similar to: openssh and port forwarding as root

Hi ! Is anyone working on getting -R (remote port forwarding) working with protocol 2 ? I might be interested in helping but don't want to duplicate any previous work. -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169

Hi, I noticed one small possible error in the openssh-2.3.0p1/contrib/redhat/sshd.init script. In the stop option: stop) echo -n "Shutting down sshd: " if [ -f $PID_FILE ] ; then killproc sshd [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd fi echo

Hi ! Here's a patch to add remote port forwarding support (protocol 2) for openssh. I have tried to test that it works like it should but a more thorough testing is needed. This patch adds both client/server support. The patch should be applied to openssh-2.1.1p4 source tree. Also included is a PortForwarding sshd_config option, new ./configure option --disable-forwarding that should make it

Hi, Has anybody produced diffs for openssh-2.3.0p1 for the rsa keyexchange problem that Core-SDI described ? ( I noticed that fix is already in openbsd tree ). -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169

Hi ! Here's an experimental patch for openssh-2.1.1p4 to add support (to openssh client) for -R (protocol 2). So if you have access to a commercial ssh2 server (that allows port forwardings) could you test this patch. (Note the openssh server doesn't have support for -R with protocol 2 so testing with openssh server won't do much good). To test remember to use -o "Protocol

Hi ! I think that the configure option --with-ipaddr-display doesn't set the IPADDR_IN_DISPLAY define in config.h Here's a small patch to configure.in that should enable the feature (after running autoconf again). -Jarno --- openssh-2.1.1p4-orig/configure.in Sat Jul 15 07:59:14 2000 +++ openssh-2.1.1p4/configure.in Mon Aug 7 08:18:15 2000 @@ -1026,7 +1026,7 @@

Hi ! I hacked together a couple of patches for Openssh 2.1.1p4 port forwarding. It is a one patch file that does the following two things: First: If the server is configured not to allow port forwardings it sends SSH_SMSG_FAILURE (protocol 1) while openssh client expects SSH_SMSG_SUCCESS. When the client gets the failure it exists with protocol error message. This patch will accept both failure

Hello ! Like Edmund EVANS reported openssh-2.1.1p4 won't fork to background when using protocol 2. I managed to hack a little patch that might work ... What is the -N command line option supposed to do ? I gather it should work only with protocol2 and without any command to run on the server (and with some port forwardings ??) Anyway in the patch I put some code to check that -N is used

Hi, Openssh doesn't log failed logins to /var/log/btmp like login does (if btmp exists). This is on RH6.2. Is there a specific reason for not logging to btmp ? I think that logging to btmp would be a 'good thing'(tm). What about other unices ? Do they have /var/log/btmp or something similar (AIX has something like that and I think openssh already logs the failed attempts). AFAIK

Hi, I noticed that the AIX specific loginsuccess call uses char *aixloginmsg to retrieve login information. Later this message is printed in session.c (around line 753). Loginsuccess mallocs space for this message and according to the aix docs it's the responsibility of the calling program to free this message. I didn't notice any code in openssh that would free the aixloginmsg. Can

Hi, Does anyone know what algorithm the commercial ssh-2.3.0 uses to display the key fingerprints ? On the manual it says the algorithm is 'bubble babble' but I didn't find out how to actually create this bubble string (I guess I could find out from the sources). I think that it would be a nice option if OpenSSH could print out the host keys fingerprint in same format as the

Hi ! While browsing Linux manpages (man 3 syslog) I noticed that the manual says that the LOG_AUTH facility is deprecated use LOG_AUTHPRIV instead. Is there a good reason why OpenSSH doesn't have an option to use LOG_AUTHPRIV facility ? (Looks like that tcpd/telnet etc. use the AUTHPRIV facility (in RH6.2)). Shouldn't be too hard to add the AUTH_PRIV facility ? Cheers, -Jarno --

Hi all, I'm very new in this list, as looking for codes to plug up the lack of functionality of "Protocol 2 Remote Forwardig". Fortunately, I could find it in MARC's archive. Mr. Jarno Huuskonen posted the codes in Sept, last year, and I tried applying it to my FreeBSD box environment. I couldn't apply an original patch, of course, for incompatibility of virsion. The

Hi, I'm sorry if this has already come up on the list, I did a quick search of the archive and didn't notice it. I noticed IMHO strange behavior in read_passphrase: If readpassphrase returns NULL and sets errno to ENOTTY, then read_passphrase returns an empty passphrase to the caller instead of error, now what happens with password authentication is that if readpassphrase fails every

Hi all, I'm using openssh-2.9p2 on Solaris 2.8. I can get remote port forwarding to work using the -R flag, but only with ssh protocol 1 not ssh protocol 2. I've read that remote forwarding protocol 2 was not supported in earlier versions of openssh, but I'm wondering if this is still the case. Jarno Huuskonen [Jarno.Huuskonen at uku.fi], posted a patch in 2000 to add support for

Hi ! Is it possible to add support for expired passwords to OpenSSH ? What I mean by this is that when users password has expired the user is forced to change the password before the shell is executed. At least OpenSSH on linux+pam (RedHat 6.0) denies access if the password has expired ... Would something like this work (as a temporary fix): If the password is expired run a command that first

I'm having trouble with users transferring files to a solaris box running ossh v2.3.1p1 via sftp using ssh.com's windows client. The sftp client appears not to respect the users umask, creating files with either mode 666 or 600. We're using version 2.4.0 of the windows client. Any ideas? thanks, -Brett ----------------- Brett Longworth Systems Manager Department of Biology

Hi, I'm not on the openss-unix-dev mailing list, but I want to ask about a feature that I've put into my local implementation of OpenSSH the past year or so, and I wanted to know if it was worthwile to add it to the sources so that I don't have to add it myself each time I upgrade... About a year ago I was working for a company that wanted to use OpenSSH as a server (on a Linux

Hi guys, and here's a security related bug report. I think it's has been fixed in the 2.2.x-release of openssh, but I'm not sure. I tried to reproduce the problem with my 2.2.0p1 and could find any difference in the behaviour of ssh depending on wether PermitRootLogin was set to no. Could someone please confirm that this problem is not existing anymore? > When PermitRootLogin is

Hi. OpenSSH 2.3.0p1 exhibits the following behavior on Linux 2.2.5. I believe this is a bug. Can anyone else replicate this? On any given SSH machine (let's call it 'test'), start ssh like this: ./ssh -L2526:mail.blah.com:25 -f mail.blah.com sleep 1000 (where mail.blah.com is some machine running sendmail, you have a login account, etc.) In a just world (and this works with