similar to: kbd-int messages after 3 wrong passwords

whoops, not announce. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Thu, 7 Mar 2002 16:59:38 +0200 (EET) From: Pekka Savola <pekkas at netcore.fi> To: Markus Friedl <markus at

Hello all, OpenSSL 0.9.5a and 0.9.6 are incompatible, causing weird errors. I'd like to get a check for this in the RPMs. However, now I want to make sure whether anyone has experienced problems with RHL 0.9.5a OpenSSL libs vs. the 0.9.5a ones provided at openbsd.org? Ie: is it enough to check like '= 0.9.5a' or do you have to check '= 0.9.5a-xyz'. -- Pekka Savola

Hello all, If you try to make a TCP connection to a host, and the host is down, timeouts can be as long as an hour. This is not specific to ssh, or OS. Is this a scenario worth working around, e.g. with a timer when connecting or the like? -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems.

No response yet, so resending. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Fri, 12 Oct 2001 09:44:54 +0300 (EEST) From: Pekka Savola <pekkas at netcore.fi> To: Damien Miller

Hi, Related to: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.c.diff?r1=1.100&r2=1.101 It'd appear that logging in readconf.c: --- debug("Applying options for %.100s", arg); debug("Reading configuration data %.200s", filename); --- Goes to /dev/null. This is caused by the fact, that in ssh.c there is: --- /* * Initialize

Hello all, I just found a bug a nice bug that can be turned into a real feature on systems (usually Linux) that are built with --with-ipv4-default. If you enable IPv6 in kernel, and enable both listenaddress 0.0.0.0 and ::, sshd will error out 'address family not supported'. However, you can work around this error by starting sshd with 'sshd -4 -6'. As far as man page is

Hello all, Is it just me or is 'scp user at host1 user at host2' broken (if the server asks you for the password)? 1) [password required] >From OpenSSH 2.5.1p1 -> OpenSSH 2.5.1p1 -> OpenSSH 2.3.0, I get like: > scp pekkas at xxx:~/*.patch psavola at yyy:~/temp/ psavola at xxx's password: You have no controlling tty. Cannot read passphrase. lost connection 2)

Hello all, sshd configuration file options change from one release to another. If you forget updating sshd_config, sshd will not start. This is especially painful for update scripts etc. where you can't do e.g. 'sshd -p 2022' to see if it's okay. May I suggest some option, e.g. sshd -t, which would test config files and other obvious issues and return an errorcode if something

Hi, I'd like to bring this up again as there has been discussion about 2.4.0 patches. Getting something this big in would probably delay the release too much, but something similar should be considered for 2.5 then. A lot of people would like some control over port forwarding. Florian Weimer's patches (http://cert.uni-stuttgart.de/files/openssh/) are one, rather "big"

Hello all, Very recently, djm added compability patch so that aes/rijndael encryption problems could be avoided when talking to broken server/client; and you wouldn't have to toggle off the protocols yourself. Might this be a candidate for 2.5.2p2 or the like? This would be helpful when there are a lot of broken, 2.3.0 and like, systems. -- Pekka Savola "Tell me of

Hello all, I'm using the attached patch. With it, if you add OPTIONS="-6" in /etc/sysconfig/sshd (this kind of sysconfig/<name> is a pretty normal RHL practice), then you can enable ipv4 and ipv6 on RHL without problems and without having to modify the init.d/sshd script. This or something like should IMO be added. Removing 'noreplace' from sshd_config

ChangeLog: 20010429 - (bal) Updated INSTALL. PCRE moved to a new place. - (djm) Release OpenSSH-2.9p1 However, OpenSSH 2.9p1 is not on the official FTP sites, at least yet? -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords

Hi, Running openssh-2.9p2 on Linux. If server is run with 'sshd -6' (to enable ipv6 easily on server end), ie all IPv4 are represented as mapped addresses, port forwarding will not work; just running plain ol' IPv4 fixes this of course. The server error, when forwarding from the client '143:localhost:143' and connecting to localhost 143 is: debug1:

Hello, I updated the latest snapshot as RPM's to two of my systems. Basic stuff seems to be working ok. Privilege separation failed though, possibly because I didn't populate /var/empty with PAM entries. Privsep might be a bit raw in any case, at least for the portable. FWIW, I came across error message 'sshd: no user' and had to scratch my head a bit to figure out what it

Hello all, I came across the following with the latest snapshot (and previous): (just trying to start sshd when it's already running) # ./sshd -d [snip] socket: Invalid argument debug1: Bind to port 22 on 0.0.0.0. fatal: Cannot bind any address. # echo $? 255 # ./sshd # echo $? 0 with './sshd', the same fatal message is printed to syslog. This seems critically wrong on systems

Hi, Just tested the latest snapshot on RHL72 via building RPM's of it. Nroff detection was wrong, and if no --with-mantype was specified, the type would always revert to cat. This one-byter fixes it. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert

Hello all, All SSH/Datafellows versions don't match properly in compat.c. This should be fixed in OpenBSD version, naturally. An example of this is: debug: match: 2.1.0.pl2 SSH Secure Shell (non-commercial) pat ^2\. The match should definitely be 2.1.0. This is caused by the fact that a requisite space was added to the check when converting to regexp matching on Oct 10; CVS Id 1.24:

Hello all, Tested the latest snapshot. ssh-keyscan seems to have gone in. :) Two issues about it (patched): 1) the man pages aren't installed, only uninstalled 2) RH spec file (and the others no doubt..) won't include it. General observations: for RSA keys only?, kinda obsoletes contrib/make-ssh-known-hosts*. -- Pekka Savola "Tell me of difficulties surmounted,

Hi, Earlier, there were some talks about a pending 2.4.0 release. Apparently that didn't happen ;-). Are there any new plans for a new release any time soon? -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords

Hello all, Just tested sftp for the first time. Looks neat, thanks for the work :-) However, there's still some stuff to be done before ftp can be thrown into the garbage bin and never taken out again, for example: - file name globbing with e.g. 'get' - tab completion with get etc. - ability to pass parameters to 'ls', e.g. 'ls -t' (I'm not sure if the