth_location, s->display); + temporarily_use_uid(s->pw->pw_uid); + snprintf(cmd, sizeof (cmd), "%s -q -", + optio...

Hi! Here is the patch to support tcp wrappers with x11-forwarded connections. The patch is for openssh-3.0.1p1 but it works fine with 2.9.9p2 too. I've understood that this will not be included in the official version because it adds complexity (?!) to openssh. Binding the forwarded port to localhost doesn't solve all problems. I've understood that you should also implement

...lt wrote: > This verifies it is xauth related: > > debug3: sending debug message: No xauth program; cannot forward with > spoofing. > > so, added an extra debug - and this is what I see: > > debug1: session_input_channel_req: session 0 req x11-req > debug3: setup_x11fwd: xauth_location == /usr/X11R6/bin/xauth > debug3: sending debug message: No xauth program; cannot forward with > spoofing. > ... > And, I expect noone from IBM has ever said anything - as they still > use OpenSSH-6.0 as a base, although they are also using OpenSSH-7.1, > both of which are not...

...diff -r --unified openssh-3.0.2p1.orig/servconf.c openssh-3.0.2p1/servconf.c --- openssh-3.0.2p1.orig/servconf.c Wed Nov 14 00:03:15 2001 +++ openssh-3.0.2p1/servconf.c Tue Feb 12 14:21:14 2002 @@ -64,6 +64,7 @@ options->x11_forwarding = -1; options->x11_display_offset = -1; options->xauth_location = NULL; + options->xauthority_in_tmp = -1; options->strict_modes = -1; options->keepalives = -1; options->log_facility = (SyslogFacility) - 1; @@ -258,7 +259,7 @@ sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,...

...int row, col, xpixel, ypixel; char tty[TTYSZ]; /* X11 */ + int display_number; char *display; int screen; + char *auth_display[2]; char *auth_proto; char *auth_data; int single_connection; @@ -1415,32 +1417,28 @@ _PATH_SSH_SYSTEM_RC); } else if (do_xauth && options.xauth_location != NULL) { /* Add authority data to .Xauthority if appropriate. */ - char *screen = strchr(s->display, ':'); - if (debug_flag) { fprintf(stderr, "Running %.100s add " "%.100s %.100s %.100s\n", - options.xauth_location, s->dis...

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

...d_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); +#endif /* _CRAY */ #ifdef _AIX if ((cp = getenv("AUTHSTATE")) != NULL) @@ -1392,11 +1419,13 @@ "%.100s %.100s %.100s\n", options.xauth_location, s->auth_display[0], s->auth_proto, s->auth_data); +#ifndef _CRAY if (s->auth_display[1]) fprintf(stderr, "add %.100s %.100s %.100...

On 13/10/2017 08:03, Damien Miller wrote: > On Thu, 12 Oct 2017, Michael Felt wrote: > >> On 08/10/2017 23:32, Michael Felt wrote: >>> On 04/10/2017 11:07, Michael Felt wrote: >>>> I do not often use X11 - but when I do I prefer to enable >>>> X11forwarding, and when finished - turn it off. This is preferable, >>>> imho, to having

...each socket. */ for (n = 0; n < num_socks; n++) { sock = socks[n]; *** session.c.orig Sun Feb 18 20:13:34 2001 --- session.c Wed Feb 21 11:39:06 2001 *************** *** 1361,1366 **** --- 1361,1369 ---- "Running %.100s add %.100s %.100s %.100s\n", options.xauth_location, display, auth_proto, auth_data); + #if 0 + /* it's redundant! really! sshd *never* listens for X11 on a UNIX socket. + * <appro at fy.chalmers.se> */ #ifndef HAVE_CYGWIN /* Unix sockets are not supported */ if (screen != NULL) fprintf(stderr, ***********...

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

..., SOCK_STREAM, 0); if (sock < 0) { if (errno != EINVAL) { error("socket: %.100s", strerror(errno)); return NULL; } else { debug("Socket family %d not supported [X11 disp create]", ai->ai_family); continue; } } session.c, do_child, line 1219: } else if (options.xauth_location != NULL) { /* Add authority data to .Xauthority if appropriate. */ if (auth_proto != NULL && auth_data != NULL) { char *screen = strchr(display, ':'); The problem seems to be that the socket() function not returning EINVAL (as the man page suggests), but is instead returning EA...

...rwarding }, + { "permittcpconnect", sPermitTcpConnect }, + { "permittcplisten", sPermitTcpListen }, { "allowusers", sAllowUsers }, { "denyusers", sDenyUsers }, { "allowgroups", sAllowGroups }, @@ -705,6 +720,30 @@ charptr = &options->xauth_location; goto parse_filename; + case sRestrictedShell: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing restrictions.", + filename, linenum); + options->restrictions = 0; + while ((p = strsep(&arg, ",")) != NULL) { + i...

...xmalloc.h" #include "compat.h" +/* Jarno: import */ +extern int allow_port_forwarding; + /* add listen address */ void add_listen_addr(ServerOptions *options, char *addr); @@ -45,6 +48,7 @@ options->x11_forwarding = -1; options->x11_display_offset = -1; options->xauth_location = NULL; + allow_port_forwarding = -1; options->strict_modes = -1; options->keepalives = -1; options->log_facility = (SyslogFacility) - 1; @@ -116,6 +120,8 @@ if (options->xauth_location == NULL) options->xauth_location = XAUTH_PATH; #endif /* XAUTH_PATH */ + if (allow_por...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs. This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`. [0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683 [1] GitHub PR:

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

..._FILES) + fatal("%.200s line %d: Too many identity files specified (max %d).", + filename, linenum, SSH_MAX_CERTIFICATE_FILES); + add_certificate_file(options, NULL, + arg, flags & SSHCONF_USERCONF); + } + break; + case oXAuthLocation: charptr=&options->xauth_location; goto parse_string; @@ -1625,6 +1672,7 @@ initialize_options(Options * options) options->hostkeyalgorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; + options->num_certificate_files = 0; options->hostname = NULL; options->host_ke...

...;%s: no channel for id %d", __func__, id); - - display = getenv("DISPLAY"); - if (cctx->want_x_fwd && options.forward_x11 && display != NULL) { - char *proto, *data; - /* Get reasonable local authentication information. */ - client_x11_get_proto(display, options.xauth_location, - options.forward_x11_trusted, &proto, &data); - /* Request forwarding with authentication spoofing. */ - debug("Requesting X11 forwarding with authentication spoofing."); - x11_request_forwarding_with_spoofing(id, display, proto, data); - /* XXX wait for reply */ - } -...