similar to: [PATCH] Fix login.conf, expiration, BSD compatibility in OpenSSH

The following are patches against openssh 2.1.1p4 to add support for the BSD_AUTH authentication mechanisms. It allows the use of non-challenge/response style mechanisms (which styles are allowed my be limited by appropriate auth-ssh entries in login.conf). The patches also add support for calling setusercontext for the appropriate class when called with a command (so that the PATH, limits,

Dear developers of OpenSSH, first of all I want to thank you for your excellent work on OpenSSH! I have compiled OpenSSH 2.5.2p2 on Sun Solaris 2.6 and Sun Solaris 8 and discovered some problems. The first is that OpenSSH doesn't evaluate the file /etc/default/login which contains some flags and parameters for the login process. On important parameter is the default value for PATH. As we

BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's authentication library. However, BSDI's patches have several problems: 1. They don't run the approval phase, so they can allow users to login who aren't supposed to be able to. 2. They don't patch configure to automatically detect the BSDI auth system, so they're not ready to use in a general portable

The references to pw_expire and pw_change in pwcopy() in misc.c cause compilation errors at least on solaris. How about doing a memcpy of the whole structure and only explicitly setting those that need xstrdup? That would work on openbsd and everywhere else. - Dave Dykstra --- misc.c.O Thu Jun 21 11:35:28 2001 +++ misc.c Thu Jun 21 11:36:09 2001 @@ -125,14 +125,10 @@ { struct passwd *copy =

I don't know enough about this to know if these warnings mean that I can't build it or not. Also, since I'm e-mailing anyway, how can I tell what options were compiled into my exiting ssh: My system is freeBSD 4.11. PC% ssh -V OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090704f PC% so that I can do the same thing with the newer version. I don't want to

Hi. I was compiling openssh 4.3p1 on Apple's iMac Core Duo computer and came across following warnings. configure: WARNING: net/if.h: present but cannot be compiled configure: WARNING: net/if.h: check for missing prerequisite headers? configure: WARNING: net/if.h: see the Autoconf documentation configure: WARNING: net/if.h: section "Present But Cannot Be Compiled"

http://bugzilla.mindrot.org/show_bug.cgi?id=298 Summary: sshd fails to set user context, preventing all logins, also setgroups is failing Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: BSDI Status: NEW Severity: major Priority: P2 Component: sshd

If this is a new problem, please contact me and I will get you further information. - Brian checking login_cap.h usability... no checking login_cap.h presence... yes configure: WARNING: login_cap.h: present but cannot be compiled configure: WARNING: login_cap.h: check for missing prerequisite headers? configure: WARNING: login_cap.h: see the Autoconf documentation configure: WARNING:

Hi I've encountered this: configure: WARNING: net/if_tap.h: present but cannot be compiled configure: WARNING: net/if_tap.h: check for missing prerequisite headers? configure: WARNING: net/if_tap.h: see the Autoconf documentation configure: WARNING: net/if_tap.h: section "Present But Cannot Be Compiled" configure: WARNING: net/if_tap.h: proceeding with the

Summary: the newish fourth forwarding argument does not correctly specify the interface on the remote machine for a tunnel in -R On OpenSSH_4.3p2 OpenSSL 0.9.7g 11 Apr 2005, on Kanotix 2.9 kernel 2.6.16.2 and Cygwin 1.5.19(0.150/4/2) and (old) FreeBSD 4.6-RELEASE sshd_config file: AllowTcpForwarding yes GatewayPorts yes Set up a forwarding tunnel: From a Kanotix box inside my firewall:

Per instructions in configure output (if you want all the configure output, I shall be happy to send it): PC% grep -n WARN Config.log 42:configure: WARNING: net/if_tap.h: present but cannot be compiled 43:configure: WARNING: net/if_tap.h: check for missing prerequisite headers? 44:configure: WARNING: net/if_tap.h: see the Autoconf documentation 45:configure: WARNING: net/if_tap.h:

I have a few patches for AIX. The patchfile is attached below. The patch has been tested on AIX4.2 and AIX4.3. The patch is on openssh-1.2.1pre25, with openssl-0.94, using RSAref. 1) authenticate support - this function allows the system to determine authentification. Whatever the system allows for login, authenticate will too. It doesn't matter whether it is AFS, DFS, SecureID, local.

Hello, There has been an annoyance with OpenSSH that has been bugging me lately. It pays no attention to pw_change and pw_expire fields from the passwd file for users by default. Thus even if the admin has set a user's account to expire 5 days ago they can still login. So one might say, just add 'UseLogin yes' and all of your problems will be solved. This of course is not a good

Hi, I am ruunig postfix and MailScanner as a Mailgw on Centos 4.5. I want to know what is default warntime in Postfix? I.e - *what's the equivalent to sendmail's Timeout.queuewarn in POSTFIX ? . ANY IDEAS? *** -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi, I'm not subscribed, so keep me in cc. And thanks for having mailing-list open for posting. I had a couple of problems with OpenSSH on Solaris 8/MU3 + recent patches. 1) When I tried to use scp from any other host, sshd on Solaris host crashed with SIGSEGV. Here's the stack trace: core 'core.sshd.7637' of 7637: ./sshd -d -d -d fefb393c strncpy (ffbee074, 5, 7, 0,

http://bugzilla.mindrot.org/show_bug.cgi?id=601 Summary: configure script doesen't setup preprocessor flags properly Product: Portable OpenSSH Version: 3.6.1p2 Platform: Sparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo:

I believe there is a bug in how AIX handles the KRB5CCNAME environment variable. The symptom occurs when a root user restarts sshd while they have KRB5CCNAME set; all of the resulting client connections will inherit the same KRB5CCNAME variable. This can occur if the admin uses 'ksu' or some other kerberized method of obtaining root privileges. Investigating this problem, I stumbled

http://bugzilla.mindrot.org/show_bug.cgi?id=446 Summary: $LOGIN not set by openssh under AIX Product: Portable OpenSSH Version: -current Platform: All OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: mii at

Using the latest cvs sources, the compilation of ssh.c fails. The 'struct rlimit rlim;' line is being expanded by cpp into 'struct rlimit64 rlim;' and there is no struct rlimit64 defined. In order to get the struct rlimit64 to be included when the #include <sys/resource.h> is used, it appears to need the _LARGEFILE64_SOURCE symbol defined OR it needs the '#if

I am not 100% positive of the security implications of this, but I really can't see any potential for harm. If this patch is applied (I coded it against the now-current openssh-2.2.0p1), then if (a) the authorized_keys entry has command="whatever" to force a specific command, and also (b) the invoker specified some command on their ssh cmdline, then the invoked command will be