Displaying 20 results from an estimated 1000 matches similar to: "configure bug"
2016 Mar 08
2
Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565
Hi Gert,
Thanks for your reply.
But we can't upgrade to 7.2 version also we don't have plan to upgrade in
near future. Can I fix these vulnerabilities in the current version?
Regards
Abhishek
On Tue, Mar 8, 2016 at 6:42 PM, Gert Doering <gert at greenie.muc.de> wrote:
> Hi,
>
> On Tue, Mar 08, 2016 at 06:14:01PM +0530, abhi dhiman wrote:
> > Actually I am working
2004 Jul 06
4
AIX and zlib
I noticed that AIX now comes with a version of zlib installed in /usr. (I'm
working on 5.2)
My first inclination was to simply uninstall it and use the one we compile
(and put in /usr/local).
However, IBM has made zlib part of the RPM package itself!
So, I cannot uninstall it without removing RPM....
Next, I tried passing --with-zlib=/usr/local to configure for ssh.
This seems to work, but
2015 Feb 17
2
matching on client public key
As I understand currently there is no way in sshd_config to match
based on the client public key so different configuration for the same
username can be applied depending on the key, right?
My case is a backup login that needs to run as a root to access all
the files and where I want to use ForceCommand to allow the login only
to execute a particular command and yet still allow normal root
2001 Jun 27
2
OpenSSH, Cygwin, eXceed, and SIGINT
All,
When logging into an HP-UX 10.2 system from a Windows NT machine
running Cygwin and openssh 2.9p2, control-c sends a sigint to the ssh client
on the NT system, thus killing the ssh process. Interestingly enough, this
behavior is only observed when using X11 forwarding. I can eliminate the
behavior by changing clientloop.c to ignore SIGINT (signal(SIGINT, SIG_IGN)
) but then I'm bak to
2016 Feb 17
2
Using 'ForceCommand' Option
I would like to implement an arbitrary script to be executed when logging
on via SSH. This is supposedly possible using the ForceCommand option to
sshd. However, as soon as I implement any script, even as simple as echoing
a string, clients can no longer connect to the server. Clients report only
that the connection was dropped by the server. The server, in debug mode,
shows:
Feb 17 16:14:01
2018 Jul 06
2
Does anyone use UsePrivilegedPort=yes or setuid ssh(1) ?
On 6 July 2018 at 17:24, Gert Doering <gert at greenie.muc.de>wrote:
[...]
> I think we have one customer connection where their firewall admin
> thinks "it is more secure that way" - read, we can't ssh in if we come
> from high ports.
>
> OTOH, thanks for the pointer with ProxyCommand - it's a very specific
> niche problem with a viable workaround, so I
2017 Oct 17
2
Status of OpenSSL 1.1 support
Hi,
On Tue, Oct 17, 2017 at 05:54:52AM -0600, The Doctor wrote:
> The best solution is if (LIBRESSL) || (OPENSSL < 1010...)
>
> Else
>
> Whatever.
>
> Is that too much work?
Littering code with #ifdef is almost never a good idea.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert
2001 Feb 22
11
Lets try this push again.. 2.5.1p2 bugs left.
Things that are still outstanding:
1) Solaris/Redhat/HPUX session.c patch. I've not seen a ya or na on
Kevin's pam patch from the Solaris group.
2) Odd Redhat/Debian scp/ssh issues. .. I'm baffled, and I can't
replicate the bug. Nor have I seen anything remotely like it reported.
3) SCO.. Is it happy yet for compiling? =)
Completed:
1) mdoc2man.pl .. Commited into
2015 Apr 22
2
shared private key
On Wed, Apr 22, 2015 at 10:55 AM, ?ngel Gonz?lez <keisial at gmail.com> wrote:
> On 22/04/15 16:42, Reuben Hawkins wrote:
>>
>> Hi SSH-devs,
>>
>> This may be a bit off topic for this list, but....
>>
>> Would it be ok to share a private key in an installer script so long
>> as the corresponding public key is setup like this...
>>
>>
2016 Mar 08
4
Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565
Hi All,
Actually I am working with the OpenSSH version 6.2p which is vulnerable to
above mentioned vulnerabilities.
