similar to: Local Management via su or ssh ?

Thanks to everyone who has replied to my emails so far - to summarise: AIX allows setting of rlogin=false and and a su group, or a list of users that are permitted to "su" to root. ( or other functional ids ) This means with entries in /etc/ftpusers, it is possible to : 1/ Track who used root via sulog and or external logging 2/ Protect root even if the root password is compromised 3/

Has anyone else running AIX tried this patch? I'm looking for feedback if it should be applied before we release 2.9p1. - Ben ---------- Forwarded message ---------- Date: Tue, 24 Apr 2001 17:22:02 -0800 (AKDT) From: mikem at alaska.net To: openssh-unix-dev at mindrot.org Subject: Functionality bug (possibly) in openssh on AIX 4.3 Hi Folks, While compiling and testing openssh-2.5.2p2 on

Very early on in what seems to be quite a hot debate sometimes, I pointed out that sshd only controls rlogin=false at its startup, and if it is changed, sshd simply ignores it ie: chuser rlogin=true root sshd chuser rlogin=false root Will result in sshd ACCEPTING login from root, ie it seems to only check at its startup - is this a bit like ulimit behavior where you need need to log out and in

I was discussing with Don about a private topic..and while skimming the code I noticed that during a 'ssh mouring at site ls' the /etc/environment is *ONLY* read if the remote machine is an AIX box. This is undocumented and I'm wondering if someone using AIX could explain WHY it exists in the session.c:do_child()? No other OS has this. I don't see why AIX should require it.

Thanks for replying guys but: The problem I have is this: I cannot turn off telnetd and rlogind for all users in one day - they use rlogin=false for each user ie: chuser rlogin=false root Unfortunetely ssh does not allow access when this is set. I would like to use ssh at first just for root, and then for other users after testing etc. permitrootlogin is a ssh concept, not applicable to

I guess I didn't want to litter the users table either - it just seems "wrong" to be actually adding things to the host when it is really so transient. It feels like it should be LDAP-ish. Just ask the server for the keys and do a one-off authentication. But I've seen even LDAP creates the user directories. I see that 2.6 kernels can have some 4B users, which should last me a

Folks, During testing, we found a couple of issues with openssh3.0.2p1: 1. In userauth_finish() in auth2.c (as well as in do_authloop in auth1.c), the foll. check: if (authctxt->failures++ > AUTH_FAIL_MAX) is never satisfied and thus packet_disconnect() never gets called. I suspect the code just drops out of the dispatch_run function list instead. This should be an == instead of >.

Hello, I am unable to build a working OpenSSH 3.0.2p1 for IRIX 6.5 using either 1. gcc 2.95.3 + binutils 2.11.2 2. SGI MIPSpro cc, CC=cc, LD=/usr/bin/ld, CFLAGS='-mips3 -n32' Under both setups: - zlib seems to build fine - OpenSSL seems to build fine and tests out okay - OpenSSH builds, and then: openssh-3.0.2p1 % ./ssh -v myhost Trace/BPT/RangeErr/DivZero/Ovflow trap (core

???????????? samba, I compile kerberos5 root@romanof2 : cd /usr/ports/security/krb5/ root@romanof2 : make && make install && make clean && rehash ------------------------------------------------------ This port of MIT Kerberos 5 includes remote login daemons (telnetd and klogind). These daemons default to using the system login program (/usr/bin/login). Please see the

On Nov 24, 2014, at 3:46 PM, Warren Young <wyml at etr-usa.com> wrote: > Now compare telnet: always vulnerable, all the time, since the day it was created, before most of the people on this list were born: Technically, you can run kerberized (krb5) telnet/telnetd, and it's not quite as insecure as unkerberized telnet. The telnet protocol supports security measures, but most people

Hi ya'll- I've got this odd openssh problem with Solaris 10 I was hoping someone could shed some light on. Not sure if it is a bug... Basically I'm trying to use pubkeys as an auth method, but am having issues. I can log in using passwords no problem, but as soon as it notices a matching public key it closes the connection. I ran the sshd server (on Solaris 10 box) in debug

Hi, We have implemented a new AIX 5.3, P55A using Samba...we have about 70 users online most of the day. We assign a particular Samba share to everyone when they login so it shows up in their Windows Explorer. Is it standard that we see so many "smbd" processes running when I do a "ps -ef"? Here is a portion of the output below. We have been experiencing lag at times

Somewhere between 2.9p1 and 2.9.9p2 there was a change to auth2.c that removed the userauth_reply() function. There were a few lines of code in that function, #ifdef'd with WITH_AIXAUTHENTICATE, that handled the AIX method of lastlog type stuff (specifically, a loginsuccess() call). There is a similar call in auth1.c, down in do_authentication(), which is still there in 2.9.9p2. So with

Hi How to get rid of kerberos, or at least to prevent to go into path? Where is defined the path for users? I need to configure and use rtools (I know that I should use ssh, but I need rtools) and I think very annoying the messages from Kerberized rsh or rlogin, like this: -sh-3.2$ rsh kitten02 connect to address 192.168.89.2 port 543: Connection refused Trying krb4 rlogin... connect to

I'm seeing a problem under AIX (4.3.3, 5.1, 5.2) very similar to bug #178. It occurs with both 3.6.1p1 and openssh-SNAP-20030910. If /etc/nologin is present, a session requesting a pty will hang, apparently when the sshd parent tries to close the pty slave. As in bug #178, adding a brief sleep to the child sshd anytime after the fork seems to clear up the problem (though I agree that this

IF ssh is a replacement for rlogin,rsh etc I can accept it respecting rlogin=false as rlogin does and rsh does not, however scp is a replacement for rcp, and rcp does NOT use rlogin attribute, so the implementation is NOT standard as scp fails if rlogin=false, but rcp succeeds, as documented. thanks mark

Ugh. With MAKE_KERBEROS5=yes, on a recent STABLE, I get the following trying to use Kerberized telnet: # telnet -l test big.x.kientzle.com Trying 66.166.149.54... Connected to big.x.kientzle.com. Escape character is '^]'. [ Trying mutual KERBEROS5 (host/big.x.kientzle.com@X.KIENTZLE.COM)... ] Bus error (core dumped) Fortunately, it's pretty easy to track down: (gdb) up #2

Hi All. OpenSSH 4.7 is preparing for release so we are asking for any interested folks to please test a snapshot. The main changes are: * sshd(8) in new installations defaults to SSH Protocol 2 only. Existing installations are unchanged. * The SSH channel window size has been increased, which improves performance on high-BDP networks. * ssh(1) and sshd(8) now preserve MAC

Suppose I have two columns of entries, how can I get the union of the two columns? Please note: I input my columns through excel. These entries have text format in excel. Also, out of curiosity, how can I find out the data type of a data frame ? > a <- read.csv("book1.csv") > a n1 n2 1 apple soda 2 orange apple 3 soda green 4 red yellow 5 white blue 6

Thanks Henrik this is very helpful! I will try this out on our tests and see if gcDLLs() has a positive effect. mlr currently has tests broken down by learner type such as classification, regression, forecasting, clustering, etc.. There are 83 classifiers alone so even when loading and unloading across learner types we can still hit the MAX_NUM_DLLS error, meaning we'll have to break them