similar to: Last S/Key thing to consider...

Hi, I am trying to use/install openSSH 2.5.2p1 with S/Key support. The recommended libraries come from the following site: http://www.sparc.spb.su/solaris/skey/ Is that a credible source? During the compilation of skey, I notice some reference to sendmail. Could you please advise on this? Also, once S/Key support is built into openSSH do I need to go an get S/Key server and client software

Hi, I need to setup OpenSSH on a AIX host with skey support. I have search this mailing list archive and try all incarnation of skey lib, but couldn't get openssh to compile with skey support on a non openbsd system without pam support. Even on my Linux box, I can't get it to compile. Could someone give me an URL of a ready to compile skey lib that will work for me ? Or tell me how to

Things that are still outstanding: 1) Solaris/Redhat/HPUX session.c patch. I've not seen a ya or na on Kevin's pam patch from the Solaris group. 2) Odd Redhat/Debian scp/ssh issues. .. I'm baffled, and I can't replicate the bug. Nor have I seen anything remotely like it reported. 3) SCO.. Is it happy yet for compiling? =) Completed: 1) mdoc2man.pl .. Commited into

I had some problem when I compiled openssh-1.2.2 on FreeBSD 3.3 with enable skey option like this: ./configure --with-tcp-wrappers --with-skey .. .... ...... gcc -o sshd sshd.o auth-rhosts.o auth-krb4.o auth-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o bsd-login.o md5crypt.o -L. -L/usr/local/ssl/lib -lssh -lz -lcrypto -lutil -lpam -lskey -lwrap

All, When logging into an HP-UX 10.2 system from a Windows NT machine running Cygwin and openssh 2.9p2, control-c sends a sigint to the ssh client on the NT system, thus killing the ssh process. Interestingly enough, this behavior is only observed when using X11 forwarding. I can eliminate the behavior by changing clientloop.c to ignore SIGINT (signal(SIGINT, SIG_IGN) ) but then I'm bak to

Hi Gert, Thanks for your reply. But we can't upgrade to 7.2 version also we don't have plan to upgrade in near future. Can I fix these vulnerabilities in the current version? Regards Abhishek On Tue, Mar 8, 2016 at 6:42 PM, Gert Doering <gert at greenie.muc.de> wrote: > Hi, > > On Tue, Mar 08, 2016 at 06:14:01PM +0530, abhi dhiman wrote: > > Actually I am working

I noticed that AIX now comes with a version of zlib installed in /usr. (I'm working on 5.2) My first inclination was to simply uninstall it and use the one we compile (and put in /usr/local). However, IBM has made zlib part of the RPM package itself! So, I cannot uninstall it without removing RPM.... Next, I tried passing --with-zlib=/usr/local to configure for ssh. This seems to work, but

I have just uploaded another snapshot to: http://www.mindrot.org/misc/openssh/openssh-SNAP-20001028.tar.gz Please test this one extra hard, it is likely to become 2.3.0p1 early next week. Regards, Damien Miller -- | ``We've all heard that a million monkeys banging on | Damien Miller - | a million typewriters will eventually reproduce the | <djm at mindrot.org> | works of

I have just uploaded a new snapshot to: http://www.mindrot.org/misc/openssh/openssh-SNAP-20001114.tar.gz This snapshot includes Markus Friedl's new SSH2 RSA authentication work and -R portforwarding for SSH2. Please give these a good test. The new RSA authentications works similar to the current SSH2 DSA keys, but requires a little modification to config files. Currently RSA key cannot be

As I understand currently there is no way in sshd_config to match based on the client public key so different configuration for the same username can be applied depending on the key, right? My case is a backup login that needs to run as a root to access all the files and where I want to use ForceCommand to allow the login only to execute a particular command and yet still allow normal root

Hi, On Tue, Oct 17, 2017 at 05:54:52AM -0600, The Doctor wrote: > The best solution is if (LIBRESSL) || (OPENSSL < 1010...) > > Else > > Whatever. > > Is that too much work? Littering code with #ifdef is almost never a good idea. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert

it's really^3 annoying that no matter the value of $HOME, that tilde_expand_filename() only looks at getpwnam() and friends instead of at least trying getenv("HOME"). What is the use case? HOME=longpath_to_config1 ssh -i ~/.ssh/key1 HOME=longpath_to_config2 ssh -i ~/.ssh/key2 but getpwnam() defeats this by always accessing what's in the passwd file. So .ssh/known_hosts is

I would like to implement an arbitrary script to be executed when logging on via SSH. This is supposedly possible using the ForceCommand option to sshd. However, as soon as I implement any script, even as simple as echoing a string, clients can no longer connect to the server. Clients report only that the connection was dropped by the server. The server, in debug mode, shows: Feb 17 16:14:01

I'm using bash. The shell does the correct thing.? Sorry ?didn't give the use case clearly.? I'm talking about the use of tilde inside client config. ?The example was to illustrate desired behavior. Ssh itself does not eval tilde with any consideration for environment. That is the problem.? ? Original Message ? From: Gert Doering Sent: Friday, May 19, 2017 02:19 To: matthew patton

Trying to compile openssh-3.1p1 on SCO using: export CCFLAGS='-L/usr/local/lib -I/usr/local/include' ./configure --sysconfdir=/etc/ssh --with-rsh=/usr/bin/rcmd --exec-prefix=/usr OpenSSH has been configured with the following options: User binaries: /usr/bin System binaries: /usr/sbin Configuration files: /etc/ssh Askpass

Hi All, Actually I am working with the OpenSSH version 6.2p which is vulnerable to above mentioned vulnerabilities. So am looking for some help how I can fix these vulnerabilities in my version. I need to fix it in the OpenSSH code. Regards Abhishek

On Wed, Apr 22, 2015 at 10:55 AM, ?ngel Gonz?lez <keisial at gmail.com> wrote: > On 22/04/15 16:42, Reuben Hawkins wrote: >> >> Hi SSH-devs, >> >> This may be a bit off topic for this list, but.... >> >> Would it be ok to share a private key in an installer script so long >> as the corresponding public key is setup like this... >> >>

This was dicovered in openssh-2.9p2 on BSDi 4.1. If you configure --with-ssl-dir and give a relative path (like ../openssl-0.9.6b), it will not compile because that path is no longer valid once it cds to openbsd-compat. In the CPPFLAGS variable in openbsd-compat/Makefile, you can put in another ../ (-I../openssl-0.9.6a/include becomes -I../../openssl-0.9.6a/include) and it works. Perhaps there

Hi, I've seen a few patches related to the PrivSep works. As far as I can see, it seems to work by using a shared memory segment to communicate. I just want to point out that there are some unix systems that do not have mmap() (SCO, older SVR3 systems) or that might have problems with anonymous shared mmap() (don't have an examples, but e.g. the INN docs are full of warnings concerning

On 6 July 2018 at 17:24, Gert Doering <gert at greenie.muc.de>wrote: [...] > I think we have one customer connection where their firewall admin > thinks "it is more secure that way" - read, we can't ssh in if we come > from high ports. > > OTOH, thanks for the pointer with ProxyCommand - it's a very specific > niche problem with a viable workaround, so I