So am looking for some help how I can fix these vulnerabilities in my
version. I need to fix it in the OpenSSH code.
Regards
Abhishek
2018 Jan 03
2
SSHD and PAM
Sudarshan Soma wrote:
> Does sssd/NSS has a way to fetch user names from sources like
> RADIUS/TACACS server?
My impression is that while this might be theoretically possible, nobody
does this. Especially it's not clear to me how you would push group
membership to the system. And AFAICS in case of TACACS+ there's also
only a single "role" available (translate this to
2007 Oct 08
3
missing ssh.c - at ./configure
Hi!
I got the following error at ./configure:
configure: error: cannot find sources (ssh.c) in . or ..
Some Details around...:
Code-Version: openssh-4.3p2
System: Ubuntu 7.04
* zlib und ssh-devel packages installed.
I'm sure someone of you knows how i can fix that problem... :)
greets!
Christofer
2017 May 18
2
feature request: use HOME before getpwnam() in misc.c
it's really^3 annoying that no matter the value of $HOME, that tilde_expand_filename() only looks at getpwnam() and friends instead of at least trying getenv("HOME").
What is the use case?
HOME=longpath_to_config1
ssh -i ~/.ssh/key1
HOME=longpath_to_config2
ssh -i ~/.ssh/key2
but getpwnam() defeats this by always accessing what's in the passwd file. So .ssh/known_hosts is
2015 Jul 07
2
[PATCH 1/1] paint visual host key with unicode box-drawing characters
Hi,
On Tue, Jul 07, 2015 at 04:25:25PM +0200, Roland Mainz wrote:
> General comments:
> 1. Not all locales use UTF-8 as encoding but can still use the Unicode
> characters you use (e.g. GB18030 is a modern example and it's use is
> mandated by all software vendors in PRC China). A quick solution is to
> use |iconv()| to convert the UTF-8 byte sequences to the local
>
2012 Feb 26
3
spc restarts
I was wondering why scp didn't have a restart-in-the-middle
option when transferring a large file. Isn't that something
that is supported by the underlying ssh protocol? Is there
some other program that can give me this functionality ?
2024 Sep 09
1
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
Hi,
On Mon, Sep 09, 2024 at 05:41:42PM +0200, Jan Schermer wrote:
> The correct solution is to throw whatever requires it to the garbage and never buy from that vendor again.
As nice as this sounds, the selection of possible algorithms on the
(usually "internal network only") management interface is waaaaay low
on the priority list when shopping for a $50k router...
gert
--
2016 Feb 17
5
Using 'ForceCommand' Option
Gert,
Thank you for the feedback. Can you give any further direction on where to
get more information on what you are describing?
On Wed, Feb 17, 2016 at 3:17 PM, Gert Doering <gert at greenie.muc.de> wrote:
> Hi,
>
> On Wed, Feb 17, 2016 at 12:59:57PM -0600, Lesley Kimmel wrote:
> > I would like to implement an arbitrary script to be executed when logging
> > on via
2017 May 19
2
feature request: use HOME before getpwnam() in misc.c
I'm using bash. The shell does the correct thing.?
Sorry ?didn't give the use case clearly.?
I'm talking about the use of tilde inside client config. ?The example was to illustrate desired behavior. Ssh itself does not eval tilde with any consideration for environment. That is the problem.?
? Original Message ?
From: Gert Doering
Sent: Friday, May 19, 2017 02:19
To: matthew patton
2002 Jun 28
1
[Bug 303] conftest fails to determine mmap anon shared
http://bugzilla.mindrot.org/show_bug.cgi?id=303
mouring at eviladmin.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From mouring at eviladmin.org
2003 Jul 02
7
Fw: Problem/bug report for "bad decrypted len" error in OpenSSH
Markus and Damien,
here is a more detailed explanation about BUG report at
"http://bugzilla.mindrot.org/show_bug.cgi?id=592" concerning
"bad decrypted len" error in OpenSSH:
If anyone wants to do a private key sign, and the key is located in a device
or the Microsoft certificate store in which the private key cannot be
accessed directly ( you cannot access the private key