similar to: RHL init.d/sshd ipv6 hack

Hello all, OpenSSL 0.9.5a and 0.9.6 are incompatible, causing weird errors. I'd like to get a check for this in the RPMs. However, now I want to make sure whether anyone has experienced problems with RHL 0.9.5a OpenSSL libs vs. the 0.9.5a ones provided at openbsd.org? Ie: is it enough to check like '= 0.9.5a' or do you have to check '= 0.9.5a-xyz'. -- Pekka Savola

The RHL 6.2 command "/etc/rc.d/init.d/crond start" prevents clean logout from compiled version of OpenSSH-2.5.1p1 on all hosts. The command "/etc/rc.d/init.d/crond stop" is OK. This occurs for interactive or command line requests. ssh remotehost /etc/rc.d/init.d/crond stop --- works every time ssh remotehost /etc/rc.d/init.d/crond start --- hangs every time Control-C will

Hello! Now that PrivSep stuff works for PAM too, I took the time to update contrib/redhat/openssh.spec to create the sshd user and set up the /var/empty dir when installing the packages. These have been done the Red Hat style, the uid/gif 74 is currently free in RHL. The only minor issues I could think of were: - I'm not sure if /var/empty should be owned by openssh-server package, but

I've cleaned up Pekka Savola's newly revised sshd.init and additional sshd-functions and modified them to work they way i've been arguing they should work. Compatibility functions are defined in ./contrib/redhat/sshd-functions, which should get installed no matter what release of Red Hat Linux OpenSSH is getting built for, to be consistent across releases. Specific changes from

No response yet, so resending. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Fri, 12 Oct 2001 09:44:54 +0300 (EEST) From: Pekka Savola <pekkas at netcore.fi> To: Damien Miller

Hello all, I just found a bug a nice bug that can be turned into a real feature on systems (usually Linux) that are built with --with-ipv4-default. If you enable IPv6 in kernel, and enable both listenaddress 0.0.0.0 and ::, sshd will error out 'address family not supported'. However, you can work around this error by starting sshd with 'sshd -4 -6'. As far as man page is

Hello all, Tested the latest snapshot. ssh-keyscan seems to have gone in. :) Two issues about it (patched): 1) the man pages aren't installed, only uninstalled 2) RH spec file (and the others no doubt..) won't include it. General observations: for RSA keys only?, kinda obsoletes contrib/make-ssh-known-hosts*. -- Pekka Savola "Tell me of difficulties surmounted,

Hello all, A few days ago I noticed that the following seems to happen when upgradign OpenSSH on Linux-based (/etc/rc.d/init.d/sshd) based systems: - sshd is restarted with 'sshd restart'; however sshd serving in port 22 is not replaced. - you have to kill the old one (netstat -ltp | grep :ssh ; kill ...) first, then restart sshd. - This might happen only when performing the upgrade

whoops, not announce. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Thu, 7 Mar 2002 16:59:38 +0200 (EET) From: Pekka Savola <pekkas at netcore.fi> To: Markus Friedl <markus at

Damien-- Attached is a patch to contrib/redhat/sshd.init which eliminates the dependency on the success() and failure() functions from initscripts>=4.16. This allows sshd.init to be used for both early and recent releases of Red Hat Linux (i've confirmed it works on both 4.2 and 5.2 as well as 6.2). The patch also removes the 'Requires: initscripts >= 4.16' line from

Hello all, sshd configuration file options change from one release to another. If you forget updating sshd_config, sshd will not start. This is especially painful for update scripts etc. where you can't do e.g. 'sshd -p 2022' to see if it's okay. May I suggest some option, e.g. sshd -t, which would test config files and other obvious issues and return an errorcode if something

Hi, I'd like to bring this up again as there has been discussion about 2.4.0 patches. Getting something this big in would probably delay the release too much, but something similar should be considered for 2.5 then. A lot of people would like some control over port forwarding. Florian Weimer's patches (http://cert.uni-stuttgart.de/files/openssh/) are one, rather "big"

Hello all, Very recently, djm added compability patch so that aes/rijndael encryption problems could be avoided when talking to broken server/client; and you wouldn't have to toggle off the protocols yourself. Might this be a candidate for 2.5.2p2 or the like? This would be helpful when there are a lot of broken, 2.3.0 and like, systems. -- Pekka Savola "Tell me of

ChangeLog: 20010429 - (bal) Updated INSTALL. PCRE moved to a new place. - (djm) Release OpenSSH-2.9p1 However, OpenSSH 2.9p1 is not on the official FTP sites, at least yet? -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords

can someone confirm this? it does not happen on openbsd. -------------- next part -------------- An embedded message was scrubbed... From: Florian Wunderlich <fwunderlich at devbrain.de> Subject: Re: fds closed after SIGCHLD bug still in newest version Date: Wed, 22 Nov 2000 14:44:17 +0100 Size: 3926 Url:

Hi, Running openssh-2.9p2 on Linux. If server is run with 'sshd -6' (to enable ipv6 easily on server end), ie all IPv4 are represented as mapped addresses, port forwarding will not work; just running plain ol' IPv4 fixes this of course. The server error, when forwarding from the client '143:localhost:143' and connecting to localhost 143 is: debug1:

Damien, I had to apply the following simple patch for the openssh-2.0.0beta2-1.src.rpm package to build on my Mandrake Linux system (see below for patch). Basically, Mandrake auto compresses man pages in the build sequence (appending a .bz2 extension), so I had to change the %files sections to find the compressed man pages. By using wildcards, I expect that this patch will NOT break the

Hello, I updated the latest snapshot as RPM's to two of my systems. Basic stuff seems to be working ok. Privilege separation failed though, possibly because I didn't populate /var/empty with PAM entries. Privsep might be a bit raw in any case, at least for the portable. FWIW, I came across error message 'sshd: no user' and had to scratch my head a bit to figure out what it

I'm getting minor reports from the EFNET irc channel I hang out that ./configure fails to find OpenSSL. However ./configure --with-pam successed. The config.log hints to the fact that -ldl is not included when one does not use --with-pam. Can I get conformation on this? It does not occur on Redhat 7.0. - Ben

Hi, In a mail about two weeks ago, I brought up an idea: --- How SSH makes this easier is that you only have to sync the authorized_keys2 database to root account's .ssh/ every time new admin comes in/leaves the house. This can even be automatized rather easily. A more modular hack would be using authorized_keys2 _directory_, and the keys in there would all be counted as authorized. Thus