Displaying 20 results from an estimated 3000 matches similar to: "Port forwarding control patch"
2001 Feb 21
1
OpenSSL + OpenSSH version problems
Hello all,
OpenSSL 0.9.5a and 0.9.6 are incompatible, causing weird errors.
I'd like to get a check for this in the RPMs.
However, now I want to make sure whether anyone has experienced problems
with RHL 0.9.5a OpenSSL libs vs. the 0.9.5a ones provided at openbsd.org?
Ie: is it enough to check like '= 0.9.5a' or do you have to check '=
0.9.5a-xyz'.
--
Pekka Savola
2002 Mar 07
1
OpenSSH Security Advisory (adv.channelalloc) (fwd)
whoops, not announce.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
---------- Forwarded message ----------
Date: Thu, 7 Mar 2002 16:59:38 +0200 (EET)
From: Pekka Savola <pekkas at netcore.fi>
To: Markus Friedl <markus at
2001 Mar 05
2
--with-ipv4-default and sshd IPv4/6 dual bind hack
Hello all,
I just found a bug a nice bug that can be turned into a real feature on
systems (usually Linux) that are built with --with-ipv4-default.
If you enable IPv6 in kernel, and enable both listenaddress 0.0.0.0 and
::, sshd will error out 'address family not supported'.
However, you can work around this error by starting sshd with 'sshd -4 -6'.
As far as man page is
2001 Feb 21
1
sshd -t to test configuration file syntax?
Hello all,
sshd configuration file options change from one release to another.
If you forget updating sshd_config, sshd will not start.
This is especially painful for update scripts etc. where you can't do e.g.
'sshd -p 2022' to see if it's okay.
May I suggest some option, e.g. sshd -t, which would test config files and
other obvious issues and return an errorcode if something
2001 Mar 26
1
Release with BIGENDIANAES compat option?
Hello all,
Very recently, djm added compability patch so that aes/rijndael encryption
problems could be avoided when talking to broken server/client; and you
wouldn't have to toggle off the protocols yourself.
Might this be a candidate for 2.5.2p2 or the like? This would be helpful
when there are a lot of broken, 2.3.0 and like, systems.
--
Pekka Savola "Tell me of
2001 Apr 25
1
RHL init.d/sshd ipv6 hack
Hello all,
I'm using the attached patch.
With it, if you add
OPTIONS="-6"
in
/etc/sysconfig/sshd
(this kind of sysconfig/<name> is a pretty normal RHL practice), then you
can enable ipv4 and ipv6 on RHL without problems and without having to
modify the init.d/sshd script.
This or something like should IMO be added.
Removing 'noreplace' from sshd_config
2001 Apr 30
1
OpenSSH 2.9p1 release not on FTP sites
ChangeLog:
20010429
- (bal) Updated INSTALL. PCRE moved to a new place.
- (djm) Release OpenSSH-2.9p1
However, OpenSSH 2.9p1 is not on the official FTP sites, at least yet?
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
2001 Jul 23
1
2.9p2: sshd -6, port fwd of ipv4 fails
Hi,
Running openssh-2.9p2 on Linux.
If server is run with 'sshd -6' (to enable ipv6 easily on server end), ie
all IPv4 are represented as mapped addresses, port forwarding will not
work; just running plain ol' IPv4 fixes this of course.
The server error, when forwarding from the client '143:localhost:143' and
connecting to localhost 143 is:
debug1:
2001 Oct 20
8
Recent openssl is required for OPENSSL_free [Re: Please test snapshots for 3.0 release] (fwd)
No response yet, so resending.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
---------- Forwarded message ----------
Date: Fri, 12 Oct 2001 09:44:54 +0300 (EEST)
From: Pekka Savola <pekkas at netcore.fi>
To: Damien Miller
2001 Jun 02
4
authorized_keys2 directory idea
Hi,
In a mail about two weeks ago, I brought up an idea:
---
How SSH makes this easier is that you only have to sync the
authorized_keys2 database to root account's .ssh/ every time new admin
comes in/leaves the house. This can even be automatized rather easily. A
more modular hack would be using authorized_keys2 _directory_, and the
keys in there would all be counted as authorized. Thus
2001 May 01
1
connecting to non-responding hosts: 1 hr timeout (fwd)
Hello all,
If you try to make a TCP connection to a host, and the host is down,
timeouts can be as long as an hour. This is not specific to ssh, or OS.
