similar to: Re: THE LINUX/I386 BOOT PROTOCOL - Breaking the 256 limit

I'm building pxe-booted kiosk systems using pxelinux 3.09 and linux kernel 2.6.14. I noticed a discussion on this list that 3.09 supports a 511 character command line but that the kernel would need to be patched to access it beyond 255. How can I patch the kernel to do so? Andrew Lambe Systems Programmer Information Technology Oral Roberts University Tulsa, Oklahoma

Hi Alon, I confirmed with pkcs11-tool (from OpenSC) and I can confirm that pressing return when asked for the pin causes the login to stop (and not to try a empty pin). Can you confirm if a empty pin is actually a valid pin, and if not, can the patch be accepted? Once again, the problem is that from a user experience, *some/most* users would expect they can skip pkcs11 token authentication just

Signed-off-by: Alon Bar-Lev <alon.barlev at gmail.com> --- ssh-agent.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssh-agent.c b/ssh-agent.c index 9e2a37f..415a5ea 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -68,7 +68,9 @@ #include <time.h> #include <string.h> #include <unistd.h> +#ifdef HAVE_UTIL_H #include <util.h> +#endif #include

On Fri, Jun 17, 2016 at 7:57 PM, Alon Bar-Lev <alon.barlev at gmail.com> wrote: > On 17 June 2016 at 20:58, Nuno Gon?alves <nunojpg at gmail.com> wrote: >> Hi, >> >> It seems there is a bug with the pkcs11 feature where a zero-length >> PIN is accepted. I believe this is a bug, since the user might want to >> press return when asked for the PIN to

Hi, Working with apache-sshd I found that it forces ~/.ssh/config to be owned by user without group/others permissions. It failed for me within my valid openssh environment. Within sources (readconf.c::read_config_file), I found that openssh only enforces ownership by user and not group/others write. When I opened an issue, I was referred to this[1] wiki page (not sure who maintain it) claiming

From: Gene Cumm <gene.cumm at gmail.com> alias.c: A simple COM32 module that allows the creation of an alias within the config for SYSLINUX and variants. Signed-off-by: Gene Cumm <gene.cumm at gmail.com> --- Revised based on previous discussion on this list <syslinux at zytor.com> to change the command line string size and account for the possibility of overflowing the

Hello, PKCS#11 is a standard API interface that can be used in order to access cryptographic tokens. You can find the specification at http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most smartcard and other cryptographic device vendors support PKCS#11, opensc also provides PKCS#11 interface. I can easily make the scard.c, scard-opensc.c and ssh-agent.c support PKCS#11. PKCS#11 is

From: Gene Cumm <gene.cumm at gmail.com> run.c: A simple COM32 module that will optionally clear the screen (using newlines) then run a command. Signed-off-by: Gene Cumm <gene.cumm at gmail.com> --- This is based on my alias COM32 module that I submitted back in October, with some improvements to clean up debugging code and optionally clear the screen. LABEL et KERNEL run.c32

[[Sending again, as for some strange reason it is not accepted]] Hello OpenSSH developers, I maintain external patch for PKCS#11 smartcard support into OpenSSH[1] , many users already apply and use this patch. I wish to know if anyone is interesting in working toward merging this into mainline. I had some discussion with Damien Miller, but then he disappeared. Having standard smartcard

Hello, I've looked for a BIDI HOW-TO, but did not find any. I use wine-0.9.5, and run IE using ies4linux. It works great including Hebrew showing Hebrew text correctly. The problem is that I could not write any Hebrew character... Whenever I type a character I get "?". So I've looked at wine-bidi issues, and found that I need to compile wine with icu library. I did! using

Hello, This hostkeys extension is great, reading[1]: """ OpenSSH supports a protocol extension allowing a server to inform a client of all its protocol v.2 host keys after user-authentication has completed. """ I wonder, why should user authentication be completed before this functionality is available? This means that ssh-keyscan tool (for example) cannot take

Hello OpenSSH developers, A week ago I've posted a patch that enables openssh to work with PKCS#11 tokens. I didn't receive any comments regarding the patch or reply to my questions. In current software world, providing a security product that does not support standard interface for external cryptographic hardware makes the product obsolete. Please comment my patch, so I can know

Hi, I have a setup in which I run sshd as unprivileged user at dedicated port to serve specific application. It is working perfectly! One tweak I had to do, since the AuthorizedKeysCommand feature requires file to be owned by root, I had to use root owned command at root owned directory, although it does not add a security value. At auth2-pubkey.c::user_key_command_allowed2(), we have the

Alon, On 12/18/2018 06:52 PM, Alon Bar-Lev wrote: > OK... So you have an issue... > > First, you need to delegate your smartcard to remote machine, probably > using unix socket redirection managed by openssh. This can be done in > many levels... > 1. Delegate USB device, this will enable only exclusive usage of the > smartcard by remote machine. > 2. Delegate PC/SC, this

Hello, Maybe I did not understand correctly the PKI trust, so forgive me if I am wrong. For example, I have multiple hosts that all serves as monitoring server, I would like to trust only these hosts, so I enrol a certificate for these using "monitoring" principal, so I can connect only to these. At first I thought we can do Match statement at ssh_config, however, the Match is being

This patch fixes an inefficiency and potential system lockup in the 2.4 kernel's ext3 filesystem. The problem has been present since 2.4.20-pre5. This patch is applicable to 2.4.20. A copy is at http://www.zip.com.au/~akpm/linux/patches/2.4/2.4.20/ext3-scheduling-storm.patch Anyone who is using tasks which have realtime scheduling policy on ext3 systems should apply this change.

Hello, The version 0.11 of "PKCS#11 support in OpenSSH" is published. Changes: 1. Updated against OpenSSH 4.3p2. 2. Modified against Roumen Petrov's X.509 patch (version 5.4), so self-signed certificates are treated by the X.509 patch now. 3. Added --pkcs11-x509-force-ssh if X.509 patch applied, until some issues with the X.509 patch are resolved. 4. Fixed issues with gcc-2. You

The patch titled Subject: ocfs2: fix use-after-free when unmounting read-only filesystem has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-fix-use-after-free-when-unmounting-read-only-filesystem.patch This patch will shortly appear at

In 2.4.20-pre5 an optimisation was made to the ext3 fsync function which can very easily cause file data corruption at unmount time. This was first reported by Nick Piggin on November 29th (one day after 2.4.20 was released, and three months after the bug was merged. Unfortunate timing) This only affects filesystems which were mounted with the `data=journal' option. Or files which are

ssh-keygen already supports importing and exporting ssh keys using various formats. The "-m PEM" which should have been the easiest to be used with various of external application expects PKCS#1 encoded key, while many applications use SubjectPublicKeyInfo encoded key. This change adds SubjectPublicKeyInfo support, to ease integration with applications. Examples: ## convert