similar to: Purpose of check_openssl_version?

Displaying 20 results from an estimated 30000 matches similar to: "Purpose of check_openssl_version?"

2001 Sep 10
4
scp doesn't work with large (>2GB) files
Hi, A bug I've had reported is that scp doesn't work with large files (Debian bug number 106809). The problem seems to be scp.c:504: if ((fd = open(name, O_RDONLY, 0)) < 0) Is there some reason why making that if ((fd = open(name, O_RDONLY|O_LARGEFILE, 0)) < 0) would break things? It seems a simple fix to me... Thanks, Matthew -- "At least you know where you are
2001 Jun 07
2
Patch to enable multiple possible sources of entropy
I have a need to have the same OpenSSH binaries run on multiple machines which are administered by different people. That means on Solaris, for example, there will be some with /dev/random, some on which I can run prngd because they'll be installing my binaries as root, and some which will have neither because they will be only installed as non-root. Below is a patch to enable choosing all 3
2001 Jul 22
1
[patch] ignore SSH2_MSG_IGNORE packets
Hi, protocolkeepalives sends ssh_msg_ignore, which the ssh2 server handles incorrectly (i.e. it produces some output to syslog, instead of ignoring the packet): Jul 9 11:58:07 ren sshd[16580]: error: Hm, dispatch protocol error: type 32 plen 4 This patch implements a highly advanced function to ignore these packets ;) Matthew -------------- next part -------------- An embedded and
2001 Jul 22
1
[patch] add -1 and -2 options to scp
Hi, Several people have asked that scp support the -1 and -2 options, so I wrote this patch. Cheers, Matthew -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: scp.diff Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010722/7e096fab/attachment.ksh -------------- next part -------------- -- "At least you know
2001 Sep 27
3
[PATCH] ssh-copy-id should do chmod go-w
Hi, quick patch to ssh-copy-id to make it set the file modes more correctly. Thanks, Matthew --- contrib/ssh-copy-id.orig Thu Sep 27 21:47:44 2001 +++ contrib/ssh-copy-id Thu Sep 27 21:47:52 2001 @@ -33,7 +33,7 @@ exit 1 fi -{ eval "$GET_ID" ; } | ssh $1 "test -d .ssh || mkdir .ssh ; cat >> .ssh/authori zed_keys ; chmod g-w . .ssh .ssh/authorized_keys" +{ eval
2001 Jul 21
5
Failed X11 authentication does the wrong thing
Hi, if I do the following: ssh -X localhost su - another_user xterm I get: X connection to ming:10.0 broken (explicit kill or server shutdown). Where what is really wanted was something like: Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server xterm Xt error: Can't open display: :0.0 'tis easy to reproduce the bug, but the debug
2001 Dec 01
1
mips/mipsel problem
Hi, There seems to be a problem with the arc4random code on mips/mipsel, producing the following error message: Couldn't obtain random bytes (error 604389476) To quote the bug submitter: "On mips and mipsel, the above error message is frequently seen when calling ssh with a command, usually several times in rapid succession, although that is not always the case. The error appears to
2001 Jul 21
2
ChallengeResponseAuthentication - typos and inconsistancies?
