similar to: [Bug 1829] New: auth-rsa.c: move auth_key_is_revoked() call from auth_rsa_verify_response() to auth_rsa_key_allowed()

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=454 ------- Additional Comments From ldv@altlinux.org 2006-03-02 00:39 MET ------- Created an attachment (id=220) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=220&action=view) iptables-1.3.5-alt-link.patch Proposed patch. FC iptables package also attempts to address this issue, but their approach is worse: it

https://bugzilla.mindrot.org/show_bug.cgi?id=2361 Bug ID: 2361 Summary: seccomp filter (not only) for aarch64 Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hi I have very special needs and i wanted to use rsync over ssh. I don't know if a solution already exists for what i want to do. I want to provide rsync over ssh to my users. Howevern i want to have the following limitations : 1. No shell access 2. Limitting users to their home directories I was thinking to the folowing solution, but i don't know if it is secure enough : Create a

https://bugzilla.mindrot.org/show_bug.cgi?id=1930 Bug #: 1930 Summary: Bugs intended to be fixed in 6.0 Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous

Hello there! I have made a patch against OpenSSH 3.0.2p1 which allows the fingerprint of the accepted key to be printed in the log message. It works with SSH1-RSA and SSH2 pubkey (DSA+RSA) authentication. This feature is controllable by the LogKeyFingerprint config option (turned off by default). Michal Kara -------------- next part -------------- diff -u5

Hi, during our usual work I found it anoying that one can not easily see who logged in using public key authentication. In newer versions of SSH the fingerprint of the public key gets logged, but who can tell which key belongs to whom from his head? So I wrote a little ad-hoc patch (vs. 3.5.p1) so that the comment field on the keys in the authorized_keys[2] files get logged to make life

https://bugzilla.mindrot.org/show_bug.cgi?id=1469 Summary: Should sshd detect and reject vulnerable SSH keys (re: Debian DSA-1571 and DSA-1576) Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, I am not sure if this is the correct place to ask these question, if I am at the wrong place please advise. I am currently working on some modifications to openssh which record the users rsa/dsa identity comment file to a log file when the user logs in (password authentication is disabled). The ssh1 portion of the modification works

I was looking through the RSA fingerprinting code from a few releases back, with an eye to being able to close <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=111598>. While it works fine with SSH2, the fingerprint log message goes missing with SSH1. I eventually realized that this is because auth_rsa() is called in the unprivileged child, and so can't write syslog messages. Am I

What are the likely cockpit errors involved when getting POOR results when running this test on an updated CentOS 5.2? Kind regards/ldv [root at shell ~]# dig +short porttest.dns-oarc.net TXT z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. "a.b.c.d is POOR: 26 queries in 1.3 seconds from 1 ports with std dev 0.00"

This patch series consists of minor fixes and cleanups I made during update to openssh V_4_6 branch. openssh/auth-pam.c | 9 ++++----- openssh/auth2.c | 2 -- openssh/readconf.c | 7 ++++--- openssh/servconf.c | 14 ++++++++------ openssh/sftp-server.c | 9 ++++++--- openssh/sshd.c | 2 +- 6 files changed, 23 insertions(+), 20 deletions(-) -- ldv

We tried these rights: [root at mail44 dovecot]# ls -la ????? 80 drwxr-xr-x 8 root root 4096 ??? 13 13:17 . drwxr-xr-x 98 root root 12288 ??? 11 11:47 .. drwxrwxrwx 2 root root 4096 ??? 10 15:58 eckey drwxr-xr-x 2 root root 4096 ??? 13 12:42 eckey2 drwxr-xr-x 2 vmail vmail 4096 ??? 11 09:14 RSAkey [root at mail44 dovecot]# cd eckey2 [root at mail44 eckey2]# ls -la ????? 16

mail_attribute_dict = file:%h/Maildir/dovecot-attributes > dovecot.conf Apparently so?)) ----- ???????? ????????? ----- > ??: "Evgeniy Korneechev" <ekorneechev at altlinux.org> > ????: "dovecot" <dovecot at dovecot.org> > ????????????: ???????, 17 ?????? 2017 ? 17:32:38 > ????: Re: Plugin "mail_crypt" does not work > Hi, guys. Also,

thanks/ldv

Mem: 2075040k total, 1331452k used, 743588k free, 50896k buffers Swap: 2031608k total, 144k used, 2031464k free, 1191532k cached SunFire X2100 running Centos 4.3. Linux maytag1.texoma.net 2.6.9-34.0.2.EL #1 Fri Jul 7 19:24:57 CDT 2006 i686 athlon i386 GNU/Linux rgds/ldv

File authorized_keys is unusable for mass key storage and manipulation. I wan to store keys in something like mysql server, but It will add big unwanted dependency to package. What if we use auth_rsa.c but instead search in file send key to some script and read sigle return value if key finded and empty if not. I think it will be very customizable. -- With Best Regards, Constantine

Came across this page... intended to showcase the high-end capabilities of WMV9... http://www.microsoft.com/windows/windowsmedia/content_provider/film/ContentShowcase.aspx Just thought some people might be interested in it to make some comparisons... and it's also probably some of the highest quality sample material i've found on the net... so it's also useful for me to use as

Hi, already asked in the openssl mailing list, but just in case you already went through this... I need a little help with Certificate Revocation Lists. I did setup client certificates filtering with apache and it seem to work fine so far (used a tutorial on http://www.adone.info/?p=4, down right now). I have a "CA" that is signing a "CA SSL". Then, the "CA SSL" is

Hi, We'd like to run sshd with a configuration morally equivilent to: # stuff ... AuthorizedKeysFile /var/db/keys-distributed-by-security-team/%u AuthorizedKeysFile %h/.ssh/authorized_keys # be backwards compatable for a bit longer yet AuthorizedKeysFile %h/.ssh/authorized_keys2 # more stuff ... The following patch (against the cvs source) turns the authorizedkeysfile statement in sshd.conf

> > You forgot to load mail_crypt plugin. > > mail_plugins = $mail_plugins mail_crypt > With these settings also. # dovecot -n ..... mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_plugins = " mail_crypt" mbox_write_locks = fcntl ..... # service dovecot restart # doveadm mailbox cryptokey usage: doveadm [-Dv] [-f ......... # ls /usr/lib64/dovecot/modules/* | grep