similar to: PAM_RHOST not available for authentication

Damn, forgot the rest of the patch. Here it comes. diff -Nur openssh-2.2.0p1-/ssh-keygen.c openssh-2.2.0p1/ssh-keygen.c --- openssh-2.2.0p1-/ssh-keygen.c Wed Aug 23 02:46:24 2000 +++ openssh-2.2.0p1/ssh-keygen.c Sun Oct 29 16:44:50 2000 @@ -68,7 +68,7 @@ static const char *__progname = "ssh-keygen"; #endif /* HAVE___PROGNAME */ -char hostname[MAXHOSTNAMELEN]; +char

Hi, here's another feature request that I just found and where I would like to hear your comments first: > The above commands are valid ssh-nonfree, but openssh doesn't like them. The > first two are important for security conscious sites. Ciao Christian -- Debian Developer and Quality Assurance Team Member 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6

Hi, I just confirmed this bug for openssh 2.2.0p1. Could you please fix this upstream? Thanks. > The manpage for sshd lists the option 'PrintLastLogin' as being enabled by > default, but in fact the option is called 'PrintLastLog'. I encountered > this problem when upgrading, after customizing my sshd_config file, and not > accepting the Debian version upon upgrade

Hi, and here's the next feature request, which sounds interesting. Also I think I won't need much extra code to add this feature. So what do you guys think? > `ssh' with its host key checking is incompatible with the use of > `redir' to map different ports on a gateway/firewall system to > different systems behind the firewall. > For instance, I redirect ports as

Hi, and here's another bug report against openssh which I could verify using openssh from cvs. So could we please change the behaviour of openssh to be consistent? > when /etc/nologin exists and the pam_nologin.so module is included in > the sshd pam file then users will be denied access when it exists > (though its contents are not displayed to them) however if the user >

Hi, and another feature request that I got from a debian user and that I think should be included in openssh. Thanks. |Unlike the 'old' ssh (Package: ssh; Version: 1.2.26-1.2)'s scp |openssh's scp does not support the -L option which according to |old ssh's manpage does the following: |> -L Use non privileged port. With this you cannot use |>

Hi guys, here's another nasty bug in openssh that I also noticed. Has this already been fixed or would someone please take care of this? Thanks. > If I enable the line: > auth required pam_env.so > to the ssh pam file, with the following line in > /etc/security/pam_env.conf > file: > PATH DEFAULT=/usr/local/bin:/bin:/usr/bin:/usr/bin/X11:/usr/games > then

Hi, here's another bug report against openssh with a patch included (from the same person who submitted the bug report). Would you please apply it? Thanks! > The Debian package of ssh includes patches to recognize a 'PrintLastLog' > option which can be used to disable the automatic display of the last > login time. (This is often handled by PAM.) The option is scanned and

Hi guys, and here's a security related bug report. I think it's has been fixed in the 2.2.x-release of openssh, but I'm not sure. I tried to reproduce the problem with my 2.2.0p1 and could find any difference in the behaviour of ssh depending on wether PermitRootLogin was set to no. Could someone please confirm that this problem is not existing anymore? > When PermitRootLogin is

Hi, here's a minor and easy to fix bug. Thanks for fixing: > Manual for ssh-copy-id claims public key will be appended to remote file > ~/.ssh/authorised_keys, which should read ~/.ssh/authorized_keys ('s'->'z'). Ciao Christian -- Debian Developer and Quality Assurance Team Member 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853

Hi, I just ltraced ssh to see why it prints the lastlog twice instead of one time. I think the bug seems to be in the parsing of the lastlog-entry and I especially think that the function lastlog_populate_entry is the buggy one, but I'm not sure, as I'm not very familar with the code. So if someone of you, would please trace this bug down and fix it, I would really appreciate that.

Hi, if i add --with-tcp-wrappers and --with-skey and don't have an skey-library installed configure will fail with a message telling me that I don't have libwrap installed. But after looking into config.log I see the following: |configure:6344: checking for libwrap |configure:6356: gcc -o conftest -g -O2 -Wall -I. -I. conftest.c -ldl -lnsl -lz | -lutil -lpam -lcrypto -lskey -lwrap

Hi guys, and another feature request for sshd which I would classify as really useful. And I think this behaviour is currently not available (If yes, sorry, I must have missed it): > I believe that the sshd should log which RSA key was used to connect to > an account. When there are a number of keys in the authorized_keys file > it is often useful to know which one was used for each

Hi, and that's another feature request. Sorry if it looks like some kind of spamming, but our current maintainer was very stressed in the past and had not time to forward those reports to you and now I help him a bit out. So thanks for your patience and answering of all my mails with bugreport and feature-reqeust. > Debian by default uses the user-group system. Each user has their own

Hi, and another interesting bug report, where I'm not sure what the correct behaviour of openssh should be. Thanks for your comments: > I find myself frequently using OpenSSH to log in and perform a single > command (particularly in a script to perform some quick, simple task on > multiple machines I administer). If the '-t' option is not included, the > behavior is no

Morning, and that's the next bugreport that I have to forward you, because the fix should be applied in the upstream sources. Thanks. > sshd (in ssh 1:1.2.3-9) in its default configuration reads > /etc/environment file twice when a user logs in: first, it is > read through pam_env module of PAM (due to the configuration > in /etc/pam.d/ssh), and then by

Hi, here's a patch so that ssh also supports hurd-i386. Thanks for incorporating. The patch comes from Robert Bihlmeyer <robbe at orcus.priv.at>. > openssh 2.2.0p1-1.1 does not build on the Hurd. The appended patch > fixes that. Changes in detail: > * PAM is not (yet?) supported, so the PAM dependencies are only put into > the control file on architectures != hurd-i386.

This is actually something I had on my mind to write about in the past few -stable and alpha releases, but did not get to and instead always patched myself. Now having updated to the latest snapshot (which may be released as beta1), I stumbled on it again: In src/auth/passdb-pam.c, where the client host is passed to PAM, the code looks like this: #ifdef PAM_RHOST const char *host =

Hi, When running in inetd mode (-i), if stdin/stdout are not an IP socket, sshd will set PAM_RHOST to "UNKNOWN" which causes a reverse DNS lookup by pam that always fails because "UNKNOWN" cannot be resolved. I've posted a possible fix here: https://github.com/openssh/openssh-portable/pull/388 Cheers, Daan De Meyer

A little problem, which is bugging me: when using PAM authentication, Dovecot (0.99.5) does not set the PAM_RHOST item, so the PAM modules cannot know who the client is. We need this for some PAM module doing access control. Changing passdb-pam.c to pam_set_item it seems trivial, but I'm bugged as to how to get the client name from there. It seems not to be available in the auth_request