similar to: [Bug 440] Protocol 1 server key generated at start up even when P1 not used

http://bugzilla.mindrot.org/show_bug.cgi?id=440 ------- Additional Comments From dtucker at zip.com.au 2004-02-10 18:07 ------- Took a quick look at this. I can confirm that when running in inetd ("-i -o Protocol=1,2") the SSHv1 ephemeral keys are still generated for v2 connects, and that with the patch it's not. The patch, however, seems to break SSHv1 connections in inetd

http://bugzilla.mindrot.org/show_bug.cgi?id=440 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From djm at mindrot.org 2003-05-15 21:16

http://bugzilla.mindrot.org/show_bug.cgi?id=440 ------- Additional Comments From markus at openbsd.org 2002-11-21 20:21 ------- when does this happen? i don't see this with version 3.5 (or 2.5.1) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=440 Summary: Protocol 1 server key generated at start up even when P1 not used Product: Portable OpenSSH Version: older versions Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: Build system

fyi -----Original Message----- From: Darren Tucker [mailto:dtucker at zip.com.au] Sent: May 10, 2004 9:43 PM To: Walczak, Stanislaw Subject: Re: FW: found bug in 3.8.p1 ? Please don't send bug reports to my personal email address. Use the mailing list (openssh-unix-dev at mindrot.org), that's what it's there for. Walczak, Stanislaw wrote: [...] >>ian.c.campbell: debug1:

http://bugzilla.mindrot.org/show_bug.cgi?id=423 Summary: Workaround for pw change in privsep mode (3.5.p1) Product: Portable OpenSSH Version: 3.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

Works on my netbsd tinkerbox. NetBSD 5.0.2 NetBSD 5.0.2 (GENERIC) It uses rlimit. Privsep sandbox style: rlimit I also get warnings during make. fmt_scaled.c: In function 'scan_scaled': fmt_scaled.c:84: warning: array subscript has type 'char' fmt_scaled.c:111: warning: array subscript has type 'char' fmt_scaled.c:155: warning: array subscript has type 'char'

Hello All, I've updated the AIX package builder (contrib/aix/buildbff.sh). The changes are below. Please review and commit if OK. First, a question: Does anyone want SRC (System Resource Controller) support in the packages? I don't use it but I've been sent an example of how do do it without modifying sshd itself. Onto the changes: * Supports PrivSep. Postinstall will create

Hello, I have recently upgraded from an older version of OpenSSH to the newer 3.3p1 (first) and now to 3.4p1 - because of the discovered vulnerabilities. The default setting for these versions is to use privilege separation, and this seems to trigger some weird bug with my systems, causing sshd to consume memory until it barfs. Details: 1. OpenSSH 3.3p1, privsep on, compression on:

Hi. If sshd is configured to use PAM and UsePrivilegeSeparation=no or you are logging is as root, any messages returned by PAM session modules are not displayed to the user. (Even when the config file has privsep=yes, logging in as root disables privsep anyway since there's no point, so it behaves the same way as privsep=no). I think I've figured out why: when privsep=no,

http://bugzilla.mindrot.org/show_bug.cgi?id=423 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |serg at bspb.ru ------- Additional Comments From dtucker at zip.com.au 2003-05-13 09:55 ------- *** Bug 562 has been marked as a

Hi all. I have a question regarding privsep. Firstly, the following is my understanding of what happens when privsep is enabled: The sshd daemon is running as root listing on 22(a). When a connection is accepted, a child is forked to handle the connection, this child becomes the monitor(b). The monitor forks the pre-auth privsep slave(c), which sheds it privs and hides in its chroot jail.

Hi all. For those that didn't know it, the OpenSSH portable team has been collecting survey data about the platforms that it runs and the options that it is built with. Partitipation is entirely voluntary and is as simple as running "make send-survey" after building (see the INSTALL file for details and caveats). I've used the data to answer a couple of questions on this list

Darren, I went to install zlib/openssl and openssh on one of my Sun Servers(Solaris 2.7) and they would not install. Is there a website where I can get Sun versions of these products? Thanks, Lou -----Original Message----- From: Darren Tucker [mailto:dtucker at zip.com.au] Sent: Saturday, November 22, 2003 9:35 PM To: Pacelli, Louis M, ALABS Cc: OpenSSH Devel List Subject: Re: zlib missing when

Hi All. Attached is a patch that converts pam_chauthtok_conv into a generic pam_tty_conv, which is used rather than null_conv for do_pam_session. This allows, for example, display of messages from PAM session modules. The accumulation of PAM messages into loginmsg won't help until there is a way to collect loginmsg from the monitor (see, eg, the patches for bug #463). This is because the

Hi all. As Corinna pointed out, there are some cases where sshd will log some authentications twice when privsep=yes. This can happen on any platform although it seems most obvious on the ones that don't do post-auth privsep. It also occurs when sshd logs to stderr (eg running under daemontools) or when you have a /dev/log in the privsep chroot. The patch below attempts to solve this for

http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From michael_steffens at hp.com 2002-11-02 02:40 ------- Created an attachment (id=162) --> (http://bugzilla.mindrot.org/attachment.cgi?id=162&action=view) Patch: Workaround for pw change in privsep mode (3.5.p1) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are

make tests fails: run test login-timeout.sh ... ssh: connect to host 127.0.0.1 port 4242: Connection refused ssh connect after login grace timeout failed without privsep failed connect after login grace timeout make[1]: *** [t-exec] Error 1 make[1]: Leaving directory `/data/openssh-5.2p1.works/regress' make: *** [tests] Error 2 any clues? thanks tedc

http://bugzilla.mindrot.org/show_bug.cgi?id=423 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to