Displaying 20 results from an estimated 110 matches similar to: "[patch] ignore SSH2_MSG_IGNORE packets"
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi,
sorry if it is the wrong approuch to suggest improvments to OpenSSH,
but here comes my suggestion:
I recently stumbled upon the scponly shell which in it's chroot:ed form is
an ideal solution when you want to share some files with people you trust
more or less.
The problem is, if you use the scponlyc as shell, port forwarding is still
allowed. This can of course be dissallowed in
2000 Aug 23
1
Protocol 2 remote forwarding patch
Hi !
Here's a patch to add remote port forwarding support (protocol 2) for
openssh. I have tried to test that it works like it should but a more
thorough testing is needed. This patch adds both client/server support.
The patch should be applied to openssh-2.1.1p4 source tree.
Also included is a PortForwarding sshd_config option, new ./configure
option --disable-forwarding that should make it
2004 Apr 07
2
Requiring multiple auth mechanisms
I looked around for a while, but couldn't find any code for requiring multiple
authentication mechanisms in openssh. So I wrote an implemention.
I thought at first I should change the PasswordAuthentication,
PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some
funky stuff in auth2.c with respect to keyboard interactive auth that would make
this kind of
2001 Oct 24
2
disable features
this (uncomplete) patch makes various features compile time
options and saves up to 24K in the resulting
ssh/sshd binaries. i don't know whether this
should be added to the CVS since it makes
the code less readable.
perhaps WITH_COMPRESSION should be added, since
it removes the dependency on libz
-m
Index: Makefile.inc
===================================================================
RCS
2010 Jan 28
1
Possible issue with stdio forwarding
Greetings,
I've been doing a little testing with the stdio forwarding support added
in recent snapshots and have encountered one possible issue. First, I
should say that this feature generally seems to work. However, I haven't
been able to get it to work when connecting to a server running
SSH.COM's product.
The config file I am using is fairly simple:
Host sfe1
LogLevel debug3
2007 Apr 17
9
[Bug 1307] client disconnects if ServerAlive enabled but not implemented
http://bugzilla.mindrot.org/show_bug.cgi?id=1307
Summary: client disconnects if ServerAlive enabled but not
implemented
Product: Portable OpenSSH
Version: 4.3p2
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: bitbucket at
2000 May 15
1
AIX authenticate patches
Here are some patches to re-enable support for AIX's authenticate
routines. With them, ssh will honor locked & unlocked accounts, record
successful and unsuccessful logins, and deny accounts that are
prohibited to log in via the network. Tested with AIX 4.3.
It also includes a fix for handling SIGCHLD that may be needed for
other platforms (HP-UX 10.20, for example).
If I get the time
2018 Nov 13
12
[Bug 2929] New: OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying
https://bugzilla.mindrot.org/show_bug.cgi?id=2929
Bug ID: 2929
Summary: OpenSSH server should not send the SSH_MSG_EXT_INFO
message after rekeying
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2003 Jan 29
0
[PATCH] features for restricted shell environments
The patch below implements a couple of features which are useful
in an environment where users do not have a regular shell login.
It allows you to selectively disable certain features on a
system-wide level for users with a certain shell; it also allows
you to control and audit TCP forwarding in more detail.
Our system is an email server with a menu for the login shell;
we selectively allow port
2001 Oct 26
2
Patch to add "warn" value to ForwardX11 and ForwardAgent
Because ForwardX11 and ForwardAgent are so useful but introduce risk when
used to a not well-secured server, I added a "warn" value to the ForwardX11
and ForwardAgent options which causes the ssh client to print a big warning
whenever the forwarding is actually used. I plan to make "ForwardX11=warn"
the default in my ssh_config distribution.
I'm not proposing that this
2000 Jan 04
1
Why ...
in packet.c:packet_read_poll(), stored_checksum is an unsigned int, but
GET_32BIT is returning an unsigned long ...
Or isn't it?
Marc G. Fournier marc.fournier at acadiau.ca
Senior Systems Administrator Acadia University
"These are my opinions, which are not necessarily shared by my employer"
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2001 Feb 10
3
Protocol 2 remote forwarding patch
Hi all,
I'm very new in this list, as looking for codes to plug up the lack of
functionality of "Protocol 2 Remote Forwardig".
Fortunately, I could find it in MARC's archive. Mr. Jarno Huuskonen
posted the codes in Sept, last year, and I tried applying it to my
FreeBSD box environment.
I couldn't apply an original patch, of course, for incompatibility of
virsion. The
2001 Jul 22
1
[patch] VPN enhancements
Hi,
This patch (mostly my work, except for protocolkeepalives, which
rjk at greenend.org.uk wrote for 2.5, and I forward-ported) came out our
usage for VPN tunnels of ssh, where it was useful for ssh to notice if
the server went away. It includes documentation, and is pretty
self-explanatory.
Matthew
-------------- next part --------------
An embedded and charset-unspecified text was
2011 Feb 18
1
[PATCH] core: Honor DISPLAY text background color when in VGA mode
When in VGA graphics mode, BIOS int 10h ah=09h doesn't seem to
treat high-order attribute bits as a background color; instead,
it apparently always uses black. This means that a background
color requested via <SI> in a DISPLAY file is not honored in
VGA mode.
However, the BIOS supports an "XOR" mode, in which the pixels
to be written are XORed with pixels already on the
2003 Mar 02
0
[RFC][PATCH] Require S/KEY before other authentication methods.
I need a way to make sshd require S/KEY authentication to succeed before
allowing either password or public-key authentication.
Currently, we can only have S/KEY+password, by using PAM for
authentication, and configuring PAM accordingly. But PAM of course can't
handle SSH public keys.
I thought for a while that ideally we could actually use PAM to tell
sshd what methods of authentication to
2002 Apr 26
0
PAM keyboard-interactive
The following patch (relative to -current) makes PAM a proper
kbd-interactive citizen. There are a few limitations (grep for todo), but
the code seems to work OK for protocols 1 & 2 with and without privsep.
Please have a play!
auth2-pam.c is based on code from FreeBSD.
Index: auth2-chall.c
===================================================================
RCS file:
2002 Mar 14
0
OpenSSH vs AIX 4.3.3 => 5.1 utmp patch
The patch below follows changes in AIX utmp handling made between AIX 4.3.3
and 5.1. With it, utmp entries are properly recorded again.
The patch applies to OpenSSH 3.1p1, and seems to work fine. The co-worker
who sent me the patch hasn't tested backwards compatibility on AIX 4.3.3
systems.
Richard
-------
*** openssh-2.9.9p2/auth-passwd.c.org Tue Jul 3 23:21:15 2001
---
2004 Jul 01
4
[Bug 559] PAM fixes
http://bugzilla.mindrot.org/show_bug.cgi?id=559
------- Additional Comments From dtucker at zip.com.au 2004-07-01 13:40 -------
(From update of attachment 292)
OK, except for the last bit, I think this is all done.
>+#ifdef USE_PAM
>+ options.permit_empty_passwd &&
>+#endif
This is done in auth-passwd.c:
if (*password == '\0' &&
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the