similar to: Initial patch to implement partial auth with SSH2

Here is a new version of my partial auth patch against the April 24, 2001 CVS image. It fixes a couple of things (thanks to Karl M <karlm30 at hotmail.com>), and includes support for hostbased auth. It's still not pretty, but it works. 2 things Karl mentioned aren't fixed: - auth methods are still hard-coded into servconf.c. Fixing this would require a lot of work, and all the

Greetings, When PasswordAuthentication no + PermitEmptyPasswords yes SSH2 allows access to a passwordless account without a valid key. This is my patch: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ wormhole# diff -u auth2-none.c.old auth2-none.c --- auth2-none.c.old Thu Jul 17 06:23:24 2003 +++ auth2-none.c Thu Jul 17 06:44:42 2003 @@ -100,7 +100,9 @@ if (check_nt_auth(1,

HI! I would like to introduce new patch which adds new config option "AuthOrder2" to sshd_config. I would like to say that I only modyfied the patch made by Carson Gaspar. If you want to know more about this patch see thread at: http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98577021011067&w=2 I will appreciate any feedback from you. This patch is against 3.1p1. BTW:

Hi, the following patch fixes a potential security hole in the Cygwin version of sshd. If you're logging in to a Cygwin sshd with version 2 protocol using an arbitrary user name which is not in /etc/passwd, the forked sshd which is handling this connection crashes with a segmentation violation. The client side encounters an immediate disconnect ("Connection reset by peer").

Greetings, Problem : Openssh3.6.1p2 on UnixWare 7.1.1 allows access to passwordless account without a valid key when sshd_config has PasswordAuthentication no + PermitEmptyPasswords yes Attempts: Installed maintence pack3 and recompiled both OpenSSH and OpenSSL (0.9.7b) with native c compiler. Recompiled both OpenSSH and OpenSSL (0.9.7b) with gcc (2.95.2). Still the same problem. Looking at

----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's

* --> SIP --> CISCO --> PRI --> PSTN The PSTN sees no callerid. *---> PRI[zaptel]--> PSTN Callerid is there... which makes me think it's the cisco, not the PRI/PSTN/telco. CISCO PRI--> * PRI [zaptel] Callerid IS there... which makes me shake my head in disbelief, because * can see clid from the cisco pri, but pstn doesn't... but when * sends info on that pri,

When comparing SSH 1.2.27 with OpenSSH 2.5.1 I see that the SecurID code/patch is not in OpenSSH 2.5.1. I'm not sure how or why that happened. Upon looking through the OpenSSH 2.5.1 source, I think I could fairly easily provide a 'SecurID Authentication Method' patch (which would rely on -DHAVE_SECURID, -I/blah/securid/include, and -L/blah/securid/lib... /blah/securid being a

Hi, the following patch removes some of the Cygwin specific code from OpenSSH. Since Cygwin is able to change the user context on NT/W2K even without a password since the new Cygwin version 1.3.2, there's no need anymore to allow changing the user context only if the sshd user is the same user as the one which logs in or when a password is given. For that reason the whole function

A while back, I sent in a patch that added Digital Unix SIA authentication to OpenSSH. Well, I just figured out that it didn't handle everything correctly (locked accounts could still log in). I thought I had checked that, but I guess I missed it. Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator

would it be possible to get another beta gem posted for switchtower? core rails has been getting nice regular updates to the beta gems, but switchtower is still back at 1962.

Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /*

Hi, as it turned out on the Cygwin mailing list, the special handling of empty password in auth-passwd.c when running under Windows NT results in problems. Cause: The authentication methode "none" calls auth_password() with an empty password. A piece of HAVE_CYGWIN code allows empty passwords even if PermitEmptyPasswords is set to "no". This in turn results in calling

Hi All, While testing another patch, I found that I could not longer log in as root, even if PermitRootLogin was yes. It seems to be the following code in auth_password: $ cvs diff -r1.48 -r1.49 auth-passwd.c [snip] #ifndef HAVE_CYGWIN - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + if (pw->pw_uid == 0 && options.permit_root_login !=

Hi, I'm writing a checkpassword script in order to support our OTP token as a fallback for client certificate authentication. Here are two questions: 1) It seems to me that the username and the password will be delivered to my script both on file descriptor 3 and via the environment variables AUTH_USER and AUTH_PASSWORD. May I ignore file descriptor 3 and use the environment variables or may

BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's authentication library. However, BSDI's patches have several problems: 1. They don't run the approval phase, so they can allow users to login who aren't supposed to be able to. 2. They don't patch configure to automatically detect the BSDI auth system, so they're not ready to use in a general portable

Finally all the pieces are in place to allow strong user and host authentication with SSH2 and the latest OpenSSH code (plus my partial auth patch). Herein I describe one problem case, and a possible solution thereof. Target: Allow user logins from host charles to host steve using passwords Previously, you would have had to trust the IP headers to authenticate charles. If charles had a

On 12/02/15 18:42, soonerdave wrote: > I'll certainly give that a try this evening, Rowland. Thank you for the > suggestion and review. > > What concerns me about the wbinfo issue on the existing PDC is that there's > really no rationale for it *not* to work. Almost makes me wonder if there's > some red herring at hand, a mismatched library (granted the failure would

On Thu, September 29, 2016 09:57, Charish Patel wrote: > If you mean regular Microsoft AD, the reason is simple: cost. > Management sadly does not want to shell out the money for it. > We went to Samba for the simple reason that we could not figure out how much the licensing costs would be to upgrade our ancient W2KAS domain controller. Back in the day Microsoft shipped access licences

Hi, attached is a patch which solves the following problem: Sometimes scp could hang in Cygwin when used as remote end using the -t option. This is due to a binmode/textmode problem which could be raised by the login shell which is used by the user and it's setting of textmode on stdin. The patch solves that problem by explicitly setting binmode on stdin. Besides solving the hanging