similar to: openssh-2.3.0p1 bug: vsprintf("%h") is broken

In 2.3.0, the per-user config file was read before the system-wide config file, so options set in ~/.ssh/config took precedence over system-wide defaults. In 2.9.9, the system-wide file seems to be read first, contrary to the man page (cf. ssh.c ll. 631-632). It seems to me that the old behaviour made more sense. (I discovered the change because I could not override a "ForwardX11"

I've discovered a problem with OpenSSH 2.9.9p2 under Solaris 2.5.1 . In auth.c, secure_filename() walks upwards toward the user's home directory or the filesystem root, verifying that no directories along the way are group or world writable. Solaris 2.5.1's dirname() function has a bug where dirname("/.ssh") returns an empty string instead of "/". This causes

This bug may be specific to the portability releases of OpenSSH. It's minor, but trivially corrected. I'm observing it under: * openssh-2.3.0p1 (openssl-0.9.6) * compiled under Solaris 2.5.1 * running under Solaris 2.5.1 and Solaris 8 The relevant source code does not appear to have changed up to and including openssh-2.9p2. The bug is that the $MAIL environment variable

I just ran into what I'd describe as an unexpected side-effect. I don't think it's necessarily a bug, and I don't need any assistance in working around it, but this information might be useful to others for troubleshooting. This was using OpenSSH built under Solaris 2.5.1, and running under 2.5.1 or 8. The symptom was that after upgrading from 3.7.1p1 to 3.7.1p2, some accounts

On Thu, 27 Sep 2001 20:41:05 EDT, Damien Miller writes: > On Thu, 27 Sep 2001, Dan Astoorian wrote: > > > > > It would (IMHO) be useful if there were a way to optionally configure > > that code to fall back to the internal entropy gathering routines in the > > event that EGD was not available; as it is, the routines simply fail if > > EGD is unavailable at the

This one-line patch prevents OpenSSH from depleting entropy unnecessarily from /dev/urandom when the OpenSSL library acquires its own entropy. Without this patch OpenSSH opens /dev/urandom and reads 32 bytes, and then OpenSSL opens it again and reads an additional 20. -- Dan Astoorian People shouldn't think that it's better to have Sysadmin, CSLab loved and

Hi, It's a shame that the sshd/sftp-server programs do not support chroot and sftp-only users. As far as I can tell, there's a patch availble that modifies OpenSSH to chroot() based on a specific entry in /etc/passwd. Since, I personally, do not enjoy applying unofficial patches to released programs, I was looking for an alternative but found none. I've written a small sample

Now that ssh-rand-helper has been segregated into a separate program, I'd like to revisit an old question about its entropy gathering. - would it be desirable to make it possible for ssh-rand-helper to fall back to external commands if PRNGD cannot be reached, instead of choosing one or the other at compile time? - When using PRNGD, the program gets 48 bytes of entropy from PRNGD,

Hi, there is a tiny bug in readconf.c: options->use_privileged_port is always set to 0 regardless of whether -P is specified or not. This has the effect that RhostsAuthentication is disabled even if "RhostsAuthentication yes" is specified. The (trivial) patch is appended below. Martin ======================================================================== Martin Siegert Academic

Hello I have compiled Openssh3.5 on Solaris 2.6 It works well on 2.6, 2.7 and solaris 8 but on solaris 8 it try to log in /var/adm/wtmp file and it dose not exist. What can I do to fix this. Read something about "build sol" insted of "configure"....but where do i find information about this command (build sol). Mail me on: daniel.d.olsson at telia.se Thanks

On Thu, 15 Nov 2001, Dan Astoorian wrote: > Date: Thu, 15 Nov 2001 16:09:20 -0500 > From: Dan Astoorian <djast at cs.toronto.edu> > To: Ed Phillips <ed at UDel.Edu> > Subject: Re: X11 cookies and forwarding > > On Thu, 15 Nov 2001 15:46:22 EST, Ed Phillips writes: > > I'm guess I wasn't following the whole cookies discussion completely > >

Hi All, I just tried to test my web server with telnet. The only problem was that my web server refuses non-encrypted connections (duh!). I know that SSL and SSH are *entirely* different, but ssh is the only commonly-available encryption-enabled command-line tool around. It would be greate to have an SSL-emulation mode in OpenSSH.... Just wishful thinking, Ciaran --

http://bugzilla.mindrot.org/show_bug.cgi?id=413 Summary: Port forwarding: [localhost:]localport:remotehost:remoteport Product: Portable OpenSSH Version: older versions Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

I didn't see this one applied to the repository yet. It may not be the best patch possible... basic problem is that _LARGEFILE64_SOURCE needs to be defined on Solaris 2.6 if AC_SYS_LARGEFILE ends up doing a '#define _FILE_OFFSET_BITS 64' If _FILE_OFFSET_BITS == 64, then <sys/resource.h> will define a 'struct rlimit64' but NOT define a 'struct rlimit' leading to

>No. ssh-keygen should never be pamifed. It is worthless to do so. > >If we are going to enforce passphrase quality it should be for all OSes. >The world does not revolve around Linux. No matter what the press may >think. The Linux community didn't invent PAM, Sun did. Many more systems than Linux have PAM, Solaris, HP-UX some BSDs for a start. Having said that I agree with

Folks, I've been tasked to find a solution that will create file-transfer-only accounts that are jailed or chrooted to a specific directory. (Not an uncommon task, I think.) Using the OpenSSH server and the OpenSSH scp client program, I can achieve the goal of having a file transfer only account jailed to a specified directory, by using the "scpjail" script (attached) as a

This allows me to set 'ControlPath ~/.ssh/sockets/%h.%p.%u' for example. Have I missed a good reason why ssh_connect finds the default port number for itself instead of just having it in options.port (like we do for the the default in options.user)? --- openssh-4.1p1/ssh.c~ 2005-06-12 09:47:18.000000000 +0100 +++ openssh-4.1p1/ssh.c 2005-06-12 09:40:53.000000000 +0100 @@ -604,6 +604,17

does somebody like this? Index: Makefile.inc =================================================================== RCS file: /cvs/src/usr.bin/ssh/Makefile.inc,v retrieving revision 1.21 diff -u -r1.21 Makefile.inc --- Makefile.inc 30 Oct 2001 20:32:31 -0000 1.21 +++ Makefile.inc 16 Nov 2001 12:07:22 -0000 @@ -10,7 +10,7 @@ CDIAGFLAGS+= -Wmissing-prototypes CDIAGFLAGS+= -Wunused -#DEBUG=-g

Hi, I'm not a subscriber to this list so please CC: me in any replies. I found myself in a situation where I was behind a corporate firewall that allowed only web requests to the outside world (and furthermore those requests had to be via their proxy server). Therefore, I couldn't SSH to the outside world. However, the HTTP proxy 'CONNECT' method, which is normally used to

If bind() fails we _always_ should close socket. I sent this patch while ago to djm but I still don't see this fix in openssh_cvs. diff -urN openssh-2.3.0p1.org/sshd.c openssh-2.3.0p1/sshd.c --- openssh-2.3.0p1.org/sshd.c Sat Jan 6 19:54:11 2001 +++ openssh-2.3.0p1/sshd.c Sat Jan 6 19:55:48 2001 @@ -782,10 +782,10 @@ debug("Bind to port %s on %s.", strport, ntop); /*