similar to: Handling of failed connect()s when ssh-agent is busy

The idea behind this change is to add support for different "ssh-agents" being able to run at the same time. It does not change the current behaviour of the ssh-agent (which will set SSH_AUTH_SOCK just for itself). Neither does it change the behaviour of SSH_AGENT_PID (which still supports only one pid). The new implementation will go through the list of sockets (which are separated by a

I have renamed all of the patch files to .txt, which should be acceptable for the mailer daemon at mindrot, per Angel's suggestion. I am attaching the patch files to the email, with the extra space removed and a minor correction made. Bill Parker (wp02855 at gmail dot com) -------------- next part -------------- --- port-linux.c.orig 2012-12-19 17:40:53.231529475 -0800 +++ port-linux.c

Hello All, In reviewing source code for OpenSSH-6.1p1, I found instances of deprecated library calls still within various source code files. Examples of deprecated calls are: bzero() (replaced with memset() which is ANSI compliant), index() (replaced with strchr() which is also ANSI compliant). In file 'auth2-jpake.c', I've replaced all the bzero() calls with the equivalent

Hi, I'm trying to compile openssh2.3.0p1 on aix3.2.5. Can I ignore this list of warning messages? bsd-bindresvport.c: In function `bindresvport_af': bsd-bindresvport.c:94: warning: implicit declaration of function `bind' bsd-rresvport.c: In function `rresvport_af': bsd-rresvport.c:64: warning: implicit declaration of function `bzero' bsd-rresvport.c:82: warning: implicit

I mentioned this problem in a previous post (in November). This time I'm including a patch. Version: OpenSSH_2.3.0p1 Keywords: setsockopt keepalive hang masquerade interactive Symptom: For protocol 2, socket options (especially keepalive) are not being properly set for OpenSSH_2.3.0p1, even when request in the config files. Furthermore (for either protocol), keepalive is only set for

The attached patch should solve the following problem: ssh-agent creates a temporary directory under /tmp with '600' permissions. The actual socket file is created in that dir using the default umask. That's no problem in U*X systems since nobody but the owner of the directory can read the socket file. Unfortunately, Windows has a user privilege called "Bypass traverse

Yesterday I posted a problem report with some diagnostics. I seem to have found a solution on my own and provide a patch here. [I didn't post this as a follow-up because nobody responded to my original post and I wanted to make sure someone reads at least this one.] The patch makes the winbind client (libnss_winbind.so) code more robust. Consider the following fragment of broken

http://bugzilla.mindrot.org/show_bug.cgi?id=711 Summary: 3.7.1p2 does not compile on redhat 5.1 Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy:

The OpenSSH and ssh.com agents use a completely different set of messages for dealing with DSA keys, so I don't expect the OpenSSH client to be able to get DSA keys from ssh-agent2. However, if I'm running "ssh-agent2 -1", I expect OpenSSH to be able to use RSA keys stored in ssh-agent2's agent1 compatibility box. And it does. However, there's a problem. If I'm

I don't remember what we did to fix this last time, and I've had to rebuild my system completely from scratch over the past few days, so dont' have past patches to work from ... new-relay:/usr/slocal/src/openssh-1.2pre15> make gcc -g -O2 -Wall -I/usr/slocal/include -DETCDIR=\"/usr/local/etc/ssh\" -DSSH_PROGRAM=\"/usr/slocal/bin/ssh\" -DHAVE_CONFIG_H -c

Hi, we were modifying old SELinux rules for dovecot 2.0. Everything seems ok, only one report seems odd: "SELinux is preventing /usr/sbin/dovecot "write" access on dovecot.conf." Looking at strace output, dovecot tries to use socket on /etc/dovecot/dovecot.conf which is regular file and no socket: ... geteuid() = 0 getegid()

Hi folks, (3rd time I am sending this message, none of the other appear to have made it through!) Using "OpenSSH_6.9p1 Ubuntu-2ubuntu0.1, OpenSSL 1.0.2d 9 Jul 2015" on the server, "OpenSSH_7.2p2, OpenSSL 1.0.2g 1 Mar 2016" on the client. I am trying to use sshtunnel with StreamLocal forwarding to enable me to connect back to the client's ssh port, without having to

Engine keys are keys whose file format is understood by a specific engine rather than by openssl itself. Since these keys are file based, the pkcs11 interface isn't appropriate for them because they don't actually represent tokens. The current most useful engine for openssh keys are the TPM engines, which allow all private keys to be stored in a form only the TPM hardware can decode,

Op 20/12/2018 om 18:09 schreef Ludovic Pouzenc: > Hi, > > I hit a bizare problem with dovecot 2.2.7 on debian 9 with LMTP enabled and auth/penalty disabled as documented here : > https://wiki.dovecot.org/Authentication/Penalty > > Use case : I run a swaks command to send an email to an exim4 that tries to make a callout to dovecot-lmtp. > At RCPT TO: swaks hangs

FYI. Maybe ppl with access to Solaris can look at this. Niels. From: mark at salfrd.ac.uk (Mark Powell) Newsgroups: comp.security.ssh Subject: Re: openssh on a non-PAM system? Date: 6 Dec 1999 14:10:21 -0000 Message-ID: <82gg4d$15ta$1 at plato.salford.ac.uk> In article <x7zovrqhrv.fsf at bombadil.nic.net>, Dan Lowe <dan at bombadil.nic.net> wrote: >mark at salfrd.ac.uk

For those following the portable CVS tree.. I'd suggest holding off for a day or so unless you really want to get dirty. I just commited 32 patches from the OpenBSD tree, but have not worked out all the issues (due to Linux brain damage <sigh..Faster OpenBSD gets SMP..the happer I'll be>). The two things that need to be finished integrated in the configure.in is KRB5 and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just uploaded 1.2pre13 to http://violet.ibs.com.au/openssh/ Imporant changes: - - Fixes a single-byte buffer overrun in the PAM code. - - Quite a bit more Solaris support. EGD should work now (please test). - - Lots more autoconf options to enable Kerberos, AFS, TCP Wrappers and S/Key (all untested). - - MD5 passwords for Slackware Linux

Hi, The code definitely attempts to unlink any old listener beforehand (see misc.c:unix_listener()) so I don't understand why that isn't being called. You might try simulating your configuration using sshd's -T and -C to make sure the flag is correctly being set. Could chroot be interfering? Some platforms implement additional restrictions on devices and sockets inside chroot. -d

Hi, I am trying to get ipv6 firewall running. I did a very simple ip6tables rules and noticed very long running yum updates. I think that happened because firewall is dropping outgoing packets to port 80. Well, I thought to mitigate the issue and changed outgoing from drop to reject. Now I try manually # strace telnet 2a02:180:ffff:1::551f:b966 80 ... connect(3, {sa_family=AF_INET6,

G'day.. I'm trying to compile samba with the expsam=mysql. but it gives back an error: sswitch/wb_common.c: In function winbind_named_pipe_sock': nsswitch/wb_common.c:136: storage size of `sunaddr' isn't known make: *** [nsswitch/wb_common.o] Error 1 mysql is working fine so no probs there.. even without-winbind compilation it keeps rerturning... got a idea ?? Collen