similar to: Skey with OpenSSH 2.2.0

Hi, I have a problem after upgrading dovecot 1.0rc1 to 1.0rc6. I don't use SSL at all so I have 'ssl_disable = yes' in my configuration. This works fine in 1.0rc1 but dovecot 1.0rc6 failed to start with the following error message "dovecot: Login process died too early - shutting down". Setting 'ssl_disable = no' resolves the problem but now dovecot announce TLS

Hi, I setup a rather large POP3/IMAP configuration and want to use dovecot proxying feature. I have noted that the capability announce when connecting via the proxies are not the same before you are authenticated and after. Before you are authenticated the proxy announce is own capability and after it announce the final server capability. The problem is that some (most ? all ?) mail client ask

Hi, I have tested dovecot 1.1.rc4. I seems to works fine with my configuration. I have also tested the downgrade from 1.1rc4 to 1.0.10. It seems to work fine too expect the following messages. Apr 15 14:46:44 dev dovecot: IMAP(lolo at gretel.com): Fixing header counts in index /data/mail/gretel.com/l/o/lolo//dovecot.index: Recent counter wrong Apr 15 14:46:49 dev dovecot: IMAP(lolo at

Hi, I have test dovecot on one of my pop3/imap proxies (from rc10 to rc15). I immediately get a lot of error messages like this one : Nov 27 15:10:45 mproxy1 dovecot: pop3-login: file client.c: line 423 (client_unref): assertion failed: (client->destroyed) Nov 27 15:10:45 mproxy1 dovecot: child 21677 (login) killed with signal 6 A lot means one every 2 or 3 seconds. Any suggestion ?

Hi, I am trying to use/install openSSH 2.5.2p1 with S/Key support. The recommended libraries come from the following site: http://www.sparc.spb.su/solaris/skey/ Is that a credible source? During the compilation of skey, I notice some reference to sendmail. Could you please advise on this? Also, once S/Key support is built into openSSH do I need to go an get S/Key server and client software

Hi, it looks like there is a bug (in dovecot or in my config) with quota on maildir mailboxes when accessed via POP3. The maildirsize is not created when not already present (even after a DELE + QUIT command). The quota limit (the first line of maildirsize) is not updated if values are not in sync with those in the database. If maildirsize is present, DELE commands are correctly reported in

What is everyone's opinion on reverting back to the OpenBSD's auth-skey.c which uses S/Key's sha1.h and libskey.a instead of OpenSSL. Personally it does not matter to me. I would perfer to revert back myself to reduce the differences between the two code trees. (Or if OpenBSD could pick up the changes. Either way.) I've already sent a patch to the person doing the portable

Hi, the configure mysql detection doesn't work with MySQL 4.0.x from MySQL AB. Detail information: dovecot 0.99.13, MySQL-devel-4.0.21-0 from MySQL AB. ./configure --with-mysql ... checking for mysql_init in -lmysqlclient... no checking for mysql_init in -lmysqlclient... (cached) no This version of MySQL need to be linked with '-lz'. The configure script check for mysql both with and

Hi, the openssh_cvs Makefile includes the following rules: $(LIBSSH_OBJS): config.h $(LIBOPENBSD_COMPAT_OBJS): config.h but no equivalent for $(LIBSSHD_OBJS) - is this desired or an oversigt? In my case, I built the sshd, tested it, reconfigured with SKEY support, rebuilt (just running "make", no "make clean"), and tracked down the non-working s/key for a while before I

I have just uploaded another snapshot to: http://www.mindrot.org/misc/openssh/openssh-SNAP-20001028.tar.gz Please test this one extra hard, it is likely to become 2.3.0p1 early next week. Regards, Damien Miller -- | ``We've all heard that a million monkeys banging on | Damien Miller - | a million typewriters will eventually reproduce the | <djm at mindrot.org> | works of

Things that are still outstanding: 1) Solaris/Redhat/HPUX session.c patch. I've not seen a ya or na on Kevin's pam patch from the Solaris group. 2) Odd Redhat/Debian scp/ssh issues. .. I'm baffled, and I can't replicate the bug. Nor have I seen anything remotely like it reported. 3) SCO.. Is it happy yet for compiling? =) Completed: 1) mdoc2man.pl .. Commited into

If I configure openssh-2.1.1p4 with the --with-skey option on a Redhat Linux 6.2 system which has openssl-0.9.5a and skey (the logdaemon 6.2 version) installed, the compile fails with the following errors: auth1.c: In function `do_authloop': auth1.c:331: warning: implicit declaration of function `skey_keyinfo' auth1.c:331: warning: initialization makes pointer from integer without a cast

All, How can I get at the daily snapshots? When I go to the website, www.openssh.com, and follow the Linux link to portable.html and then go to request the daily snapshot from http://bass.directhit.com/openssh_snap/, I get prompted for a user id and password. Needless to say, I ain't got. That's real useful. Use to be, I could get the snapshots from the ftp site. Then things

Hi Gert, Thanks for your reply. But we can't upgrade to 7.2 version also we don't have plan to upgrade in near future. Can I fix these vulnerabilities in the current version? Regards Abhishek On Tue, Mar 8, 2016 at 6:42 PM, Gert Doering <gert at greenie.muc.de> wrote: > Hi, > > On Tue, Mar 08, 2016 at 06:14:01PM +0530, abhi dhiman wrote: > > Actually I am working

All, When logging into an HP-UX 10.2 system from a Windows NT machine running Cygwin and openssh 2.9p2, control-c sends a sigint to the ssh client on the NT system, thus killing the ssh process. Interestingly enough, this behavior is only observed when using X11 forwarding. I can eliminate the behavior by changing clientloop.c to ignore SIGINT (signal(SIGINT, SIG_IGN) ) but then I'm bak to

I noticed that AIX now comes with a version of zlib installed in /usr. (I'm working on 5.2) My first inclination was to simply uninstall it and use the one we compile (and put in /usr/local). However, IBM has made zlib part of the RPM package itself! So, I cannot uninstall it without removing RPM.... Next, I tried passing --with-zlib=/usr/local to configure for ssh. This seems to work, but

Hi, On Tue, Oct 17, 2017 at 05:54:52AM -0600, The Doctor wrote: > The best solution is if (LIBRESSL) || (OPENSSL < 1010...) > > Else > > Whatever. > > Is that too much work? Littering code with #ifdef is almost never a good idea. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert

As I understand currently there is no way in sshd_config to match based on the client public key so different configuration for the same username can be applied depending on the key, right? My case is a backup login that needs to run as a root to access all the files and where I want to use ForceCommand to allow the login only to execute a particular command and yet still allow normal root

I'm using bash. The shell does the correct thing.? Sorry ?didn't give the use case clearly.? I'm talking about the use of tilde inside client config. ?The example was to illustrate desired behavior. Ssh itself does not eval tilde with any consideration for environment. That is the problem.? ? Original Message ? From: Gert Doering Sent: Friday, May 19, 2017 02:19 To: matthew patton

it's really^3 annoying that no matter the value of $HOME, that tilde_expand_filename() only looks at getpwnam() and friends instead of at least trying getenv("HOME"). What is the use case? HOME=longpath_to_config1 ssh -i ~/.ssh/key1 HOME=longpath_to_config2 ssh -i ~/.ssh/key2 but getpwnam() defeats this by always accessing what's in the passwd file. So .ssh/known_hosts is