similar to: Problem with tcp_wrappers

Hi, attached is a patch by Chris Faylor <cgf at cygnus.com> relative to 2.2.0p1. Description: OpenSSH does not allow port gatewaying by default. This means that only the local host can access forwarded ports. Adding "GatewayPorts yes" to .ssh/config usually does this job. Unfortunately, OpenSSH does not recognize the same hosts.allow/ hosts.deny options as ssh.com's sshd

Parsing bug was discussed here: <http://lists.alioth.debian.org/pipermail/nut-upsuser/2010-September/006230.html> Parsing bug summary ------------------- working /etc/hosts.allow: upsd 127.0.0.1 [::1] : ALLOW broken in /etc/hosts.allow: upsd localhost : ALLOW It looks like upsd originally intended to match nut username with system username? This is not the case now. This causes

(I'm not subscribed to the list, please Cc me on replies). We have configured sshd to listen on port 80 for some of our users who are behind sufficiently paranoid firewalls. However, others are now confused since they're expecting a web server on port 80. So, I created a small patch (just as proof-of-concept so far), that determines the type of client connecting. A web client will start

While looking for leaks I came across two old packet APIs which are easy to remove. I'm sending patches for each separately. First, there is the packet_set_connection(int fd_in, int fd_out) function in opacket.c The function relies on a behavior in ssh_packet_set_connection() where, when it is passed a NULL pointer, it will implicitely allocate a struct ssh and return it after then set

It appears that openssh has inherited the dos attack that ssh is susceptible to. This has been discussed on Bugtraq (see http://securityportal.com/list-archive/bugtraq/1999/Sep/0124.html for the thread). There does not appear to be an official for ssh. Attached below is a simple, proof of concept, patch that adds a MaxConnections to sshd_config that sets the maximum number of simultaneous

On 21/01/20 8:44 pm, Damien Miller wrote: > On Tue, 21 Jan 2020, Philipp Marek wrote: > >>> This makes me think that the syslog approach is probably the way to go >> >> Yeah, right. >> Another idea is to mirror the current preauth load via setproctitle()... >> That makes that data accessible even without a syscall (at least the >> writing of the

http://bugzilla.mindrot.org/show_bug.cgi?id=948 Summary: high CPU in sshd after tcp_wrappers deny Product: Portable OpenSSH Version: 3.9p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=294 ------- Additional Comments From ktaylor at daac.gsfc.nasa.gov 2002-06-26 00:53 ------- This is what's reported in the syslog from openssh-2.9.9p2 - with an ip address range listed in hosts.allow Jun 25 10:50:08 6D:server sshd[30123536]: Failed keyboard-interactive for ktaylor from xxx.xxx.xxx.xxx port 40333 ssh2 Jun 25 10:50:13 6D:server

This isn't related to the snapshot, but mention of it reminded me to submit these changes. I added a few things, and made a couple small changes; here's a list of what the patch includes: - adds a "-1" argument to ssh and ssh.1 to force protocol1, similar to the existing "-2" argument. - adds "-1" and "-2" to scp and scp.1 as well. - adds

Hi! Here is the patch to support tcp wrappers with x11-forwarded connections. The patch is for openssh-3.0.1p1 but it works fine with 2.9.9p2 too. I've understood that this will not be included in the official version because it adds complexity (?!) to openssh. Binding the forwarded port to localhost doesn't solve all problems. I've understood that you should also implement

Hi, I''m running into something weird here. I''m using RH5.1 with tcp_wrappers 7.6. The syntax for hosts.allow and hosts.deny is: <service list> : <access list> [ : <shell_command> ] Everything works when I _don''t_ use the shell_command. I used the _exact_ line as in the man-pages utilising "safe_finger" (comes with tcp_wrappers), tcpdchk

Hello, I just upgraded my nut 2.2.1 setup to 2.4.1. The "upsdrvctl shutdown" command now works using a APC Backup-UPS CS350 via USB. Great! The removed ACL/allowfrom functionality can be replaced by tcp_wrappers. Unfortunately there isn't much documentation about the migration. First you have to compile nut with "--with-wrap". I have a special "nutadmin"

Most certainly YES!!! Next to iptables tcp_wrappers is a solid seconde line of defense. The argument that is is no longer developped is rubbish. The package does what is should do, functionality isexactly what it should be and it is bug free. Also it is flexible enough to do other tricks with it like spawning something depending on the ip address the incoming connection is coming from. It is a

Hi, I've just started using Dovecot (v1.1.14), and I'm noticing a lot of dictionary attacks. I searched through the documentation and the mailing list archives hoping to find support for tcp_wrappers (hosts.deny) support. I did find some suggested patches in the list from last year, but as far as I can tell, there is no support in the released versions. Is this implemented and

I have a few patches for AIX. The patchfile is attached below. The patch has been tested on AIX4.2 and AIX4.3. The patch is on openssh-1.2.1pre25, with openssl-0.94, using RSAref. 1) authenticate support - this function allows the system to determine authentification. Whatever the system allows for login, authenticate will too. It doesn't matter whether it is AFS, DFS, SecureID, local.

Hi, I have a problem with the extern declarations of optarg, optind, etc. We're currently moving getopt from being a statically linked function to a dynamically linked function as part of the Cygwin DLL. On Windows, this requires to generate special symbols (__imp__optarg, etc.), which is done by marking the exported variables in the corresponding header. Instead of extern char *optarg;

Hello Steve, Hello OpenSSH-portable developers, I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe operating system, and I noticed you do the same for OS/390. Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2 or some such), I thought it was fair enough to help with a little co-operation; we might come up with a unified EBCDIC patch which could be contributed to

this patch adds a LogFile option to sshd_config. it just logs messages directly to a file instead of stderr or syslog. the largest change is an additional argument to log_init() in log.c for the log file name (and then changes to the rest of the tools to add a NULL arg). galt -------------- next part -------------- diff -urN openssh-3.5p1-orig/log.c openssh-3.5p1/log.c ---

I was under the impression it was just compatibility, and not actually built-in, but I thought I'd ask here and just make sure of what I'm saying. :) TIA. -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin at coremetrics.com "It is the part of a good shepherd to shear his flock, not to skin it." Latin Proverb -------------- next part

http://bugzilla.mindrot.org/show_bug.cgi?id=948 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |http://www.aet.tu- | |cottbus.de/rt2/Ticket/Displa |