similar to: MaxStartups Confusion

The patch below (against openssh 3.2.3p1) adds a CheckMaxStartups option, defaulting to yes, to determine whether sshd calls drop_connection(). The motivation behind this is twofold. In our environment, our timesharing machines get enough incoming connections that will trigger spuriously with the default value (10 forked unauthenticated connections) as well as some significantly higher values,

https://bugzilla.mindrot.org/show_bug.cgi?id=3055 Bug ID: 3055 Summary: Need some high-probability logging re MaxStartups Product: Portable OpenSSH Version: 8.0p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

https://bugzilla.mindrot.org/show_bug.cgi?id=2613 Bug ID: 2613 Summary: Log connections dropped when MaxStartups is reached Product: Portable OpenSSH Version: 7.3p1 Hardware: Sparc OS: Solaris Status: NEW Severity: trivial Priority: P5 Component: sshd Assignee: unassigned-bugs

Hello, What is the effect of MaxStartups in the configuration file sshd_config? How this keyword effects the working of sshd? regards Kumaresh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020613/8306c832/attachment.html

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Heya, I'm trying to convince my company to use OpenSSH instead of the commercial SSH version. I need a little help: 1. What features does OpenSSH offer over commercial SSH (besides being free and open source of course)? 2. Our lawyers want details on the licensing / patents stuff. I have the high level details from the OpenSSH page. I need the nitty gritty like RSA patent# and

Can interested users please test the latest snapshot at http://www.mindrot.org/misc/junk/openssh-SNAP-2000071102.tar.gz It contains quite a few fixes for small problems that have been reported in the last few weeks. Pending feedback it is going to become 2.1.1p3 Regards, Damien Miller --------------- Changelog: 20000711 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

Hi, the following patch has been suggested by Mark Bradshaw <bradshaw at staff.crosswalk.com>. The simple concatenation of filenames in sftp client and server results in creating filenames beginning with double slashes when the cwd is the root directory: cwd: "/bar/baz" file: "foo" cwd + "/" + file = "/bar/baz/foo" cwd: "/" file:

On Tue, 3 May 2016, Rogan Dawes wrote: > Hi Damien, > Thanks for the response! > > I tried moving the StreamLocalBindUnlink directive outside of the Match > rule, and it worked. But that doesn't explain why the Match was not > correctly setting the directive: > > This is running on an alternate port with -ddd: > > debug3: checking match for 'User

While I was updating our ssh-servers, I rewrote my old patch that adds idletimeout (just like in old ssh1) parameter to openssh. Since reapplying the patch for all new versions of openssh is not fun at all, I would like to have it included in the official openssh, if you consider the patch worthy. Unlike ClientAlive, idletimeout works for both protocol versions. It also works together with

Hi, We serve a fairly substantial number[1] of ssh connections across our fleet.? We have hit MaxStartups limits in the past and bumped it up a few times (currently at 300), but we have no warning before the limit is reached and connections start being dropped.? What I would love is some sort of instrumentation that could let us see the highest number of concurrent pre-auth connections the

Hi, I'm unable to get Kerberos4 authentication working with openssh-3.4p1. I'm getting a message that privsep is not available on my platform (Irix 6.5.15) and another message stating that compression and privsep are mutually exclusive. But, ssh decided to turn off compression, I think because of servconf.c. I think it would be more usefull to have compression enabled and disable privsep

Dear all, I want to add a new option "newoption" to the sshd server, I have just add some codes in servconf.h and servconf.c like the other options. But it seems that the "newoption" can not be enable,when i set the "newoption" to "yes" in sshd_config file. I have add a debug message in main function of sshd.c .... debug("main sshd

The following is just a simple 'if ANON|SHARE is broken, disable compression'. We don't have time for fancy stuff until we have time for long term testing. I have one friend of mine testing this. Can I get a few other people to test. This is against --current, but maybe work against 3.3p1. Unsure. BTW.. those on NeXT platform (if you have autoreconf) should also test this. this

I append a patch against openssh-3.5p1.tar.gz which adds a config option PAMServiceName. The option allows one to specify the PAM service at runtime in the config file rather than using __progname or having it hardwired to SSHD_PAM_SERVICE at compile time. I expect this to be useful if one wants to run multiple instances of sshd using different PAM configurations. With this patch

Hi, It seems from the source code that there are a couple of quirks with this option: firstly, in the code it's mis-spelt as "challenge_reponse_authentication" and secondly, the default for the client (in readconf.c) seems to be off, whereas for the server (servconf.c) seems to be on: readconf.c: if (options->challenge_reponse_authentication == -1) readconf.c: