Displaying 20 results from an estimated 2000 matches similar to: "Minor bug in HostbasedAuthentication"
2001 Apr 25
0
Case study of new possibilities with PartialAuth and HostbasedAuth
Finally all the pieces are in place to allow strong user and host
authentication with SSH2 and the latest OpenSSH code (plus my partial auth
patch). Herein I describe one problem case, and a possible solution thereof.
Target: Allow user logins from host charles to host steve using passwords
Previously, you would have had to trust the IP headers to authenticate
charles. If charles had a
2001 Apr 25
2
Makefile.in diff against CVS to prevent man/config rebuild every make
Bug: all .out files get rebuilt every make. This is silly, and breaks make
install if root cannot write to your build dir.
Fix: add dependancy check sop .out files only get rebuilt if the source
file changes
FixBug: if any source file gets changed, all .out files get rebuilt. This
is because man pages and config files both get .out extensions but get
created differently. It's
2001 Jun 15
1
EOL problem with channels.h in CVS
channels.h from today's CVS has MS-DOS ^M end-of-line chars.
--
Carson Gaspar - carson at taltos.org
Queen trapped in a butch body
2001 May 02
2
2.9p1?? core dump in auth_log
auth.c:auth_log contains the following code:
authlog("%s %s for %s%.100s from %.200s port %d%s",
authmsg,
method,
authctxt->valid ? "" : "illegal user ",
---> authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" :
authctxt->user,
get_remote_ipaddr(),
2001 Apr 25
1
Once more, with diffs... (configure.in aclocal.m4 patch against CVS)
The attached unified diff fixes configure so that all --with-libfoo options
are allowed to be --with-libfoo=PATH. If the option is specified with a
PATH, only that PATH is searched for the library. If it is specified as
=yes or with no argument, it tries without modifying anything, and then
tries looking in /usr/local. The SunOS5 targets no longer add /usr/local to
include or library paths
2001 Jun 15
1
Patch for stdout/stderr buffer flush write() handling
The attached patch against today's CVS improves write() error handling and
logging in clientloop.c when flushing stdout/stderr.
--
Carson Gaspar - carson at taltos.org
Queen trapped in a butch body
-------------- next part --------------
A non-text attachment was scrubbed...
Name: clientloop.c.diff
Type: application/octet-stream
Size: 966 bytes
Desc: not available
Url :
2001 Apr 25
6
Updated partial auth patch against CVS
Here is a new version of my partial auth patch against the April 24, 2001
CVS image. It fixes a couple of things (thanks to Karl M
<karlm30 at hotmail.com>), and includes support for hostbased auth. It's still
not pretty, but it works. 2 things Karl mentioned aren't fixed:
- auth methods are still hard-coded into servconf.c. Fixing this would
require a lot of work, and all the
2001 Apr 25
0
configure.in aclocal.m4 patch against CVS
The attached unified diff fixes configure so that all --with-libfoo options
are allowed to be --with-libfoo=PATH. If the option is specified with a
PATH, only that PATH is searched for the library. If it is specified as
=yes or with no argument, it tries without modifying anything, and then
tries looking in /usr/local. The SunOS5 targets no longer add /usr/local to
include or library paths
2001 Apr 25
0
Corrected Makefile.in diff
I attached a broken diff to my last mail. This one actually works. Sorry
for the brain-o's tonight...
--
Carson Gaspar - carson at taltos.org
Queen trapped in a butch body
-------------- next part --------------
A non-text attachment was scrubbed...
Name: makediff
Type: application/octet-stream
Size: 3569 bytes
Desc: not available
Url :
2003 Sep 13
2
CVS is missing documentation for HostbasedUsesNameFromPacketOnly
I'm attaching a simple doc patch against current CVS - feel free to re-word
it as you see fit. I also noticed that if UseDNS is no,
HostbasedUsesNameFromPacketOnly _must_ be yes if you want
HostbasedAuthentication to work.
--
Carson
-------------- next part --------------
--- sshd_config.5.DIST 2003-09-13 02:25:18.365707000 -0400+++ sshd_config.5 2003-09-13 02:46:29.430974000 -0400@@
2016 Feb 18
3
Call for testing: OpenSSH 7.2
On 2/17/16 6:02 PM, Darren Tucker wrote:
> On Thu, Feb 18, 2016 at 12:43 PM, Carson Gaspar <carson at taltos.org> wrote:
> [...]
