similar to: OpenSSH Security bug: port forwarding

Hi, Has anybody produced diffs for openssh-2.3.0p1 for the rsa keyexchange problem that Core-SDI described ? ( I noticed that fix is already in openbsd tree ). -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169

Hi, I noticed one small possible error in the openssh-2.3.0p1/contrib/redhat/sshd.init script. In the stop option: stop) echo -n "Shutting down sshd: " if [ -f $PID_FILE ] ; then killproc sshd [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd fi echo

Hi ! Is anyone working on getting -R (remote port forwarding) working with protocol 2 ? I might be interested in helping but don't want to duplicate any previous work. -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169

Hi guys, and here's a security related bug report. I think it's has been fixed in the 2.2.x-release of openssh, but I'm not sure. I tried to reproduce the problem with my 2.2.0p1 and could find any difference in the behaviour of ssh depending on wether PermitRootLogin was set to no. Could someone please confirm that this problem is not existing anymore? > When PermitRootLogin is

I'm having trouble with users transferring files to a solaris box running ossh v2.3.1p1 via sftp using ssh.com's windows client. The sftp client appears not to respect the users umask, creating files with either mode 666 or 600. We're using version 2.4.0 of the windows client. Any ideas? thanks, -Brett ----------------- Brett Longworth Systems Manager Department of Biology

Hello, Questions, observations, and curiosities. Maybe this is something stupid or maybe I'm doing something wrong... But... In light of the Kurt Seifried paper on SSH and SSL, I was looking for the finger prints on my various servers and known hosts files to have a little crib sheet and maybe plug the list into a database on my palm pilot. I found that ssh-keygen lists out the

Hi ! Here's a patch to add remote port forwarding support (protocol 2) for openssh. I have tried to test that it works like it should but a more thorough testing is needed. This patch adds both client/server support. The patch should be applied to openssh-2.1.1p4 source tree. Also included is a PortForwarding sshd_config option, new ./configure option --disable-forwarding that should make it

hi, I am taking an error like this while loging into a AIX 4.3.3 on ssh 2.4.0 WARNING: putuserattr SEC_COMMIT failed: A file or directory in the path name does not exist. is there any one knowing why this happens or do you know anybody who can tell me why it happens ? thanks in advance .

Hi ! I think that the configure option --with-ipaddr-display doesn't set the IPADDR_IN_DISPLAY define in config.h Here's a small patch to configure.in that should enable the feature (after running autoconf again). -Jarno --- openssh-2.1.1p4-orig/configure.in Sat Jul 15 07:59:14 2000 +++ openssh-2.1.1p4/configure.in Mon Aug 7 08:18:15 2000 @@ -1026,7 +1026,7 @@

Hi, Openssh sshd opens the socket that forwards users requested port forwards as root, so the connection seems to come from root. Is it enough to open the socket as normal user so the connection would appear to come from that user ? (On Linux this seems to work, but what about other OS's ?) I tested this briefly by wrapping the channel_connect_to(target,target_port); (in

Hi, I'm sorry if this has already come up on the list, I did a quick search of the archive and didn't notice it. I noticed IMHO strange behavior in read_passphrase: If readpassphrase returns NULL and sets errno to ENOTTY, then read_passphrase returns an empty passphrase to the caller instead of error, now what happens with password authentication is that if readpassphrase fails every

Hi all, I'm using openssh-2.9p2 on Solaris 2.8. I can get remote port forwarding to work using the -R flag, but only with ssh protocol 1 not ssh protocol 2. I've read that remote forwarding protocol 2 was not supported in earlier versions of openssh, but I'm wondering if this is still the case. Jarno Huuskonen [Jarno.Huuskonen at uku.fi], posted a patch in 2000 to add support for

Hi ! While browsing Linux manpages (man 3 syslog) I noticed that the manual says that the LOG_AUTH facility is deprecated use LOG_AUTHPRIV instead. Is there a good reason why OpenSSH doesn't have an option to use LOG_AUTHPRIV facility ? (Looks like that tcpd/telnet etc. use the AUTHPRIV facility (in RH6.2)). Shouldn't be too hard to add the AUTH_PRIV facility ? Cheers, -Jarno --

I noticed a bit of odd behavior with openssh + pam_linux a while back. I do not know if anyone else has seen this since there are a few hoops that have to be jumped through. Background: RedHat 6.2 (heavily customized) running on intel box. Running pam-0.72-20.6.x + Openssh-2.9.9p2-1 (both redhat) Problem: Set a user account to expire as of yesterday (via shadow entry) Set the users account

Hi, I'm doing some quick tests with nsd-4.0.0b5 and (rc2). And found something strange when changing (nsd-control reconfig) one zone from: zone: name: 10.in-addr.arpa zonefile: /zones/empty.zone to zone: name: 10.in-addr.arpa request-xfr: 192.168.122.12 NOKEY allow-notify: 192.168.122.12 NOKEY zonefile: /zones/slave/10.rev and doing nsd-control reconfig. After

Hi ! I hacked together a couple of patches for Openssh 2.1.1p4 port forwarding. It is a one patch file that does the following two things: First: If the server is configured not to allow port forwardings it sends SSH_SMSG_FAILURE (protocol 1) while openssh client expects SSH_SMSG_SUCCESS. When the client gets the failure it exists with protocol error message. This patch will accept both failure

I have just uploaded a new snapshot to: http://www.mindrot.org/misc/openssh/openssh-SNAP-20001114.tar.gz This snapshot includes Markus Friedl's new SSH2 RSA authentication work and -R portforwarding for SSH2. Please give these a good test. The new RSA authentications works similar to the current SSH2 DSA keys, but requires a little modification to config files. Currently RSA key cannot be

I have the following line in the sshd_config file: GatewayPorts no If I launch the ssh client as this: ssh -l user host -R 9000:otherHost:25 the port forwarding is successful! :-( As you can see, the 'netstat -na' command shows the Secure Shell daemon listening to the port 9000. Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

Hi all, I'm very new in this list, as looking for codes to plug up the lack of functionality of "Protocol 2 Remote Forwardig". Fortunately, I could find it in MARC's archive. Mr. Jarno Huuskonen posted the codes in Sept, last year, and I tried applying it to my FreeBSD box environment. I couldn't apply an original patch, of course, for incompatibility of virsion. The