similar to: --with-ipv4-default and sshd IPv4/6 dual bind hack

Hello all, I'm using the attached patch. With it, if you add OPTIONS="-6" in /etc/sysconfig/sshd (this kind of sysconfig/<name> is a pretty normal RHL practice), then you can enable ipv4 and ipv6 on RHL without problems and without having to modify the init.d/sshd script. This or something like should IMO be added. Removing 'noreplace' from sshd_config

Hi, Running openssh-2.9p2 on Linux. If server is run with 'sshd -6' (to enable ipv6 easily on server end), ie all IPv4 are represented as mapped addresses, port forwarding will not work; just running plain ol' IPv4 fixes this of course. The server error, when forwarding from the client '143:localhost:143' and connecting to localhost 143 is: debug1:

Hello all, sshd configuration file options change from one release to another. If you forget updating sshd_config, sshd will not start. This is especially painful for update scripts etc. where you can't do e.g. 'sshd -p 2022' to see if it's okay. May I suggest some option, e.g. sshd -t, which would test config files and other obvious issues and return an errorcode if something

Hi, there is a cosmetic problem in openssh (all versions AFAIK): When you start sshd with no "ListenAddress" lines in sshd_config, it tries to bind address "::" (successfuly) and then "0.0.0.0" and it fails with "Address already in use". Moreover it can happen that "0.0.0.0" is in addr list sooner than "::" so sshd than will listen

whoops, not announce. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Thu, 7 Mar 2002 16:59:38 +0200 (EET) From: Pekka Savola <pekkas at netcore.fi> To: Markus Friedl <markus at

Hi, I'd like to bring this up again as there has been discussion about 2.4.0 patches. Getting something this big in would probably delay the release too much, but something similar should be considered for 2.5 then. A lot of people would like some control over port forwarding. Florian Weimer's patches (http://cert.uni-stuttgart.de/files/openssh/) are one, rather "big"

Hello all, OpenSSL 0.9.5a and 0.9.6 are incompatible, causing weird errors. I'd like to get a check for this in the RPMs. However, now I want to make sure whether anyone has experienced problems with RHL 0.9.5a OpenSSL libs vs. the 0.9.5a ones provided at openbsd.org? Ie: is it enough to check like '= 0.9.5a' or do you have to check '= 0.9.5a-xyz'. -- Pekka Savola

Hello all, Very recently, djm added compability patch so that aes/rijndael encryption problems could be avoided when talking to broken server/client; and you wouldn't have to toggle off the protocols yourself. Might this be a candidate for 2.5.2p2 or the like? This would be helpful when there are a lot of broken, 2.3.0 and like, systems. -- Pekka Savola "Tell me of

ChangeLog: 20010429 - (bal) Updated INSTALL. PCRE moved to a new place. - (djm) Release OpenSSH-2.9p1 However, OpenSSH 2.9p1 is not on the official FTP sites, at least yet? -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords

Hello, I updated the latest snapshot as RPM's to two of my systems. Basic stuff seems to be working ok. Privilege separation failed though, possibly because I didn't populate /var/empty with PAM entries. Privsep might be a bit raw in any case, at least for the portable. FWIW, I came across error message 'sshd: no user' and had to scratch my head a bit to figure out what it

Hello all, I just noticed that AllowHosts feature of SSH Inc's sshd isn't there in OpenSSH yet. Has anyone been working on this? Am I the only one that seems to miss this feature? AllowUsers and AllowGroups is a very nice feature though :) -- Pekka Savola "Tell me of difficulties surmounted, Pekka.Savola at netcore.fi not those you stumble over and

What is the expected behavior wrt ipv6 on Linux? My brother is trying to use sshd to bind to things and without '-6' on the commandline, it doesn't do any ipv6, even if 'ListenAddress ::' is listed in sshd_config. Also, with '-6', it receives ipv4 requests as well. This behavior is definately different from OpenBSD .. all addresses listed in sshd_config are used, and

Hi, In a mail about two weeks ago, I brought up an idea: --- How SSH makes this easier is that you only have to sync the authorized_keys2 database to root account's .ssh/ every time new admin comes in/leaves the house. This can even be automatized rather easily. A more modular hack would be using authorized_keys2 _directory_, and the keys in there would all be counted as authorized. Thus

Hello all, I came across the following with the latest snapshot (and previous): (just trying to start sshd when it's already running) # ./sshd -d [snip] socket: Invalid argument debug1: Bind to port 22 on 0.0.0.0. fatal: Cannot bind any address. # echo $? 255 # ./sshd # echo $? 0 with './sshd', the same fatal message is printed to syslog. This seems critically wrong on systems

Hi, Just tested the latest snapshot on RHL72 via building RPM's of it. Nroff detection was wrong, and if no --with-mantype was specified, the type would always revert to cat. This one-byter fixes it. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert

Damien-- Attached is a patch to contrib/redhat/sshd.init which eliminates the dependency on the success() and failure() functions from initscripts>=4.16. This allows sshd.init to be used for both early and recent releases of Red Hat Linux (i've confirmed it works on both 4.2 and 5.2 as well as 6.2). The patch also removes the 'Requires: initscripts >= 4.16' line from

Hi, When I tested the latest snapshot on FreeBSD 4.2, I noticed some implicit declaration warnings I didn't recall seeing on Linux. I think this is caused by the fact that if autoconf does detect the presence of some BSD capability, necessary header files and declarations may not be included (as these are assumed to be the same ~everywhere, and already included). If such capability is

No response yet, so resending. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Fri, 12 Oct 2001 09:44:54 +0300 (EEST) From: Pekka Savola <pekkas at netcore.fi> To: Damien Miller

Hello! Now that PrivSep stuff works for PAM too, I took the time to update contrib/redhat/openssh.spec to create the sshd user and set up the /var/empty dir when installing the packages. These have been done the Red Hat style, the uid/gif 74 is currently free in RHL. The only minor issues I could think of were: - I'm not sure if /var/empty should be owned by openssh-server package, but

Hi, Connecting from RHL7 with OpenSSH 2.3.0p1 or 2.5.0p1 to OpenSSH 2.3.0p1 on AIX 4.3.1. Protocol 2 doesn't work if you specify 'Ciphers rijndael128-cbc' or Ciphers 'aes128-cbc'. sshd -d -d -d on the server shows _nothing_ about these connections. I'm not sure if rijndael has been left out from sshd somehow, but shouldn't the error message be a little more