similar to: Problems with Port Forwarding and Password auth

Hi all, Jeremy, after trying to add kernel oplocks = no I got the same errors as describes in my last post. (samba working, but some folders not accessible, even not from commandline unix, can't kill smbd processes......) This is what happens in the log file: any ideas ? [2001/11/29 16:13:00, 1] smbd/service.c:make_connection(610) pc08ust (10.21.1.8) connect to service exchangejg99 as

Hi Alexander, Not sure if this of any help, but we had a similar problem with runaway SMBDs and what seemed to be oplocks. We are running RH6.2 with 0.7.26 ACLs. After much messing around and hassling Jeremy, I eventually changed the kernel from 2.2.19 to 2.2.20 and recompiled everything from scratch. Since then we have not had one of these rogue processes. I think Jeremy was right when he

These patches are against 3.0.1p1. I need them because I have a local mod which needs access to the ServerOptions struct named ``options'', hence the rename. --- auth-rsa.c.orig Mon Nov 19 16:54:01 2001 +++ auth-rsa.c Mon Nov 19 16:56:18 2001 @@ -180,8 +180,7 @@ * user really has the corresponding private key. */ while (fgets(line, sizeof(line), f)) { - char *cp; - char

This patch is against 3.0.2p1. It produces output like the first line in the example below for both v1 and v2 logins. Logging is turned on by sticking ``LogFingerprint yes'' in sshd_conf. It would be nice if something like this would make it into OpenSSH. Dec 4 14:21:09 lizzy.bugworks.com sshd[7774]: [ID 800047 auth.info] Found matching RSA1 key:

As you know, revoking RSA/DSA keys in an SSH environment requires editing all authorized_keys and authorized_keys2 files that reference those public keys. This is, well, difficult at best but certainly very obnoxious, particularly in a large environment. SSH key management is difficult. This patch simplifies key management wherever GSS-API/Kerberos is used and is general enough to be used with

Hi All. Attached is another patch that attempts to do pam_chauthtok() via SSH2 keyboard-interactive authentication. It now passes the results from the authentication thread back to the monitor (based on a suggestion from djm). Because of this, it doesn't call do_pam_account twice and consequently now works on AIX 5.2, which the previous version didn't. I haven't tested it on any

In order to comply with our internal security guidelines, we created a patch on top of openssh-3.6.1p2. With that patch, if sshd sets up a session based on key authentication, it logs to syslog which one of the keys in authorized_keys or authorized_keys2 is actually being used. The patch logs the key comment (typically the key owner's email address) as well as the name of the file containing

The patch below implements a couple of features which are useful in an environment where users do not have a regular shell login. It allows you to selectively disable certain features on a system-wide level for users with a certain shell; it also allows you to control and audit TCP forwarding in more detail. Our system is an email server with a menu for the login shell; we selectively allow port

This patch (to OpenSSH 3.0.2p1) adds support for using krb4, krb5 and other principal names in authorized_keys entries. It's a sort of replacement for .klogin and .k5login, but it's much more general than .k*login as it applies to any authentication mechanism where a name is associated with the ssh client and it supports name patterns and all the normal authorized_keys entry options

Hi, I've sent that patch once already but it seems more or less forgotten in the tumultuous days of the latest vulnerability. It adds a new define NO_IPPORT_RESERVED_CONCEPT which can be defined on platforms not supporting the concept of "privileged" ports only accessible by privileged users but which allow everyone to use these ports. This patch removes some Cygwin dependencies

BUG: X11 forwarding no longer works in Openssh-2.1.1p2. I think this is due to the wrong sense of the test in session.c:1372 session_x11_req(Session *s) { if (!no_port_forwarding_flag) { debug("X11 forwarding disabled in user configuration file."); return 0; } It should be session_x11_req(Session *s) { if

Howdy, I'm sorry if this is a FAQ but I couldn't reach the openssh.com website so I can't check. Is it possible to use F-Secure SSH FTP 4.1 (client) with the openssh2.2.0p1 server? In the documentation I read that sftp is still on the todo list but "SecureFX (secure ftp)" is supported. Apparently this means there are different ways to do ftp with ssh? In that case which

I apologize if I'm missing the obvious, but does anyone know what causes sshd: channel 0: rcvd big packet 32281, maxpack 16384 The immediate cause seems to be van dyke's windows sftp client. The larger question would seem to be why it's using larger packets than openssh wants to accept. (client is SecureFX 3.3, server is openssh 2.9p2) -- Mike Stone

Hello there! I have made a patch against OpenSSH 3.0.2p1 which allows the fingerprint of the accepted key to be printed in the log message. It works with SSH1-RSA and SSH2 pubkey (DSA+RSA) authentication. This feature is controllable by the LogKeyFingerprint config option (turned off by default). Michal Kara -------------- next part -------------- diff -u5

fyi (i'm behind in following the passord expire efforts). ----- Forwarded message from Logu <logsnaath at gmx.net> ----- Date: Sat, 7 Dec 2002 02:42:52 +0530 From: "Logu" <logsnaath at gmx.net> To: <stevesk at cvs.openbsd.org> Cc: <kumaresh_ind at gmx.net> Subject: Password expiry related clarification in OpenSSH3.5p1 Hello Stevesk, We are using

Hi! Sorry if this has already been reported or even fixed, I didn't search very thoroughly. Here's a patch to make dynamic -R remote port allocation work even when not connecting as root. Without the patch I got that "Server has disabled port forwarding." message visible in the patch. OpenSSH version I'm using is openssh-5.2p1, compiled from official source package,

Hi ! I hacked together a couple of patches for Openssh 2.1.1p4 port forwarding. It is a one patch file that does the following two things: First: If the server is configured not to allow port forwardings it sends SSH_SMSG_FAILURE (protocol 1) while openssh client expects SSH_SMSG_SUCCESS. When the client gets the failure it exists with protocol error message. This patch will accept both failure

Hi, I do tech support for Van Dyke Technologies, and I've run into an interesting problem with the sftp-server under some redhat linux boxes. Two separate customers reported that they were having problems using sftp with SecureFX and OpenSSH. Upon further investigation, the sshd_config file on the redhat box had an incorrect path for the sftp-server in it. The problem is that if the path

Below is a patch against the current OpenBSD OpenSSH CVS to workaround a behavior I have observed when converting from SSH 1.2.27 to OpenSSH while using the same old RSA1 host key for protocol 1. In several cases I saw that old SSH sshd reported a host key size of 1024 bits when OpenSSH saw it as 1023 bits. Without the patch, when OpenSSH's ssh client connects to an old SSH sshd it warns

Hi All. Attached is a patch which adds AIX native password expiry support to sshd. It will only apply to -current and is a subset of the patch I have been working on in the last few months (see bug #14 [1]). It contains code by Pablo Sor, Mark Pitt and Zdenek Tlusty and fixes for bugs reported by many others (see [2] for a full list). It adds a do_tty_change_password function that execs