>> Is there a sane way to run just one test script? LTESTS can't be overridden
>> AFAIK...
>
> make t-exec LTESTS=testname
>
> where testname is the name of the specific test script without the .sh
> extension.
Nope, that runs
2003 Sep 13
3
Trailing dot is not removed from client hostname if HostbasedUsesNameFromPacketOnly is yes
If HostbasedUsesNameFromPacketOnly is set to yes, sshd does not remove
the trailing dot from the client supplied hostname, causing sshd to
attempt to look up "foo.example.com." (note trailing period) in
known_hosts and .shosts instead of "foo.example.com"
Trivial patch attached.
--
Carson
-------------- next part --------------
An embedded and charset-unspecified text was
2024 Jun 27
1
Proposal to add a DisableAuthentication option to sshd ServerOptions
When I looked at `man pam_unix`, I did not see any obvious options that
would
cause ssh to authenticate without prompting for a password at all, short of
setting an empty password which is similar to PermitEmptyPasswords option.
However, I am not very familiar with the internals of PAM, so pointers to
documentation would be greatly appreciated.
Also, I think adding a single line to sshd_config
2002 Aug 01
0
[Bug 376] New: HostbasedAuthentication, followed snailbook but not working! :-(
http://bugzilla.mindrot.org/show_bug.cgi?id=376
Summary: HostbasedAuthentication, followed snailbook but not
working! :-(
Product: Portable OpenSSH
Version: -current
Platform: UltraSparc
URL: http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-
2024 Jun 27
1
Proposal to add a DisableAuthentication option to sshd ServerOptions
see pam_permit(8)
On Thu, Jun 27, 2024 at 10:37?AM Henry Qin <hq6 at cs.stanford.edu> wrote:
>
> When I looked at `man pam_unix`, I did not see any obvious options that
> would
> cause ssh to authenticate without prompting for a password at all, short of
> setting an empty password which is similar to PermitEmptyPasswords option.
>
> However, I am not very familiar
2024 Jun 27
1
Proposal to add a DisableAuthentication option to sshd ServerOptions
Thanks for the pointer!
I played around with PamServiceName set to 'sshd_disable_auth' and got it
working with the minimum contents below in the file
/etc/pam.d/sshd_disable_auth.
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
Thus, this does indeed enable disabling authentication.
Unfortunately, as far as I can tell, only root can create files
2001 Oct 22
2
configure changes
I finally got around to looking at a bunch of patchs to configure.in, some
of them from back in March. One from Carson Gaspar <carson at taltos.org> looked
promissing at first glance but after many hours I just couldn't get it to
work.
Due to much demand, I have added optional PATH to --with-pcre,
--with-zlib, and --with-tcp-wrappers.
I have done extensive testin on --with-zlib, and
2001 Apr 24
0
About the configure.in patch for 2.5.2p2
Hi !
According to
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98577747029227&w=2
[...snip...]
List: openssh-unix-dev
Subject: Updated configure.in patch for 2.5.2p2
From: Carson Gaspar <carson at taltos.org>
Date: 2001-03-28 11:03:29
[...snip...]
there exists a patch to add --with-zlib (needed when zlib isn't installed
in the standard path. Happens on Solaris
2024 Jun 27
1
Proposal to add a DisableAuthentication option to sshd ServerOptions
i'm not a maintainer, but my personal opinion is that it's probably
easier to prepare a container with this pam configuration
On Thu, Jun 27, 2024 at 2:26?PM Henry Qin <hq6 at cs.stanford.edu> wrote:
>
> Thanks for the pointer!
> I played around with PamServiceName set to 'sshd_disable_auth' and got it working with the minimum contents below in the file
2002 Mar 18
0
Block ssh logins for specific hostnames (CNAMES) all bound to same IP ???
Hi,
I'm interested in the ability to block ssh logins (or alternatively, not
have sshd answer client requests) for certain hostnames that are DNS CNAME
aliases to the canonical name for a given IP address.
To tell you the truth, I don't think this is currently possible through this
setup, and may look further to try to block it at the firewall, but that's a
different discussion... :)