similar to: [follow-up/fix] openssh 2.5.2p2 not allowing RSA authentication

Hi, the below patch solves the same problem for gids as has already been solved for uids. Windows has no concept of permanently changing the identity. It's always possible to revert to the original identity. Thanks, Corinna Index: uidswap.c =================================================================== RCS file: /cvs/openssh_cvs/uidswap.c,v retrieving revision 1.44 diff -p -u -r1.44

Aloha, I'm curious about the following code at line 203 in uidswap.c: /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); This causes permanently_set_uid to fail in the following case: $ su Password: ???????? #

A change was recently introduced into uidswap.c to cover the case where the user is root. The change is "&& pw->pw_uid != 0 &&". /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1))

Hello Porters, I am attempting to compile OpenSSH 2.9.9p2 on a Dynix V4.4.4 host. I have set USE_PIPES and BROKEN_SAVED_UIDS (the latter because there are no functions for set{eu,eg}id() that I can find). I configured with "./configure '--with-libs=-lnsl -lsec'". Each time I attempt to login, I get this error: No utmp entry. You must exec "login" from

http://bugzilla.mindrot.org/show_bug.cgi?id=1182 Summary: uid 0, gid !=0 fools defensive check in uidswap.c Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P4 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy:

Hello ! I think a problem was introduced in openssh-2.3.0p1 which is still there in the latest openssh-2.5.2p1. I just noticed it before my vacation and could not send this mail earlier than today. The problem is: You can't use the Rhosts-RSA authentication based on the hosts.equiv file and the host keys. The only possible way to do rhosts-RSA authentication is to allow the usage of the

If we can get people to test their platforms against the last snapshot/cvs tree I'd be greatful. (http://www.openssh.com/portable.html) I know NeXT platform has problems. I'm going to spend tonight looking at it. Also, take a moment to see what manpage type ./configure decided for your system and if it's 'cat' please let us know. Thanks. - Ben

So I discovered yesterday that if puppet changes the gid of a group it doesn''t go through the file system and update them with the new correct gid (at least this was the case on RHEL5 and client puppet v2.6.16 and puppetmaster 2.7.12). Now I thought that it might be possible to have puppet execute something like find /home/ -group <old_gid> | xargs chgrp groupname. However

As I am new to dovecot and sieve I am really happy to get it working in a straight forward way. Thanks for the documentation to whom it concerns. Now I came to my limits with this failure messages in /home/rolf/.dovecot.sieve.log: sieve: info: started log at Jun 25 20:22:54. error: msgid=<1340648569.94073.YahooMailClassic at web190304.mail.sg3.yahoo.com>: failed to store into mailbox

> Hi, > > we are upgrading some servers from C6 to C7 with a lot of user accounts > on them (UID>=500). > CentOS 7 has MIN_UID/MIN_GID 1000, Centos 6 has 500 in login.defs. > > Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I > could just grep the users out from passwd/shadow/group files and append > them to the Centos7 passwd/shadow/group files.

Hello, The ssh deamon from OpenSSH_2.5.2p2 first does a seteuid(uid) and then stat($HOME/.shosts) to check whether a .shosts file is there. This seems to be a problem when homedirectories are only accessible "by group permission"; for example in the following (as I guess quite common) case: drwxr-x--- root mygroup 512 Apr 10 12:09 mygroup And my personal homedirectory would now

Hi guys, and another feature request for sshd which I would classify as really useful. And I think this behaviour is currently not available (If yes, sorry, I must have missed it): > I believe that the sshd should log which RSA key was used to connect to > an account. When there are a number of keys in the authorized_keys file > it is often useful to know which one was used for each

and, are you SURE that dovecot-lda has mail in it's group list when it is executing? On Tue, Nov 3, 2015 at 2:12 PM, Larry Rosenman <larryrtx at gmail.com> wrote: > Hrm. if you turn up the debug on lda, do you get any more of a clue? > > Those permissions look fine to me. > > > On Tue, Nov 3, 2015 at 2:10 PM, John Clements <johnbclements at gmail.com> >

Hi. To compartmentalize things a bit (e.g., to help limit the damage should one of my machines be hacked and my private RSA keys stolen) I use different RSA key pairs on my different client machines. So it occurs to me that it would be nice if ssh could log which key was used when logging in to a particular account that has more than one entry in .ssh/authorized_keys. Right now it simply says

I've been using dovecot+postfix happily for many years, and I'm now configuring it for a new machine. However, I'm running into an old problem again, and thinking that there must be a better solution. The problem is that dovecot-lda is unable to create dotlock files in the /var/mail directory. Dovecot version: 1:2.2.13-12~deb8u1 (I'm guessing this is upstream version 2.2.13) OS:

On 13/10/2017 08:03, Damien Miller wrote: > On Thu, 12 Oct 2017, Michael Felt wrote: > >> On 08/10/2017 23:32, Michael Felt wrote: >>> On 04/10/2017 11:07, Michael Felt wrote: >>>> I do not often use X11 - but when I do I prefer to enable >>>> X11forwarding, and when finished - turn it off. This is preferable, >>>> imho, to having

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

On 08/10/2017 23:32, Michael Felt wrote: > On 04/10/2017 11:07, Michael Felt wrote: >> I do not often use X11 - but when I do I prefer to enable >> X11forwarding, and when finished - turn it off. This is preferable, >> imho, to having "clear" X11 processing when local - and otherwise >> impossible when working remote. >> >> Working with

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

Quick question: ssh client and server 2.5.2p2, RSA authentication. Should the user be prompted to change their password if it's expired? -- John Hardin <johnh at aproposretail.com> Internal Systems Administrator voice: (425) 672-1304 Apropos Retail Management Systems, Inc. fax: (425) 672-0192