similar to: [Bug 629] sshd_config & PAM backwards compatibility

http://bugzilla.mindrot.org/show_bug.cgi?id=630 Summary: built-in ssh-rand-helper Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org ReportedBy: aet at cc.hut.fi

Hi, This is included in the release now; any feedback? Privilege separation, or privsep, is method in OpenSSH by which operations that require root privilege are performed by a separate privileged monitor process. Its purpose is to prevent privilege escalation by containing corruption to an unprivileged process. More information is available at:

http://bugzilla.mindrot.org/show_bug.cgi?id=220 ------- Additional Comments From markus at openbsd.org 2002-04-18 06:01 ------- i think i've seen this before and it was related to the realpath() implementation.... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=345 stevesk at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Lutz.Jaenicke at aet.TU- | |Cottbus.DE ------- Additional Comments From stevesk at

http://bugzilla.mindrot.org/show_bug.cgi?id=237 aet at cc.hut.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Key authentication failed |Key authentication failed |with SSH 2 / Path wrong |with SSH 2 / Path wrong ------- Additional Comments From aet at

On Solaris 10 (SPARC & x86), I'm seeing the following error: error: Failed to allocate internet-domain X11 display socket. I tracked this down to this code change between openssh 4.7p1 and 5.0p1: *** openssh-4.7p1/channels.c Mon Jun 25 03:04:47 2007 --- openssh-5.0p1/channels.c Wed Apr 2 15:43:57 2008 *************** *** 1,4 **** ! /* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03

This is the 2nd revision of the Advisory. 1. Versions affected: Serveral versions of OpenSSH's sshd between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. All versions between 2.3.1 and 3.3 contain a bug in the PAMAuthenticationViaKbdInt code. All versions between 2.9.9 and 3.3

Here is a long-overdue (sorry about that) patch for Tru64. It is pretty minor mostly (minor formatting and removal of a couple of unneeded calls), and it disables post-auth privsep (so that OpenSSH will work "out of the box" on Tru64, avoiding the many questions). I'm also looking at getting setproctitle working. For Tru64 4.x, it isn't a big deal (normal PS_USE_CLOBBER_ARGV

Hi! I am resending the following message about problems with utmp handling. * In the meantime I had some request in private mail from people asking whether I have new information. * The problem is still persistant in 2.9p2. * My own new investigations show, that the problem only appears with protocol 2, not with protocol 1, I therefore only started to note it when protocol 2 became the

Hi! I am distributing 2.5.1p1 for production use on my system by now and prepare switching to protocol 2 as default protocol. I just noted, that ssh-agent can be used for protocol 1 and 2, but the keys kept in ssh-agent are not compared against keys in .ssh. Example: I have a DSA key in id_dsa which I load into ssh-agent on login. When connecting to an account accepting the key everything is

Hi everyone: I am new so I hope so that this list will be the correct place for my question. I install openssh-2.3.0p1 yesterday on a machine with Red Hut Linux 6.2 and it was fine as client but not as server in other words I can use openssh from my machine to get in the other machines but when I try to do from another machines to the machine that I mentioned above, I got a error that said

Hi, Initially when we do ssh from Cisco IOS Router to my linux machine, we use to see only one password prompt , even though we configured number of password prompts in Linux machine to 3. So, to overcome this issue , someone changed the values in sshd_config file in openssh-3.5pl. Before Fix #ChallengeResponseAuthentication yes #PAMAuthenticationViaKbdInt no After Fix

Hi there, when enabling the option PAMAuthenticationViaKbdInt, a login with password is always possible, even though when you disabled it with PasswordAuthentication no and PermitRootLogin without-password! Is this intended? Why is there no documentation about this (or at least a waring in the default configuration file)? The problem is, it is enabled in the default installation of Debian

Before an IP Phones can be registered to an Asterisk server, the extension for it must be configured in Asterisk. Usually, Asterisk adminintor must add the extension by hand. Is there any library, API to do this by software??? For example, i want to develope a software that add new extensions to Asterisk system, sothat, any IP Phones can use that extensions to establish a call. I'm digging

Hi! I have just made the 0.9.0 release of PRNGD available. PRNGD is the Pseudo Random Number Generator Daemon. It has an EGD compatible interface and is designed to provide entropy on systems not having /dev/*random devices. Software supporting EGD style entropy requests are openssh, Apache/mod_ssl, Postfix/TLS... Automatic querying of EGD sockets at fixed locations has been introduced in the

The following is a patch (based on FreeBSD code) which gets kbd-int working with privsep. It moves the kbd-int PAM conversation to a child process and communicates with it over a socket. The patch has a limitation: it does not handle multiple prompts - I have no idea how common these are in real-life. Furthermore it is not well tested at all (despite my many requests on openssh-unix-dev@). -d

Anybody uses Asterisk Java to register an extension to an Asterisk server ??? Is there any solution for this ? Phan Anh Vu DT12.K49.HUT RDLab ( C9.410 ) HUT --------------------------------- Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi! I have experimented a bit with the latest OpenSSH from the CVS archive. I could realize some connections succesfully, but I experienced performance problem during the connection phase. It seems, that the client needs quite some computer time just after debug: Got SSH2_MSG_KEX_DH_GEX_GROUP. By inserting test-printouts, I verifyed that the dh_gen_key(dh); call seems to take that long. On a HP

http://bugzilla.mindrot.org/show_bug.cgi?id=221 Summary: updates for OpenSC support Product: Portable OpenSSH Version: -current Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: markus

http://bugzilla.mindrot.org/show_bug.cgi?id=289 Summary: mmap error when trying to use 3.3p1 with privsep Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org