Displaying 20 results from an estimated 600 matches similar to: "Patch for system-wide default environment"
2001 Mar 14
1
/etc/default/login patch?
Would anybody happen to have or know of a patch to make /etc/default/login
PATH and SUPATH the default openssh path? We have customized paths for each
school of engineering (each have their own customized site bin). This is
easily controled with /etc/default/login. The --with-default-path option
is too rigid. This is Solaris I am talking about.
--mike
2002 Jul 25
3
[PATCH] prevent users from changing their environment
We have a system on which users are given a very restricted environment
(their shell is a menu) where they should not be able to run arbitrary
commands. However, because their shell is not statically linked, ld.so
provides a nice clutch of holes for them to exploit. The patch below
adds a new configuration option to sshd which quashes their attempts
to set LD_PRELOAD etc. using ~/.ssh/environment
2000 Aug 13
1
Patches for openssh port forwarding
Hi !
I hacked together a couple of patches for Openssh 2.1.1p4 port forwarding.
It is a one patch file that does the following two things:
First:
If the server is configured not to allow port forwardings it sends
SSH_SMSG_FAILURE (protocol 1) while openssh client expects SSH_SMSG_SUCCESS.
When the client gets the failure it exists with protocol error message.
This patch will accept both failure
2000 Aug 25
1
[patch] configurable ssh_prng_cmds
The following patch against openssh-SNAP-20000823 allows to override the
compile-time "ssh_prng_cmds" file at run time by adding new options to the
server and client configurations. (We move binaries around a bit, and this was
the only absolute path that couldn't be fixed at run-time).
Regards
Jan
diff -ur openssh-SNAP-20000823.orig/entropy.c openssh-SNAP-20000823.new/entropy.c
2000 Oct 24
2
feature request & patch submit: chroot(2) in sshd
Hello,
whereas most people take passwd/shadow/ldap/<whatever> as the place where
decision on a chrooted environment / sandbox for certain users is met (just
set the given usershell appropriateley), I needed a somewhat different
approach. Below is a tiny patch to 2.2.0p1 which enhances the sshd-config
by two options and, when set, places all users / users of a certain group
immediately in
2001 Mar 03
0
[PATCH] PrintLastLog option
Some time ago, Ben wrote about a PrintLastLog patch:
> If the person who originally submitted it wants to write a complete
> patch and submit it. Then we would be happy to debate if it will be
> included.
Well, here it is, because: "You Asked For It!"
PS: I'm tired of maintaining my own version of Debian's ssh just to
have this option available, so I hope you find
2002 Aug 13
1
[PATCH] global port forwarding restriction
Here's another patch for people providing ssh access to restricted
environments.
We allow our users to use port forwarding when logging into our mail
servers so that they can use it to fetch mail over an encrypted channel
using clients that don't support TLS, for example fetchmail. (In fact,
fetchmail has built-in ssh support.) However we don't want them connecting
to other places
2003 Jan 29
0
[PATCH] features for restricted shell environments
The patch below implements a couple of features which are useful
in an environment where users do not have a regular shell login.
It allows you to selectively disable certain features on a
system-wide level for users with a certain shell; it also allows
you to control and audit TCP forwarding in more detail.
Our system is an email server with a menu for the login shell;
we selectively allow port
2002 Jul 04
4
Chroot patch (v3.4p1)
The following is a patch I've been working on to support a "ChrootUser"
option in the sshd_config file.
I was looking for a way to offer sftp access and at the same time restict
interactive shell access. This patch is a necessary first step (IMO).
It applies clean with 'patch -l'.
Also attached is a shell script that helps to build a chrooted home dir on
a RedHat 7.2
1999 Nov 20
1
openssh and DOS
It appears that openssh has inherited the dos attack that ssh is
susceptible to. This has been discussed on Bugtraq (see
http://securityportal.com/list-archive/bugtraq/1999/Sep/0124.html
for the thread). There does not appear to be an official for ssh.
Attached below is a simple, proof of concept, patch that adds a
MaxConnections to sshd_config that sets the maximum number of
simultaneous
2013 Jan 31
2
OpenSSH NoPty patch
Hey everyone,
I wanted to add support for denying PTY allocation through OpenSSH. I'm
not certain if this is quite thorough enough for all cases, but for me
it might work for the moment.
I know that you can currently do this through authorized_keys, but as
far as I know that only works for an actual key. In my use case, I
wanted a user with no password which is forced to run a specific
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
A short while ago, I looked at using the AllowUsers configuration option
in openssh (v3.8p1 , but I believe this to be unchanged in 3.9p1) to
restrict access such that only specific remote machines could access
specific local accounts.
I swiftly discovered that
a) specifying wildcarded IP numbers to try to allow a useful IP range
was pointless: if I specified
AllowUsers joe at
2000 Aug 23
1
Protocol 2 remote forwarding patch
Hi !
Here's a patch to add remote port forwarding support (protocol 2) for
openssh. I have tried to test that it works like it should but a more
thorough testing is needed. This patch adds both client/server support.
The patch should be applied to openssh-2.1.1p4 source tree.
Also included is a PortForwarding sshd_config option, new ./configure
option --disable-forwarding that should make it
2002 Feb 12
0
[Patch] Xauthority file in /tmp
This issue has been discussed here and elsewhere a fair bit in the past
year or so, but to re-address the issue...
As of OpenSSH 2.9.something the ability to have an Xauthority located in
/tmp was removed, with the following description in the ChangeLog :
- markus at cvs.openbsd.org 2001/06/12 21:21:29
[session.c]
remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
Hello,
appended is a patch that makes it possible to use PAM both for
password authentication and TIS (i.e. s/key or opie or any other
interactive challenge/response scheme). I have developed this starting
from the patch at http://www.debian.org/Bugs/db/61/61906.html on
Debian with openssh-2.1.1p4-3. After configuring ssh with
--with-pam-tis, there are two PAM services, "sshd" and
2002 May 29
2
[PATCH] Add config option disabling drop_connection() behavior
The patch below (against openssh 3.2.3p1) adds a
CheckMaxStartups option, defaulting to yes, to determine whether sshd
calls drop_connection().
The motivation behind this is twofold. In our environment, our
timesharing machines get enough incoming connections that will trigger
spuriously with the default value (10 forked unauthenticated
connections) as well as some significantly higher values,
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2000 Aug 11
1
OpenSSH Questions
Heya,
I'm trying to convince my company to use OpenSSH instead of the commercial SSH version. I need a little help:
1. What features does OpenSSH offer over commercial SSH (besides being free and open source of course)?
2. Our lawyers want details on the licensing / patents stuff. I have the high level details from the OpenSSH page. I need the nitty gritty like RSA patent# and
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi,
sorry if it is the wrong approuch to suggest improvments to OpenSSH,
but here comes my suggestion:
I recently stumbled upon the scponly shell which in it's chroot:ed form is
an ideal solution when you want to share some files with people you trust
more or less.
The problem is, if you use the scponlyc as shell, port forwarding is still
allowed. This can of course be dissallowed in
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the