similar to: ssh through proxy (was: prng_cmds/init_rng() question/patch)

I have a need to provide ssh client binaries for use elsewhere on several platforms, some without /dev/random support. I can't assume that users will know how to install/run prngd or egd, so I was planning to rely on the builtin prng code. However this require the ssh_prng_cmds file to exist in a fixed location -- which would mean making binaries which either look for it in . or other

Before I actually implement the small changes needed to allow the location of ssh-rand-helper to be specified in the config file, I'd like to check that in doing so I won't be opening up a huge security hole. My brief reading of the code suggests that in entropy.c:seed_rng() the ssh-rand-helper is run as the original uid (for binaries which were setuid in the first place of course), so I

If people haven't seen it, there's a pretty nice Java SSH client called MindTerm: http://www.mindbright.se/mindterm/ One of the things they did is add some hacks to make FTP tunneling over SSH trivial. This client looks at the data being forwarded over port 21 (ftp control port), and looks for the FTP PORT and PASV commands used to establish

While messing with various tunnels it occured to me that there may be cases where some extra tunneling functionality would come in handy. I thought I better run it past the list before trying to implement a patch since the last 2 times I did this there was another way to get the effect I wanted with no code changes... Forwarding should not just be of AF_INET but (where available) AF_UNIX (ie

Sorry if I'm duplicating an existing patch, but... On systems with no seteuid() that have setreuid() there is an emulation, but if both are lacking (but we do have setresuid()), nothing is done. The following seems to be right, but I've only got one machine (running an ancient version of HP-UX) which needs this so it may not be general: --cut-here-- --- config.h.in.orig Thu Jun 7

Here is a quick patch against openssh-2.5.1p1 to add a new config option (pkalg) for the ssh client allowing the selection of which public keys are obtained/verified. --cut-here- diff -c3 -r orig/openssh-2.5.1p1/key.c openssh-2.5.1p1/key.c *** orig/openssh-2.5.1p1/key.c Mon Feb 5 18:16:28 2001 --- openssh-2.5.1p1/key.c Sun Mar 11 23:10:10 2001 *************** *** 534,539 **** --- 534,567 ----

Remote vulnerability in SSH daemon crc32 compensation attack detector ----------------------------------------------------------------------- Issue date: 8 February 2001 Author: Michal Zalewski <lcamtuf at razor.bindview.com> Contact: Scott Blake <blake at razor.bindview.com> CVE: CAN-2001-0144 Topic: Remotely exploitable vulnerability condition exists in most ssh daemon

https://bugzilla.mindrot.org/show_bug.cgi?id=1932 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> --- Set all RESOLVED bugs to CLOSED with release

When doing a simple configure of OpenSSh 2.5.2p2 on a Sparc running RedHat 6.0 I get: ... updating cache ./config.cache creating ./config.status creating Makefile sed: file conftest.s1 line 1: Unknown command: ``^'' creating openbsd-compat/Makefile sed: file conftest.s1 line 1: Unknown command: ``^'' creating ssh_prng_cmds sed: file conftest.s1 line 1: Unknown command:

I spent the last couple of hours trying to figure this out. We upgraded to sshd version OpenSSH_3.8.1p1 Debian and now "password" login no longer works... however keyboard-interactive login still works. the result of this is that while openSSH clients still function, ssh applications like MindTerm do not. here is the debug dump from the login session: Jun 25 21:47:50 m1

Dear Developers, I've released a patch against openssh-2.5.2p2. The patch adds heartbeat (keepalive) function to ssh(1), and watchdog timeout function to sshd(8). The watchdog timeout is intended to terminate user's processes as soon as possible after the link has been lost. http://www.ecip.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html The combination of the heartbeat and the

Hi, Here's a problem in openssh, some logs, and a very minor patch that cures this: Issue: (open)ssh client WILL NOT talk to F secure SSH-2.0-2.1.0pl2 client S/W version: openssh-2.3.0p1 client O/S version: SunOS 5.7 Generic_106541-11 sun4u sparc server S/W version: SSH-2.0-2.1.0pl2 server O/S version: SunOS 5.7 Generic_106541-11 sun4u sparc Log/Details: : % telnet <mymachine> 22

Hi, For the last few weeks I've been struggling to get openSSL/openSSH compiled and running under SunOS. Specfically, openssh-2.1.1p3: SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0. Compiled with SSL (0x00905820). on SunOS 4.1.4. Happily I can say there is only one small change so I'm not going to even try to generate all the associated noise you'd expect. The function

I am currently toying with various avenues for doing some secured file transfers from a javaland process. Realistically on the server side the thing I want is OpenSSH's sftp server. My question is, on the client side, how to get java to talk ssh2 secsh file xfer. Would a sane approach be to find the appropriate points of OpenSSH and turn it into a java library by liberal application of JNI,

In Debian 1.1, the optional DOSEMU package installs /usr/sbin/dos setuid root. This is a serious security hole which can be exploited to gain access to any file on the system. Package: dosemu Version: 0.64.0.2-9 ------- start of cut text -------------- $ cat /etc/debian_version 1.1 $ id uid=xxxx(quinlan) gid=xxxx(quinlan) groups=xxxx(quinlan),20(dialout),24(cdrom) [quinlan:~]$ ls -al

Hello all, All SSH/Datafellows versions don't match properly in compat.c. This should be fixed in OpenBSD version, naturally. An example of this is: debug: match: 2.1.0.pl2 SSH Secure Shell (non-commercial) pat ^2\. The match should definitely be 2.1.0. This is caused by the fact that a requisite space was added to the check when converting to regexp matching on Oct 10; CVS Id 1.24:

I'd like to know if anyone knows of any SSH clients with significant user bases (winscp2, putty, mindterm etc.) which lack support for keyboard-interactive authentication. DES -- Dag-Erling Smorgrav - des at ofug.org

Hi, I have hard figuring out what I did wrong ... On HPUX 11 I have compiled OpenSSH 2.9.2p2 with gcc 2.9 (taken from hp opensource server) and zlib also downloaded from hp. As long as I do passwd authentication everything work fine (I have used --with-pam), but if I tried publickey either in sshv1 or sshv2 authentication fails. I have tried a bunch of things but none worked so all

Another, er, quarter, another winetricks. Online as always at http://kegel.com/wine/winetricks or http://winezeug.googlecode.com Thanks to Austin English for taking on most of the work keeping winetricks up to date! (And apologies for my own slowness in doing another release.) Changes since 20090116: ------------------------------------------------------------------------ r491 |

Hi, So I screwed up when writing the support for the curve25519 KEX method that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left leading zero bytes where they should have been skipped. The impact of this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a peer that implements curve25519-sha256 at libssh.org properly about 0.2% of the time (one in every 512ish