similar to: Getting the authctxt

Hi Jeremy, Hi Steve, Hi Ronnie, thanks for your replies and the profound discussion. I think, it's best to demonstrate my problem case along an real world example: The following log of a console sesssion shows how I am doing the mounts on behalf Linux Kernel CIFS-FS Module on the client side against a Samba 4.5 file server (both running on Debian Stretch 9.8) via SMB/CIFS resp. SMB2 protocol:

I just want to make sure I'm interpreting this correctly. In 5.0 channel_connect_to would only return the requested socket. You'd then need to use this socket to create the channel with with channel_new. In 5.1 channel_connect_to doesn't return the socket but rolls in channel_new and now returns the channel directly. The usage of channel_new hasn't changed though, only

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

Hello! I have been reading through the OpenSSH 4.0p code. There exist two globals called "Authctxt". One is defined in sshconnect2.c (type 1) and the other in auth.h (type 2). Both are structs with different members. Nevertheless, they are used seemingly interchangeably, e.g.: In line 302 of sshconnect2.c the function "userauth_none" is called: userauth_none(&authctxt);

Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of

Hi, I'm running a medical application on a local network, using MySQL as a database. The application can also connect to remote hosts, so the idea is to install it on one machine acting as a "server", and then install it on the other machines on the LAN, but configure these to use the database on the "server". I guess before doing that, I'll better try and get

Solaris 2.5 does not seem to define MAXHOSTNAMELEN, and a compilation of vanilla OpenSSH 2.9.9p2 fails: > gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. > -I/usr/local/ssl/include -I/usr/local/include > -DETCDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" > -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" >

Hi, we have several samba servers running as AD members (w2003 domain). Since the Upgrade to samba 3.0.8 the following message appears, when accessing a share on the memberserver from clienthost rmts2. [2004/11/10 12:09:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username NTROBOTIC\rmts2$ is invalid on this system [2004/11/10 12:09:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)

The patch below fixes a compile-time warning in readpass.c. MIME-Version: 1.0 Content-Type: application/aegis-patch Subject: openssh.2 - Fix warning in readpass.c Content-Name: openssh.2.C010.patch Content-Disposition: attachment; filename=openssh.2.C010.patch X-Aegis-Project-Name: openssh.2 X-Aegis-Change-Number: 10 # # Fix the following warning in readpass.c: # # readpass.c: In function

The README file seems to refer to an old location of zlib. The current one seems to be: http://www.gzip.org/zlib/ -- Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898

On Fri, Feb 21, 2020 at 04:00:30PM +0100, Florian Weimer wrote: > * Richard W. M. Jones: > > > On Fri, Feb 21, 2020 at 01:19:34PM +0100, Florian Weimer wrote: > >> I think what confuses me is that keep talking about a single binary, but > >> clearly there is this separate vddk DSO, and there is talk of plugins. > >> So it seems to me that multiple files are

If the source and destination file are identical, the receiving scp truncates the file. On the sending end, read() returns 0, and garbage is sent instead of actual data, and the receiving end puts it into the file, which at least confuses the users. -- Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/

On Sun, Jun 14, 2009 at 10:50 AM, Florian Weimer<fw at deneb.enyo.de> wrote: > Is this really a problem for MLton?  I think you only get less precise > alias analysis, and that's it. Correct. However, I want a fair comparison between LLVM performance and the native x86 codegen. If I don't give LLVM the same information the x86 codegen has, it's an unfair comparison.

We recently discovered that our OpenSSH distribution binaries contain retpoline thunks. It's due to this OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc This was quite surprising because at least the GNU/Linux userspace has no provisions for retpolines. You also fail to enable -fno-plt, so you need

On Fri, Feb 21, 2020 at 01:19:34PM +0100, Florian Weimer wrote: > I think what confuses me is that keep talking about a single binary, but > clearly there is this separate vddk DSO, and there is talk of plugins. > So it seems to me that multiple files are involved already? nbdkit is a standalone binary that happens to be able to load plugins from a well-known path, eg

On 02/05/2018 01:33 PM, Florian Weimer wrote: > Do you have strace output going further back, at least to the proceeding > getcwd call?? It would be interesting to see which path the kernel > reports, and if it starts with "(unreachable)". I got the strace output now, but it very difficult to read (chdir in a multi-threaded process ?). My current inclination is to blame

After browsing "Remote timing attacks are practical" (Boneh & Brumley, <http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html>), I wonder if it might be a good idea to add calls to RSA_blinding_on() before the OpenSSL RSA decryption routines are invoked. The issue is not a LAN-only issue, BTW. Packet delay variation is usually higher in LANs than in WANs. -- Florian

On 09/21/2012 05:52 AM, Martinez, Javier E wrote: > The proposal comments have largely centered on the string functions. Do > people feel the same way about memcpy_s? What about those of you > building LLVM on Windows with Visual Studio? Is memcmp_s (or a variant thereof) a win in practice? It covers the case pretty well where you try to copy a dynamically sized buffer to the start

Hi, As a quick workaround for geo-replication to work. Please configure the following option. gluster vol geo-replication <mastervol> <slavehost>::<slavevol> config access_mount true The above option will not do the lazy umount and as a result, all the master and slave volume mounts maintained by geo-replication can be accessed by others. It's also visible in df output.

Hello Rene, Maybe have you already upgrade you openssl/openssh packages if you using debian (or *buntu). http://article.gmane.org/gmane.linux.debian.security.announce/1614 We have found some weak keys : - nightlycomp@rio (sure) - comp@rio (maybe) Are you up to date ? Can Fabrice sent you new ssh public ? Tahnks Best Regards -- Gabriel CORRE gac@4js.com - Four J's Development Tools -