similar to: ssh's readconf.c debug() goes to /dev/null

this patch adds a LogFile option to sshd_config. it just logs messages directly to a file instead of stderr or syslog. the largest change is an additional argument to log_init() in log.c for the log file name (and then changes to the rest of the tools to add a NULL arg). galt -------------- next part -------------- diff -urN openssh-3.5p1-orig/log.c openssh-3.5p1/log.c ---

Moin, attached is a patch, which adds a new configuration option "PreferAskpass" to the ssh config. ssh{,-add,-keygen,-agent} will use ssh-askpass to prompt for passwords, if this option is set to "yes", and if ssh-askpass is available. Default for "PreferAskpass" is "no". Pacth is against current CVS. Sebastian -- signature intentionally left blank.

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

To provide a bit more backwards-compatible (which is nice for eg. NFS- shared /home directories) try a few version-number based names. Eg., for "OpenSSH_7.3" the strings that are tried after "~/.ssh/config" are "_7.3", "_7", and "". --- ssh.c | 37 ++++++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 7 deletions(-) diff --git

ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs. This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`. [0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683 [1] GitHub PR:

The following patch allows OpenSSH 2.2.0-p1 to be started (and managed) from /etc/inittab (by "init") on systems which support that. This is useful when you *really* want SSHD to always run since it will be automatically restarted by "init" if it dies (and if "init" dies the the systems dies :-). I use a line (in /etc/inittab) like this on Solaris systems:

Hi all, attached is a patch that enables using hardware crypto accelerators available through OpenSSL library for SSH operations. Especially in ssh/sshd it can bring a significant speed improvement. OTOH if no crypto engine is available, nothing bad happens and default software crypto routines are used. This patch is used in SUSE Linux OpenSSH package and proved to work (at least it didn't

Please find enclosed two patches for OpenSSH 3.1p1. The first patch solves a problem where sessions will be left "hanging" when you normally exit from a ssh shell (for example by logging out from the remote host via "exit" or "logout"). The problem seems to be that sshd (and some other parts of OpenSSH) doesn't check the return code and errno from waitpid() for

Feature request: - Please add a new LogLevel corresponding to the LOG_NOTICE syslog level. - Then modify OpenSSH to log to LOG_NOTICE only these events: - login failures - login successes Specifically, please: - add a new element to the LogLevel enum, say, 'SYSLOG_LEVEL_NOTICE', between 'SYSLOG_LEVEL_INFO' and 'SYSLOG_LEVEL_ERROR', in log.h -

subject: ssh non-intuitive logging setting (priority names). I installed openssh 2.3.0p1 on Solaris 7 for x86 box and sshd worked fine. However, somehow the logging of connection and disconnection to sshd was not recorded as I wished. Time to investigate. On a host where sshd from data-fellows once ran, the log was recorded with auth.info level. After trying to modify sshd_config, I found that

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

Hello ! Like Edmund EVANS reported openssh-2.1.1p4 won't fork to background when using protocol 2. I managed to hack a little patch that might work ... What is the -N command line option supposed to do ? I gather it should work only with protocol2 and without any command to run on the server (and with some port forwardings ??) Anyway in the patch I put some code to check that -N is used

Here is the user-dependent IdentityFile patch for openssh3.5 (BSD version), which allows private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location. This addresses an important security hole on systems where home directories are NFS mounted, particularly if there are users who use blank passphrases (or when lpd is tunneled through ssh on systems running lpd

===== Ladies/Gents, "ssh-keyscan.c" can't be linked statically against "libssh.a". You end up with `fatal()' being doubly defined. The patch below deletes the new "ssh-keyscan.c:fatal()" function and and restores the "ssh-keyscan.c:fatal_callback()" function with modifi- cations. The problem that both attempt to alleviate is the setting of the

In the past 2 months another change occurred in the CVS code that broke my ssh-keyscan patch. Here's an updated version that tweaks the changed name (in the Kex struct) and also causes an attempt to grab an ssh2 key from an older server (without ssh2 support) to fail earlier and without an error message (Stuart Pearlman emailed me some code for this). This patch is based on the BSD CVS

Sorry to repost, but I finally have the code on a machine that has diff -u, and I've updated it for 2.9p2. Attached is the unified diff to add logging of SFTP activity to auth.info. If there is a more proper way to contrib patches, please let me know. Cheers, Jason # "Jason A. Dour" <jason at dour.org> http://dour.org/ # Founder / Executive Producer - PJ

Ubuntu CDs use multiple configuration files and the include directive as well as gfxboot, so it's useful for gfxboot to support these. Signed-off-by: Colin Watson <cjwatson at ubuntu.com> --- com32/gfxboot/gfxboot.c | 65 +++++++++++++++++++++++++++++++---------------- 1 files changed, 43 insertions(+), 22 deletions(-) diff --git a/com32/gfxboot/gfxboot.c b/com32/gfxboot/gfxboot.c

I'd like a feature whereby ssh puts itself in the background after the first successful X11 (or other port) forwarding. The reason for this is simple: error handling. If the application fails to open the X display and exits, then the client can still exit with the application's exit code. But if the application opens the X display successfully, then it can just display any errors by

Just had a quick glance at the recents diffs of openssh and noted something which looks bogus to me: diff -u -r1.209 -r1.210 --- src/usr.bin/ssh/ssh.c 2004/03/11 10:21:17 1.209 +++ src/usr.bin/ssh/ssh.c 2004/04/18 23:10:26 1.210 @@ -517,16 +517,17 @@ * file if the user specifies a config file on the command line. */ if (config != NULL) { - if (!read_config_file(config, host,