similar to: Corrected Makefile.in diff

Bug: all .out files get rebuilt every make. This is silly, and breaks make install if root cannot write to your build dir. Fix: add dependancy check sop .out files only get rebuilt if the source file changes FixBug: if any source file gets changed, all .out files get rebuilt. This is because man pages and config files both get .out extensions but get created differently. It's

The attached unified diff fixes configure so that all --with-libfoo options are allowed to be --with-libfoo=PATH. If the option is specified with a PATH, only that PATH is searched for the library. If it is specified as =yes or with no argument, it tries without modifying anything, and then tries looking in /usr/local. The SunOS5 targets no longer add /usr/local to include or library paths

auth.c:auth_log contains the following code: authlog("%s %s for %s%.100s from %.200s port %d%s", authmsg, method, authctxt->valid ? "" : "illegal user ", ---> authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" : authctxt->user, get_remote_ipaddr(),

Here is a new version of my partial auth patch against the April 24, 2001 CVS image. It fixes a couple of things (thanks to Karl M <karlm30 at hotmail.com>), and includes support for hostbased auth. It's still not pretty, but it works. 2 things Karl mentioned aren't fixed: - auth methods are still hard-coded into servconf.c. Fixing this would require a lot of work, and all the

channels.h from today's CVS has MS-DOS ^M end-of-line chars. -- Carson Gaspar - carson at taltos.org Queen trapped in a butch body

The attached patch against today's CVS improves write() error handling and logging in clientloop.c when flushing stdout/stderr. -- Carson Gaspar - carson at taltos.org Queen trapped in a butch body -------------- next part -------------- A non-text attachment was scrubbed... Name: clientloop.c.diff Type: application/octet-stream Size: 966 bytes Desc: not available Url :

The attached unified diff fixes configure so that all --with-libfoo options are allowed to be --with-libfoo=PATH. If the option is specified with a PATH, only that PATH is searched for the library. If it is specified as =yes or with no argument, it tries without modifying anything, and then tries looking in /usr/local. The SunOS5 targets no longer add /usr/local to include or library paths

When using "HostbasedUsesNameFromPacketOnly yes", the ssh client sends the hostname with a trailing dot, but the server does not strip off the trailing dot when matching against .shosts et. al., or when looking up keys in ssh_known_hosts2. This causes the host to not be found. Adding the hostname with trailing dot to the config files "fixes" this, but I think sshd should

Finally all the pieces are in place to allow strong user and host authentication with SSH2 and the latest OpenSSH code (plus my partial auth patch). Herein I describe one problem case, and a possible solution thereof. Target: Allow user logins from host charles to host steve using passwords Previously, you would have had to trust the IP headers to authenticate charles. If charles had a

On 2/17/16 6:02 PM, Darren Tucker wrote: > On Thu, Feb 18, 2016 at 12:43 PM, Carson Gaspar <carson at taltos.org> wrote: > [...] >> Is there a sane way to run just one test script? LTESTS can't be overridden >> AFAIK... > > make t-exec LTESTS=testname > > where testname is the name of the specific test script without the .sh > extension. Nope, that runs

I finally got around to looking at a bunch of patchs to configure.in, some of them from back in March. One from Carson Gaspar <carson at taltos.org> looked promissing at first glance but after many hours I just couldn't get it to work. Due to much demand, I have added optional PATH to --with-pcre, --with-zlib, and --with-tcp-wrappers. I have done extensive testin on --with-zlib, and

Hi ! According to http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98577747029227&w=2 [...snip...] List: openssh-unix-dev Subject: Updated configure.in patch for 2.5.2p2 From: Carson Gaspar <carson at taltos.org> Date: 2001-03-28 11:03:29 [...snip...] there exists a patch to add --with-zlib (needed when zlib isn't installed in the standard path. Happens on Solaris

Hi, I'm interested in the ability to block ssh logins (or alternatively, not have sshd answer client requests) for certain hostnames that are DNS CNAME aliases to the canonical name for a given IP address. To tell you the truth, I don't think this is currently possible through this setup, and may look further to try to block it at the firewall, but that's a different discussion... :)

On 2/17/16 3:02 PM, Carson Gaspar wrote: > > Sadly I'm hitting a different autoconf bug :-( I was being an idiot - configure was bombing out & I didn't notice (boy that openssl version error message is loooooong...) With Mr. Wilson's patch, I still get: "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with the Solaris sandbox"

http://bugzilla.mindrot.org/show_bug.cgi?id=152 carson at taltos.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From carson at taltos.org 2002-03-10

HI! I would like to introduce new patch which adds new config option "AuthOrder2" to sshd_config. I would like to say that I only modyfied the patch made by Carson Gaspar. If you want to know more about this patch see thread at: http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98577021011067&w=2 I will appreciate any feedback from you. This patch is against 3.1p1. BTW:

But the main question hasn't been answered: Why is /usr/local placed before user-specified paths? Hypothetical example: You want to link against OpenSSL 0.96 for OpenSSH, but /usr/local contains 0.95, which is needed for something else. (Assume it comes binary only on Solaris for the sake of argument...) --Matt > -----Original Message----- > From: Damien Miller [mailto:djm at

Hi! I am use SuSe 7.2 x86 and openssh-2.9p1-7.rpm I got a problem using bitkeeper on my laptop where bitkeeper reported an I/O error while reading data from 'ssh'. After much debugging, and some help from the bitkeeper people, I found out that that clientloop.c doesn't handle interrupts gracefully. (It died when it got an EAGAIN error when writing to the application) After applying

On 2/17/16 9:50 AM, Carson Gaspar wrote: > Solaris 10 has setppriv, but does not have priv_basicset. To work on > Solaris 10, the call would need to be replaced with the equivalent set > of explicitly listed privs: The prior art in other apps on the system seems to suggest that priv_str_to_set is a better fallback if priv_basicset is not available. I've attached a patch that seems

We recently tried upgrading openssh from 2.5.2p2 to 2.9p1 and discovered that it no longer worked to feed the output from a remote command into a pipe, unless the output was short and the pipe was very fast at processing its input. Example 1: ssh remote_machine some_command | less (where "some_command" generates a lot of output) now fails after the first screenful, with a