similar to: Kerberos/AFS options in ssh/sshd while disabling them in configure

Dear OpenSSH developers, Hello, I strongly support this suggestion ie. adding the sentence "This option has been disabled at compile time" as appropriate. It would be even more helpful if you said how to enable it (krb) at compile time. Remember, this is the only documentation available. I spent some time wondering about this before searching the archives. Ok, while we are on the

Hello all, I just noticed that AllowHosts feature of SSH Inc's sshd isn't there in OpenSSH yet. Has anyone been working on this? Am I the only one that seems to miss this feature? AllowUsers and AllowGroups is a very nice feature though :) -- Pekka Savola "Tell me of difficulties surmounted, Pekka.Savola at netcore.fi not those you stumble over and

whoops, not announce. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Thu, 7 Mar 2002 16:59:38 +0200 (EET) From: Pekka Savola <pekkas at netcore.fi> To: Markus Friedl <markus at

Hello all, I just found a bug a nice bug that can be turned into a real feature on systems (usually Linux) that are built with --with-ipv4-default. If you enable IPv6 in kernel, and enable both listenaddress 0.0.0.0 and ::, sshd will error out 'address family not supported'. However, you can work around this error by starting sshd with 'sshd -4 -6'. As far as man page is

Hello all, sshd configuration file options change from one release to another. If you forget updating sshd_config, sshd will not start. This is especially painful for update scripts etc. where you can't do e.g. 'sshd -p 2022' to see if it's okay. May I suggest some option, e.g. sshd -t, which would test config files and other obvious issues and return an errorcode if something

Hello all, I'm using the attached patch. With it, if you add OPTIONS="-6" in /etc/sysconfig/sshd (this kind of sysconfig/<name> is a pretty normal RHL practice), then you can enable ipv4 and ipv6 on RHL without problems and without having to modify the init.d/sshd script. This or something like should IMO be added. Removing 'noreplace' from sshd_config

Hi, Running openssh-2.9p2 on Linux. If server is run with 'sshd -6' (to enable ipv6 easily on server end), ie all IPv4 are represented as mapped addresses, port forwarding will not work; just running plain ol' IPv4 fixes this of course. The server error, when forwarding from the client '143:localhost:143' and connecting to localhost 143 is: debug1:

Hello all, A few days ago I noticed that the following seems to happen when upgradign OpenSSH on Linux-based (/etc/rc.d/init.d/sshd) based systems: - sshd is restarted with 'sshd restart'; however sshd serving in port 22 is not replaced. - you have to kill the old one (netstat -ltp | grep :ssh ; kill ...) first, then restart sshd. - This might happen only when performing the upgrade

Hello all, I just noticed that 'KbdInteractiveAuthentication' is not mentioned in sshd.8 or anywhere else on the man page. Someone with better knowledge about it than me, please fix this :-) Also, there were talks about supporting cryptocards about 3 months ago. Is there work being done on this? -- Pekka Savola "Tell me of difficulties surmounted, Pekka.Savola at

Hello all, It seems that RhostsAuthentication does not work on non-default port no matter what when connecting from OpenSSH (2.1.1, 2.2.0 tried) either with protocol 1 or protocol 2 (shouldn't work either..). _However_ when connecting with SSH.COM Ltd's ssh, RhostsAuthentication works just fine! Checking the port number of ssh client you can see that OpenSSH doesn't assign

Hey All, Found a very minor problem with client implementation of KerberosTgtPassing command line flag in ssh.c (first diff). We also made some readability patches to the config files and manpages to make the option clearer (the remainder of the diffs). diffs are against -current Index: ssh.c =================================================================== RCS file:

Hello all, OpenSSL 0.9.5a and 0.9.6 are incompatible, causing weird errors. I'd like to get a check for this in the RPMs. However, now I want to make sure whether anyone has experienced problems with RHL 0.9.5a OpenSSL libs vs. the 0.9.5a ones provided at openbsd.org? Ie: is it enough to check like '= 0.9.5a' or do you have to check '= 0.9.5a-xyz'. -- Pekka Savola

Hello all, Compiling 2.1.1p1 on my RedHat Linux 6.2 w/ 2.2.16 kernel seems to cause errors from the start.. ---- gcc -O2 -m486 -fno-strength-reduce -Wall -DETCDIR=\"/etc/ssh\" -DSSH_PROGRAM=\"/usr/bin/ssh\" -DSSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh/ssh-askpass\" -DHAVE_CONFIG_H -c -o bsd-base64.o bsd-base64.c In file included from defines.h:261, from

Hello all, I wonder if this is an oversight/bug/feature, but here it goes. It seems that in OpenSSH 2.1, 'w' (or who) command may print out something like this: ---- USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT pekkas ttyp1 - 3:10am 0.00s 0.08s 0.03s w ---- 2.0beta1 was the one I used before, and that printed FROM field properly. Now,

Hello all, If you try to make a TCP connection to a host, and the host is down, timeouts can be as long as an hour. This is not specific to ssh, or OS. Is this a scenario worth working around, e.g. with a timer when connecting or the like? -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems.

No response yet, so resending. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Fri, 12 Oct 2001 09:44:54 +0300 (EEST) From: Pekka Savola <pekkas at netcore.fi> To: Damien Miller

Hi, I'd like to bring this up again as there has been discussion about 2.4.0 patches. Getting something this big in would probably delay the release too much, but something similar should be considered for 2.5 then. A lot of people would like some control over port forwarding. Florian Weimer's patches (http://cert.uni-stuttgart.de/files/openssh/) are one, rather "big"

Hello all, Very recently, djm added compability patch so that aes/rijndael encryption problems could be avoided when talking to broken server/client; and you wouldn't have to toggle off the protocols yourself. Might this be a candidate for 2.5.2p2 or the like? This would be helpful when there are a lot of broken, 2.3.0 and like, systems. -- Pekka Savola "Tell me of

ChangeLog: 20010429 - (bal) Updated INSTALL. PCRE moved to a new place. - (djm) Release OpenSSH-2.9p1 However, OpenSSH 2.9p1 is not on the official FTP sites, at least yet? -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords

Hello all, I tried OpenSSH versions 2.1.1p4, 2.2.0p1 and the latest snapshot briefly on 64-bit Irix 6.5.7f an 6.5.9m. Both times, no matter what I do, I'll get 'PRNG initialization failed -- exiting'. This happens with ssh-keygen (the keys aren't even generated yet, ssh binary etc.) It's clear that Irix etc. don't have a proper entropy pool like *BSD and Linux do, but