similar to: [patch] ignore SSH2_MSG_IGNORE packets

Displaying 20 results from an estimated 110 matches similar to: "[patch] ignore SSH2_MSG_IGNORE packets"

2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in
2000 Aug 23
1
Protocol 2 remote forwarding patch
Hi ! Here's a patch to add remote port forwarding support (protocol 2) for openssh. I have tried to test that it works like it should but a more thorough testing is needed. This patch adds both client/server support. The patch should be applied to openssh-2.1.1p4 source tree. Also included is a PortForwarding sshd_config option, new ./configure option --disable-forwarding that should make it
2004 Apr 07
2
Requiring multiple auth mechanisms
I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of
2001 Oct 24
2
disable features
this (uncomplete) patch makes various features compile time options and saves up to 24K in the resulting ssh/sshd binaries. i don't know whether this should be added to the CVS since it makes the code less readable. perhaps WITH_COMPRESSION should be added, since it removes the dependency on libz -m Index: Makefile.inc =================================================================== RCS
2010 Jan 28
1
Possible issue with stdio forwarding
Greetings, I've been doing a little testing with the stdio forwarding support added in recent snapshots and have encountered one possible issue. First, I should say that this feature generally seems to work. However, I haven't been able to get it to work when connecting to a server running SSH.COM's product. The config file I am using is fairly simple: Host sfe1 LogLevel debug3
2007 Apr 17
9
[Bug 1307] client disconnects if ServerAlive enabled but not implemented
http://bugzilla.mindrot.org/show_bug.cgi?id=1307 Summary: client disconnects if ServerAlive enabled but not implemented Product: Portable OpenSSH Version: 4.3p2 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at
2000 May 15
1
AIX authenticate patches
Here are some patches to re-enable support for AIX's authenticate routines. With them, ssh will honor locked & unlocked accounts, record successful and unsuccessful logins, and deny accounts that are prohibited to log in via the network. Tested with AIX 4.3. It also includes a fix for handling SIGCHLD that may be needed for other platforms (HP-UX 10.20, for example). If I get the time
2018 Nov 13
12
[Bug 2929] New: OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying
https://bugzilla.mindrot.org/show_bug.cgi?id=2929 Bug ID: 2929 Summary: OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5
2003 Jan 29
0
[PATCH] features for restricted shell environments
The patch below implements a couple of features which are useful in an environment where users do not have a regular shell login. It allows you to selectively disable certain features on a system-wide level for users with a certain shell; it also allows you to control and audit TCP forwarding in more detail. Our system is an email server with a menu for the login shell; we selectively allow port
2001 Oct 26
2
Patch to add "warn" value to ForwardX11 and ForwardAgent
Because ForwardX11 and ForwardAgent are so useful but introduce risk when used to a not well-secured server, I added a "warn" value to the ForwardX11 and ForwardAgent options which causes the ssh client to print a big warning whenever the forwarding is actually used. I plan to make "ForwardX11=warn" the default in my ssh_config distribution. I'm not proposing that this
2000 Jan 04
1
Why ...
in packet.c:packet_read_poll(), stored_checksum is an unsigned int, but GET_32BIT is returning an unsigned long ... Or isn't it? Marc G. Fournier marc.fournier at acadiau.ca Senior Systems Administrator Acadia University "These are my opinions, which are not necessarily shared by my employer"
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h
2001 Feb 10
3
Protocol 2 remote forwarding patch
Hi all, I'm very new in this list, as looking for codes to plug up the lack of functionality of "Protocol 2 Remote Forwardig". Fortunately, I could find it in MARC's archive. Mr. Jarno Huuskonen posted the codes in Sept, last year, and I tried applying it to my FreeBSD box environment. I couldn't apply an original patch, of course, for incompatibility of virsion. The
2001 Jul 22
1
[patch] VPN enhancements
Hi, This patch (mostly my work, except for protocolkeepalives, which rjk at greenend.org.uk wrote for 2.5, and I forward-ported) came out our usage for VPN tunnels of ssh, where it was useful for ssh to notice if the server went away. It includes documentation, and is pretty self-explanatory. Matthew -------------- next part -------------- An embedded and charset-unspecified text was
2011 Feb 18
1
[PATCH] core: Honor DISPLAY text background color when in VGA mode
When in VGA graphics mode, BIOS int 10h ah=09h doesn't seem to treat high-order attribute bits as a background color; instead, it apparently always uses black. This means that a background color requested via <SI> in a DISPLAY file is not honored in VGA mode. However, the BIOS supports an "XOR" mode, in which the pixels to be written are XORed with pixels already on the
2003 Mar 02
0
[RFC][PATCH] Require S/KEY before other authentication methods.
I need a way to make sshd require S/KEY authentication to succeed before allowing either password or public-key authentication. Currently, we can only have S/KEY+password, by using PAM for authentication, and configuring PAM accordingly. But PAM of course can't handle SSH public keys. I thought for a while that ideally we could actually use PAM to tell sshd what methods of authentication to
2002 Apr 26
0
PAM keyboard-interactive
The following patch (relative to -current) makes PAM a proper kbd-interactive citizen. There are a few limitations (grep for todo), but the code seems to work OK for protocols 1 & 2 with and without privsep. Please have a play! auth2-pam.c is based on code from FreeBSD. Index: auth2-chall.c =================================================================== RCS file:
2002 Mar 14
0
OpenSSH vs AIX 4.3.3 => 5.1 utmp patch
The patch below follows changes in AIX utmp handling made between AIX 4.3.3 and 5.1. With it, utmp entries are properly recorded again. The patch applies to OpenSSH 3.1p1, and seems to work fine. The co-worker who sent me the patch hasn't tested backwards compatibility on AIX 4.3.3 systems. Richard ------- *** openssh-2.9.9p2/auth-passwd.c.org Tue Jul 3 23:21:15 2001 ---
2004 Jul 01
4
[Bug 559] PAM fixes
http://bugzilla.mindrot.org/show_bug.cgi?id=559 ------- Additional Comments From dtucker at zip.com.au 2004-07-01 13:40 ------- (From update of attachment 292) OK, except for the last bit, I think this is all done. >+#ifdef USE_PAM >+ options.permit_empty_passwd && >+#endif This is done in auth-passwd.c: if (*password == '\0' &&
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes PAM kbd-int work with privilege separation. Contrary to what I have previously stated - it *does* handle multiple prompts. What it does not handle is multiple passes through the PAM conversation function, which would be required for expired password changing. I would really appreciate some additional eyes over the