similar to: user:style

On Sun, 29 Apr 2001, RJ Atkinson wrote: > At 06:26 27/04/01, Tom Wu wrote: > >For those of you who were following the discussion about the new draft > >and implementation of SRP-based password authentication in OpenSSH, I > >promised to have Stanford issue the IETF an official, explicit, > >statement reiterating the unencumbered royalty-free licensing terms. > >The

This is to announce the availability of SRP (Secure Remote Password) support for OpenSSH. A tarball is available on Tripod: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/openssh-2.5.2p2-srp5.tar.gz (Note: Tripod requires you to LEFT click on links to download files.) To install, unpack, configure --with-srp, and make install, then create an

The way things are now, input_userauth_request() calls the authmethod, and then does a bunch of checks, like the special case for root. If an authmethod requires a challenge-response conversation, these checks are skipped, unless they are duplicated by the authmethod. For example, in auth2-chall.c, some of the code is duplicated (logging, sending the reply), but the root special case is skipped.

The latest snapshot (20020324) fails to compile here. Linux 2.4.18-rc1 Alpha The first messages are: monitor_wrap.c: In function `mm_request_receive': monitor_wrap.c:91: warning: int format, different type arg (arg 3) monitor_wrap.c:100: warning: int format, different type arg (arg 3) which have to do with fatal() calls and int not being the same as ssize_t... But the next one is the

Does anybody use openbsd-compat/vis.c? Not at the moment I think: % find . -name '*.[ch]' -exec grep -l "vis *(" {} \; ./openbsd-compat/vis.c ./openbsd-compat/vis.h % find . -name '*.[ch]' -exec grep -l VIS_ {} \; ./includes.h ./openbsd-compat/vis.c ./openbsd-compat/vis.h The reason I ask is, AT&T's graphviz package includes a vis.h, and when I try to compile

In message <Pine.LNX.4.30.0104031615270.8678-100000 at holly.crl.go.jp>, Tom Holro yd writes: >SRP has different requirements from Diffie-Hellman. In particular, >for SRP the generator must be primitive. It turns out that the "primes" >file contains only safe primes with primitive generators, and is thus >ideal for SRP, but so far in OpenSSH it has only been used for

Correct me if I'm wrong, but init_rng() in entropy.c doesn't call seed_rng(), and in fact seed_rng() isn't called from _anywhere_ (in openssh-2.5.1p2). So calls to BN_rand() only pick up the tiny/non-existent amount of entropy added by BN_rand() itself from the system clock (time in seconds). Shouldn't seed_rng() be called from init_rng()? It should be called from _somewhere_,

This is the 2nd beta release of SRP for OpenSSH. The patch attached to this message is relative to the current (20010411) CVS sources of OpenSSH-portable (2.5.4p1). A tarball is also available: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/openssh-2.5.4p1-srp6.tar.gz (Note: Tripod requires you to LEFT click on links to download files, and

I have uploaded a new release of the OpenSSH (portable) SRP patch. This version is vs. the 20010625 openssh_cvs; there are no other changes. You can find it here: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/OpenSSH-srp9.tar.bz2 http://members.tripod.com/professor_tom/archives/OpenSSH-srp9.patch.bz2 The tarball is the whole thing with the

This is a Linux/Alpha system, with AT&T's graphviz suite installed. gcc -O2 -Wall -I. -I. -I/usr/local/ssl/include -DETCDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -DHAVE_CONFIG_H -c atomicio.c In file included

Hello - got a small wishlist item here: The currently available LogLevel settings (according to the man page) are: QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG. Using "INFO" causes messages about RSA key re-generation to appear in the auth logs. However using the next-lower LogLevel of "ERROR" causes client IP and port to not be reported in the auth logs. I was hoping for

fyi http://wwwcip.informatik.uni-erlangen.de/~msfriedl/openssh/TODO

Recently we made somemajor changes to do_child() in OpenSSH -current. Those changes included splitting it up into smaller chunks to help with readability and also to extract out IRIX and AIX specific code to reduce the number of lines in our diffs against the OpenSSH tree. I need people to do some testing on different platforms to ensure that all the right #ifdef/#endif bits got put back in

Hello, There has been an annoyance with OpenSSH that has been bugging me lately. It pays no attention to pw_change and pw_expire fields from the passwd file for users by default. Thus even if the admin has set a user's account to expire 5 days ago they can still login. So one might say, just add 'UseLogin yes' and all of your problems will be solved. This of course is not a good

>From http://www.apache.org/info/20010519-hack.html: "The ssh client at SourceForge had been compromised to log outgoing names and passwords, so the cracker was thus able get a shell on apache.org." user's ssh --> SF's ssh --> apache.org's sshd So basically the user's password was entered in the clear to an untrusted program (SF's ssh). Never mind that

Hello, in the BSD Authentication system the login script can request environment variables to be set/unset. The call to auth_close() in auth-passwd.c does change the current environment, but those changes are lost for the child environment. It would be really useful to add some kind of mechanism to get those changes into the child environment. I've added two possible solutions. Both

I just cobbled up a little patch to add support for OPIE to OpenSSH. Currently untested, but feedback is welcome. Wichert. -- _________________________________________________________________ / Nothing is fool-proof to a sufficiently talented fool \ | wichert at cistron.nl http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250

Hi, I'm playing around using Opus in a 'chunked' streaming context, where chunks of media are served in separate HTTP responses. I am trying to hunt down the source of some clicks-and-pops during playback, and while it is very likely that these glitches are due to the low quality of my code, I wanted to ask if the admonition in the API docs[1] that "encoder state *must*

I was having a discussion with a MS person about the performance of NT. I got this reply: ---------- Forwarded message ---------- By the way, I looked into that claim that Linux could outperform NT server, and my source claimed that the test was done on different hardware (i.e. it was rigged) and that Linux still loses to NT on equivalent HW, although "it has gotten closer." Do you

What is autom4te.cache/ and why is it in the snapshot?