Is this a scenario worth working around, e.g. with a timer when
connecting or the like?
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems.
2002 Apr 18
3
privsep no user fatal message
Hello,
I updated the latest snapshot as RPM's to two of my systems. Basic stuff
seems to be working ok.
Privilege separation failed though, possibly because I didn't populate
/var/empty with PAM entries. Privsep might be a bit raw in any case, at
least for the portable.
FWIW, I came across error message 'sshd: no user' and had to scratch my
head a bit to figure out what it
2001 Apr 12
1
ssh's readconf.c debug() goes to /dev/null
Hi,
Related to:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.c.diff?r1=1.100&r2=1.101
It'd appear that logging in readconf.c:
---
debug("Applying options for %.100s", arg);
debug("Reading configuration data %.200s", filename);
---
Goes to /dev/null.
This is caused by the fact, that in ssh.c there is:
---
/*
* Initialize
2001 Feb 18
1
OpenSSH 2.3.0p1 protocol 2 problem with AIX
Hi,
Connecting from RHL7 with OpenSSH 2.3.0p1 or 2.5.0p1 to OpenSSH 2.3.0p1 on
AIX 4.3.1. Protocol 2 doesn't work if you specify 'Ciphers
rijndael128-cbc' or Ciphers 'aes128-cbc'.
sshd -d -d -d on the server shows _nothing_ about these connections.
I'm not sure if rijndael has been left out from sshd somehow, but
shouldn't the error message be a little more
2001 Jul 20
3
data loss with ssh -n
Hi,
Using OpenSSH 2.9p2 (2.5.2 was also bad), I've noticed data loss on
Linux when:
1) ssh -n flag is used, and
2) ssh jobs are run from cron (effectively causing the same as above).
What is done, is a command basically like:
ssh [-n] -c blowfish -p 722 -i rsakey -l pwget passwdserver passwd > passwd.tmp 2> /tmp/log
ie, retrieve dynamically created passwd-file from passwdserver
2001 Feb 17
2
exit code weirdness in fatal()
Hello all,
I came across the following with the latest snapshot (and previous):
(just trying to start sshd when it's already running)
# ./sshd -d
[snip]
socket: Invalid argument
debug1: Bind to port 22 on 0.0.0.0.
fatal: Cannot bind any address.
# echo $?
255
# ./sshd
# echo $?
0
with './sshd', the same fatal message is printed to syslog.
This seems critically wrong on systems
2002 Feb 27
2
PATCH: nroff detection wrong, by default uses mantype=cat
Hi,
Just tested the latest snapshot on RHL72 via building RPM's of it.
Nroff detection was wrong, and if no --with-mantype was specified, the
type would always revert to cat. This one-byter fixes it.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert
2000 Dec 27
2
implicit declaration warnings
Hi,
When I tested the latest snapshot on FreeBSD 4.2, I noticed some implicit
declaration warnings I didn't recall seeing on Linux.
I think this is caused by the fact that if autoconf does detect the
presence of some BSD capability, necessary header files and declarations
may not be included (as these are assumed to be the same ~everywhere, and
already included). If such capability is
2000 Dec 02
1
PATCH: Datafellows SSH misdetection in compat.c
Hello all,
All SSH/Datafellows versions don't match properly in compat.c. This
should be fixed in OpenBSD version, naturally. An example of this is:
debug: match: 2.1.0.pl2 SSH Secure Shell (non-commercial) pat ^2\.
The match should definitely be 2.1.0. This is caused by the fact that
a requisite space was added to the check when converting to regexp matching
on Oct 10; CVS Id 1.24:
2000 Dec 10
2
snapshot: ssh-keyscan problems
Hello all,
Tested the latest snapshot. ssh-keyscan seems to have gone in. :)
Two issues about it (patched):
1) the man pages aren't installed, only uninstalled
2) RH spec file (and the others no doubt..) won't include it.
General observations: for RSA keys only?, kinda obsoletes
contrib/make-ssh-known-hosts*.
--
Pekka Savola "Tell me of difficulties surmounted,