similar to: OpenSSH tmp cleanup

Let me start this with the disclaimer that I am a Linux lover that only pretends to have any clue about coding. I grabbed the latest version of OpenSSH (v2.9p1) and went to install it on my Sparc (RH 6.2, v2.4.2). Unlike OpenSSH 2.5.2p2, however, when I tried to compile it I got the following error: ... <compiling away> ... gcc -g -O2 -Wall -I. -I. -I/usr/local/ssl/include

OpenSSH 5.1p1 I can't grasp why, when connecting with 'ssh -Y' to this test host, I am not tickling the verbose() call below that I have added. I am logging as auth + verbose in sshd_config The X11 forward for the session works fine as tested with xterm. At any rate, I am looking for some guidance on where to log X11 forwards that are established, ideally with a username and remote

This issue has been discussed here and elsewhere a fair bit in the past year or so, but to re-address the issue... As of OpenSSH 2.9.something the ability to have an Xauthority located in /tmp was removed, with the following description in the ChangeLog : - markus at cvs.openbsd.org 2001/06/12 21:21:29 [session.c] remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since

http://bugzilla.mindrot.org/show_bug.cgi?id=771 openssh at faxm0dem.org changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|openssh-bugs at mindrot.org |bitbucket at mindrot.org ------- Comment #5 from openssh at faxm0dem.org 2006-04-13 01:12 ------- There is a patch that

Hi! I am resending the following message about problems with utmp handling. * In the meantime I had some request in private mail from people asking whether I have new information. * The problem is still persistant in 2.9p2. * My own new investigations show, that the problem only appears with protocol 2, not with protocol 1, I therefore only started to note it when protocol 2 became the

Hi! I'm investigating the seccomp filter in openssh and I wanted to know whether the following system calls should be added to the filter: 1. getgroups - do_authentication2->dispatch_run_fatal->sshpkt_fatal->logdie->cleanup_exit->do_cleanup->temporarily_use_uid->getgroups 2. setgroups -

-----BEGIN PGP SIGNED MESSAGE----- Hi, I''ve got several replies, thank you for them. Let me summarize: o Many people say there is a PAMified version of ssh available at ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source) ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries) (there are analogous paths for the other architectures). The packages are made by Jan

Hi! Here is the patch to support tcp wrappers with x11-forwarded connections. The patch is for openssh-3.0.1p1 but it works fine with 2.9.9p2 too. I've understood that this will not be included in the official version because it adds complexity (?!) to openssh. Binding the forwarded port to localhost doesn't solve all problems. I've understood that you should also implement

Hi, I'm unable to get Kerberos4 authentication working with openssh-3.4p1. I'm getting a message that privsep is not available on my platform (Irix 6.5.15) and another message stating that compression and privsep are mutually exclusive. But, ssh decided to turn off compression, I think because of servconf.c. I think it would be more usefull to have compression enabled and disable privsep

This change allows use of untrusted X11 forwarding (which is more secure) without requiring users to choose a finite timeout after which to refuse new connections. This matches the semantics of the X11 security extension itself, which also treat a validity timeout of 0 on an authentication cookie as indefinite. Signed-off-by: Trixie Able <table at inventati.org> --- clientloop.c | 12

I have found that this server, <snip> debug1: Remote protocol version 1.99, remote software version 3.1.0 F-SECURE SSH - Process Software SSH for OpenVMS debug1: no match: 3.1.0 F-SECURE SSH - Process Software SSH for OpenVMS </snip> does not follow the IETF secsh draft [1] related to the SSH_MSG_USERAUTH_PASSWD_CHANGEREQ message. <snip> ... Normally, the server responds

this (uncomplete) patch makes various features compile time options and saves up to 24K in the resulting ssh/sshd binaries. i don't know whether this should be added to the CVS since it makes the code less readable. perhaps WITH_COMPRESSION should be added, since it removes the dependency on libz -m Index: Makefile.inc =================================================================== RCS

does anyone else see this on linux: localhost sshd[14418]: Accepted password for stevesk from 15.126.45.158 port 49594 localhost sshd[14418]: Setting tty modes failed: Invalid argument redhat with kernel 2.2.17. ttymodes.c: /* Set the new modes for the terminal. */ if (tcsetattr(fd, TCSANOW, &tio) < 0) log("Setting tty modes failed: %.100s", strerror(errno)); return;

Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I haven't been able to figure out what changed in the code, but the symptom seems to be that the TTY name being registered with SIA is truncated to eight characters. This apparently prevents it from matching with entries in the tty database, and the dreaded "Cannot obtain database information on this terminal

Here's a patch for a feature I'm used to having in the old commercial ssh. It checks for usernames the file /etc/nologin.allow when /etc/nologin is in place, and lets the users mentioned in /etc/nologin.allow in regardless of /etc/nologin. This is very usefull for remote administration of servers. Please consider applying this. -jf -------------- next part -------------- ---

Hello all, $XAUTHORITY location has moved from under /tmp to ~/.Xauthority in 2.9p2. The commit message was: --- remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since we do already trust $HOME/.ssh you can use .ssh/sshrc and .ssh/environment if you want to customize the location of the xauth cookies --- The latter is true, but can only be enabled in per-user basis as far as I see.

On 13/10/2017 08:03, Damien Miller wrote: > On Thu, 12 Oct 2017, Michael Felt wrote: > >> On 08/10/2017 23:32, Michael Felt wrote: >>> On 04/10/2017 11:07, Michael Felt wrote: >>>> I do not often use X11 - but when I do I prefer to enable >>>> X11forwarding, and when finished - turn it off. This is preferable, >>>> imho, to having

Hi! At compilation of the openssh-2.9.9p2 with Solaris WorkShop 6.01 the following compilation error was given out. /opt/SUNWspro/bin/cc -Xa -xF -xCC -xildoff -xarch=v9 -xchip=ultra -dalign -I/usr/include/v9 -D_REENTRANT -xO2 -I. -I. -I/usr/local/include -DETCDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"

On 08/10/2017 23:32, Michael Felt wrote: > On 04/10/2017 11:07, Michael Felt wrote: >> I do not often use X11 - but when I do I prefer to enable >> X11forwarding, and when finished - turn it off. This is preferable, >> imho, to having "clear" X11 processing when local - and otherwise >> impossible when working remote. >> >> Working with

Okay, here is a fixed version of the patch I sent before for fixing the problems I know about with Digital Unix SIA: displaying too much info (MOTD, last login, etc.) when access is denied, and the loss of the error message sometimes when access is denied. It does break some code out of do_login into a couple of separate functions. I did this to avoid duplicating the code in a couple of places.