similar to: Disabling Password-based auth? (was RE: recent breakins)

All-- But it's not as simple as forwarding the password-based authentication. Regardless of what method was used to SSH from system one (user's) to system two (SF), the user then started up *a second* SSH session to go from two (SF) to three (Apache). There is no effective way for any authentication information from the first session to be passed to the second, in my mind. Remember

>From http://www.apache.org/info/20010519-hack.html: "The ssh client at SourceForge had been compromised to log outgoing names and passwords, so the cracker was thus able get a shell on apache.org." user's ssh --> SF's ssh --> apache.org's sshd So basically the user's password was entered in the clear to an untrusted program (SF's ssh). Never mind that

-----Original Message----- From: Loomis, Rip Sent: Tuesday, 19 June, 2001 09:10 To: 'geoff at raye.com' Subject: RE: poor permissions on ssh binary Geoff-- You stated that you consider it "a poor choice of permissions" to install the ssh binary as mode 0711. Since it will run perfectly with even more restrictive permissions (we typically install it mode 0511 here), what is

The trojaned ssh client is nothing new to the hacker community, and the statement in the previous thread claiming "This type of man-in-the-middle attack (trojaned ssh) is not theoretical anymore, and password authentication is broken." is an example of how many poeple still think "hacking" is something very difficult and nothing short of a genius is required to make the

Aloha Jiwen (I used to get kama'aina discounts, but no longer)-- First, you didn't tell us what OpenSSH source code version you're trying to compile. Without that info there are any number of possible problems--so I'll assume (for now) that you're using the latest released portable version of OpenSSH. Please reply with specific version info. The fact that things are blowing

This is to announce the availability of SRP (Secure Remote Password) support for OpenSSH. A tarball is available on Tripod: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/openssh-2.5.2p2-srp5.tar.gz (Note: Tripod requires you to LEFT click on links to download files.) To install, unpack, configure --with-srp, and make install, then create an

On Sun, 29 Apr 2001, RJ Atkinson wrote: > At 06:26 27/04/01, Tom Wu wrote: > >For those of you who were following the discussion about the new draft > >and implementation of SRP-based password authentication in OpenSSH, I > >promised to have Stanford issue the IETF an official, explicit, > >statement reiterating the unencumbered royalty-free licensing terms. > >The

Joyce-- > I did not install /www/gzip.org/zlib because I assumed that I > probably have that, since I have gunzip.... gunzip being present doesn't usually mean that zlib is present, but you might actually have zlib. Look for a libz.a in /usr/local/lib (or appropriate other directory structure depending on where gunzip is on your system...) > Openssh compiled but I kept receiving

This is the 2nd beta release of SRP for OpenSSH. The patch attached to this message is relative to the current (20010411) CVS sources of OpenSSH-portable (2.5.4p1). A tarball is also available: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/openssh-2.5.4p1-srp6.tar.gz (Note: Tripod requires you to LEFT click on links to download files, and

I noticed that (perhaps because ':' is invalid in a username) you can say ssh -l user:style host, where the "user:style" is sent by the client, and the server strips the ":style" part off and makes it available as part of the authentication context. It's currently unused. What are the plans for this, if any? I was experimenting with the idea of using it with SRP

Hai Mark, I see the bugreport for this is still untouched. https://bugzilla.samba.org/show_bug.cgi?id=11998 Is vfs_full_audit not an option? with %I you can log the IP address of the client machine. But i dont know if that wil work of if vfs_full_audit hase that option. With something like this. full_audit:prefix = %u|%I|%m|%S full_audit:failure = connect full_audit:success = connect

I have uploaded a new release of the OpenSSH (portable) SRP patch. This version is vs. the 20010625 openssh_cvs; there are no other changes. You can find it here: http://members.tripod.com/professor_tom/archives/ http://members.tripod.com/professor_tom/archives/OpenSSH-srp9.tar.bz2 http://members.tripod.com/professor_tom/archives/OpenSSH-srp9.patch.bz2 The tarball is the whole thing with the

In message <Pine.LNX.4.30.0104031615270.8678-100000 at holly.crl.go.jp>, Tom Holro yd writes: >SRP has different requirements from Diffie-Hellman. In particular, >for SRP the generator must be primitive. It turns out that the "primes" >file contains only safe primes with primitive generators, and is thus >ideal for SRP, but so far in OpenSSH it has only been used for

The latest snapshot (20020324) fails to compile here. Linux 2.4.18-rc1 Alpha The first messages are: monitor_wrap.c: In function `mm_request_receive': monitor_wrap.c:91: warning: int format, different type arg (arg 3) monitor_wrap.c:100: warning: int format, different type arg (arg 3) which have to do with fatal() calls and int not being the same as ssize_t... But the next one is the

This may have been asked before, but I can't find it. I am getting repeated external attempted to log into our AD/DC (running Samba 4.4.14). In /var/log/samba/log.samba I get entried like: 2017/09/19 05:02:25.562957, 2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv) auth_check_password_recv: sam_ignoredomain authentication for user [HPRS\333] FAILED with error

On Tue, 2017-09-19 at 17:02 +0200, L.P.H. van Belle via samba wrote: > Hai Mark, > > I see the bugreport for this is still untouched. > https://bugzilla.samba.org/show_bug.cgi?id=11998 I've closed that bug now. Extensive work has been done to add this feature to Samba 4.7, due out this week: https://wiki.samba.org/index.php/Setting_up_Audit_Logging Two new debug classes,

Hey everyone, I have been using sftp for quite some time now and we have just hit 256 sftp users. Line 21 of servconf.h reads: #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ I am curious why this is in a header file and not something that is in sshd_config that can be changed without recompile? Thanks in advance! -- James Dennis Harvard Law School "Not

Aloha Rip Thanks for your quick response. I did compile OpenSSH stuffs by using GCC 2.95.2 first, the error is the same. Since there are no issues on other platforms by using GCC 3.3.2, I tried to take a luck on HP-UX 10.20 by using GCC 3.3.2. Unfortunately, it is same, even at the same line What I am guessing is that it could be from some system environment variable setting, but I am not sure

On 3/14/06, David Holroyd <ruby-talk@badgers-in-foil.co.uk> wrote: > On Wed, Mar 15, 2006 at 02:23:04AM +0900, Mauricio Fernandez wrote: > > On Tue, Mar 14, 2006 at 09:27:14AM +0900, David Holroyd wrote: > > > On Wed, Mar 01, 2006 at 01:31:11AM +0900, Mauricio Fernandez wrote: > > > > Source code, additional information, screenshots... available at > >

I hate following up to myself, but I thought a clarification of one point (specifically WRT RC5 which was mentioned in the original question) might be worthwhile...because what I should have said originally was that "To the best of my non-legally- admissible knowledge, however, none of the algorithms in the current *OpenSSH* implementation are currently encumbered by patents that would