Hi, It seems from the source code that there are a couple of quirks with this option: firstly, in the code it's mis-spelt as "challenge_reponse_authentication" and secondly, the default for the client (in readconf.c) seems to be off, whereas for the server (servconf.c) seems to be on: readconf.c: if (options->challenge_reponse_authentication == -1) readconf.c:
2001 Sep 28
3
OpenSSH (portable) and entropy gathering
On Thu, 27 Sep 2001 20:41:05 EDT, Damien Miller writes: > On Thu, 27 Sep 2001, Dan Astoorian wrote: > > > > > It would (IMHO) be useful if there were a way to optionally configure > > that code to fall back to the internal entropy gathering routines in the > > event that EGD was not available; as it is, the routines simply fail if > > EGD is unavailable at the
2001 Jul 22
1
[patch] GNU/Hurd compatibility patches
Hi, These patches are from Robert Bihlmeyer to make ssh build on Hurd. If you have queries about them, I suggest contacting debian-hurd at lists.debian.org. Cheers, Matthew -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: openssh-2.9-hurd.diff Url:
2001 Jul 21
1
Defaults for protocol and ssh-keygen (and an introduction)
Hi, I have recently taken over as Debian maintainer for ssh. This means you're going to be getting lots of mail from me in the near future :-) I'm aiming to be a little more active than the last maintainer, but the Debian packages were really out of date, so I've quite a lot of work (and probably some old bugs) to deal with. Anyhow, onto the first question. ssh these days uses
2001 Jul 22
1
[patch] VPN enhancements
Hi, This patch (mostly my work, except for protocolkeepalives, which rjk at greenend.org.uk wrote for 2.5, and I forward-ported) came out our usage for VPN tunnels of ssh, where it was useful for ssh to notice if the server went away. It includes documentation, and is pretty self-explanatory. Matthew -------------- next part -------------- An embedded and charset-unspecified text was
2001 Jul 22
1
[patch] document location of identity files
Hi, Quick change to ssh.1 to document ~/.ssh/identity_rsa and _dsa. Cheers, Matthew -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: sshman.diff Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010722/a6d628e2/attachment.ksh -------------- next part -------------- -- "At least you know where you are with
2001 Aug 23
1
-q option doesn't do what it says in the man page?
Hi, Man page: -q Quiet mode. Causes all warning and diagnostic messages to be suppressed. Only fatal errors are displayed. But in log.h: typedef enum { SYSLOG_LEVEL_QUIET, SYSLOG_LEVEL_FATAL, so in log.c: void do_log(LogLevel level, const char *fmt, va_list args) { char msgbuf[MSGBUFSIZ]; char fmtbuf[MSGBUFSIZ]; char *txt = NULL; int pri = LOG_INFO; if (level
2001 Sep 27
1
[PATCH] document scp -r better
Hi, Patch from Adam McKenna (via Debian BTS) to improve how we document scp -r: --- scp.1.orig Thu Sep 27 21:28:12 2001 +++ scp.1 Thu Sep 27 21:29:22 2001 @@ -72,7 +72,9 @@ Preserves modification times, access times, and modes from the original file. .It Fl r -Recursively copy entire directories. +Recursively copy entire directories. A trailing slash (/) on a source file +name means
2002 Jun 26
3
pam session as root
Beyond any more general questions of whether pam sessions *should* be run as root, is there an immediate security concern with moving the pam_open_session (and pam_setcred) stuff to the parent (root) process? (E.g., via the patch below.) -- Mike Stone diff -u -r1.4 auth-pam.c --- auth-pam.c 25 Jun 2002 00:45:33 -0000 1.4 +++ auth-pam.c 25 Jun 2002 20:33:41 -0000 @@ -286,6 +286,8 @@
2019 Mar 23
2
Is this assumption correct?
Hello list we encounter a weird SSL issue with one of our dovecot (2.2.24 on Centos6) which we can only explain if our assumtion is correct Symptoms are that imaps connections (on port 993) suddenly get veeeery slow. Up to 180s for one connection with openssl s_client The thing we do not understand is that in the same time imap connections with starttls are just 1s. We can see that entropy on the
2001 Nov 02
7
Entropy and DSA keys
I remember a discussion to the effect that using DSA keys in sshd increases the requirement for random bits available on the system... and that this requirement (was it a 128 bit random number per connection?) presents security problems on systems that don't have a decent source of entropy? Am I misinterpreting those discussions? We are having a problem deploying sshd (no prngd) where sshd
2001 Dec 21
6
Killing the builtin entropy code
Over the holidays, I intend to finally rid portable OpenSSH of the builtin entropy collection code. Here's what I intend to do: When init_rng is called, we'll check OpenSSL's RAND_status(). If this indicates that their PRNG is already seeded, we'll do nothing. This effectively detects platforms which have /dev/urandom (or similar) configured into OpenSSL. If OpenSSL isn't
2002 Jan 22
4
ssh-rand-helper
Now that ssh-rand-helper has been segregated into a separate program, I'd like to revisit an old question about its entropy gathering. - would it be desirable to make it possible for ssh-rand-helper to fall back to external commands if PRNGD cannot be reached, instead of choosing one or the other at compile time? - When using PRNGD, the program gets 48 bytes of entropy from PRNGD,