similar to: /var/log/btmp logging ?

Hi, I noticed one small possible error in the openssh-2.3.0p1/contrib/redhat/sshd.init script. In the stop option: stop) echo -n "Shutting down sshd: " if [ -f $PID_FILE ] ; then killproc sshd [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd fi echo

Hi ! Is anyone working on getting -R (remote port forwarding) working with protocol 2 ? I might be interested in helping but don't want to duplicate any previous work. -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169

Hi ! I think that the configure option --with-ipaddr-display doesn't set the IPADDR_IN_DISPLAY define in config.h Here's a small patch to configure.in that should enable the feature (after running autoconf again). -Jarno --- openssh-2.1.1p4-orig/configure.in Sat Jul 15 07:59:14 2000 +++ openssh-2.1.1p4/configure.in Mon Aug 7 08:18:15 2000 @@ -1026,7 +1026,7 @@

Hi, Openssh sshd opens the socket that forwards users requested port forwards as root, so the connection seems to come from root. Is it enough to open the socket as normal user so the connection would appear to come from that user ? (On Linux this seems to work, but what about other OS's ?) I tested this briefly by wrapping the channel_connect_to(target,target_port); (in

Hello ! Like Edmund EVANS reported openssh-2.1.1p4 won't fork to background when using protocol 2. I managed to hack a little patch that might work ... What is the -N command line option supposed to do ? I gather it should work only with protocol2 and without any command to run on the server (and with some port forwardings ??) Anyway in the patch I put some code to check that -N is used

Hi, I noticed that the AIX specific loginsuccess call uses char *aixloginmsg to retrieve login information. Later this message is printed in session.c (around line 753). Loginsuccess mallocs space for this message and according to the aix docs it's the responsibility of the calling program to free this message. I didn't notice any code in openssh that would free the aixloginmsg. Can

Hi, Does anyone know what algorithm the commercial ssh-2.3.0 uses to display the key fingerprints ? On the manual it says the algorithm is 'bubble babble' but I didn't find out how to actually create this bubble string (I guess I could find out from the sources). I think that it would be a nice option if OpenSSH could print out the host keys fingerprint in same format as the

Hi, Has anybody produced diffs for openssh-2.3.0p1 for the rsa keyexchange problem that Core-SDI described ? ( I noticed that fix is already in openbsd tree ). -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169

Hi ! Here's an experimental patch for openssh-2.1.1p4 to add support (to openssh client) for -R (protocol 2). So if you have access to a commercial ssh2 server (that allows port forwardings) could you test this patch. (Note the openssh server doesn't have support for -R with protocol 2 so testing with openssh server won't do much good). To test remember to use -o "Protocol

Hi ! I hacked together a couple of patches for Openssh 2.1.1p4 port forwarding. It is a one patch file that does the following two things: First: If the server is configured not to allow port forwardings it sends SSH_SMSG_FAILURE (protocol 1) while openssh client expects SSH_SMSG_SUCCESS. When the client gets the failure it exists with protocol error message. This patch will accept both failure

Hi ! Here's a patch to add remote port forwarding support (protocol 2) for openssh. I have tried to test that it works like it should but a more thorough testing is needed. This patch adds both client/server support. The patch should be applied to openssh-2.1.1p4 source tree. Also included is a PortForwarding sshd_config option, new ./configure option --disable-forwarding that should make it

Hi ! While browsing Linux manpages (man 3 syslog) I noticed that the manual says that the LOG_AUTH facility is deprecated use LOG_AUTHPRIV instead. Is there a good reason why OpenSSH doesn't have an option to use LOG_AUTHPRIV facility ? (Looks like that tcpd/telnet etc. use the AUTHPRIV facility (in RH6.2)). Shouldn't be too hard to add the AUTH_PRIV facility ? Cheers, -Jarno --

IN the /var/log/ folder there are two files WTMP and BTMP BTMP is getting huge after a year, about 800MB, WTMP is getting close to 1MB. In the /etc/logrotate.conf I see this -------------------- # no packages own wtmp -- we'll rotate them here /var/log/wtmp { monthly minsize 1M create 0664 root utmp rotate 1 } ------------------- I can see where WTMP will probably rotate

Hi ! Is it possible to add support for expired passwords to OpenSSH ? What I mean by this is that when users password has expired the user is forced to change the password before the shell is executed. At least OpenSSH on linux+pam (RedHat 6.0) denies access if the password has expired ... Would something like this work (as a temporary fix): If the password is expired run a command that first

Hi all, I'm very new in this list, as looking for codes to plug up the lack of functionality of "Protocol 2 Remote Forwardig". Fortunately, I could find it in MARC's archive. Mr. Jarno Huuskonen posted the codes in Sept, last year, and I tried applying it to my FreeBSD box environment. I couldn't apply an original patch, of course, for incompatibility of virsion. The

Hi, I'm sorry if this has already come up on the list, I did a quick search of the archive and didn't notice it. I noticed IMHO strange behavior in read_passphrase: If readpassphrase returns NULL and sets errno to ENOTTY, then read_passphrase returns an empty passphrase to the caller instead of error, now what happens with password authentication is that if readpassphrase fails every

Hi all, I'm using openssh-2.9p2 on Solaris 2.8. I can get remote port forwarding to work using the -R flag, but only with ssh protocol 1 not ssh protocol 2. I've read that remote forwarding protocol 2 was not supported in earlier versions of openssh, but I'm wondering if this is still the case. Jarno Huuskonen [Jarno.Huuskonen at uku.fi], posted a patch in 2000 to add support for

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

Hi. OpenSSH 2.3.0p1 exhibits the following behavior on Linux 2.2.5. I believe this is a bug. Can anyone else replicate this? On any given SSH machine (let's call it 'test'), start ssh like this: ./ssh -L2526:mail.blah.com:25 -f mail.blah.com sleep 1000 (where mail.blah.com is some machine running sendmail, you have a login account, etc.) In a just world (and this works with

I've just finished compiling OpenSSH version 2.1.1p4 for Red Hat Linux 6.2 (i386) with recent patches, using OpenSSL version 0.9.5a, which was compiled to use RSAREF. There are a couple of issues I noticed immediately: 1. The ssh-agent program can only store RSA keys, not DSA keys. 2. Only ssh-add knows to invoke ssh-askpass (if it is not attached to a tty and DISPLAY is set).