similar to: MAXHOSTNAMELEN and Solaris 2.5

My port forwarding changes require an authorization (authentication) context in channel_connect_to(). I'd like to change the dispatch_* functions so that they accept an Authctxt * instead of a void * (this parameter is already used this way). In addition, I'd have to pass the authctxt all the way down to channel_connect_to(). As a side effect, it's possible to get rid of the global

The patch below fixes a compile-time warning in readpass.c. MIME-Version: 1.0 Content-Type: application/aegis-patch Subject: openssh.2 - Fix warning in readpass.c Content-Name: openssh.2.C010.patch Content-Disposition: attachment; filename=openssh.2.C010.patch X-Aegis-Project-Name: openssh.2 X-Aegis-Change-Number: 10 # # Fix the following warning in readpass.c: # # readpass.c: In function

The README file seems to refer to an old location of zlib. The current one seems to be: http://www.gzip.org/zlib/ -- Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898

If the source and destination file are identical, the receiving scp truncates the file. On the sending end, read() returns 0, and garbage is sent instead of actual data, and the receiving end puts it into the file, which at least confuses the users. -- Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/

Hi, we are using usernames on our systems that contain a point '.', like "r.john". We found it necessary to patch the source to make the "scp" command work with those usernames. Cheers Kai --- openssh-2.2.0p1/scp.c Wed Aug 30 01:11:30 2000 +++ withpoint/scp.c Mon Dec 11 02:06:35 2000 @@ -1042,7 +1042,7 @@ c = *cp; if (c & 0200) goto bad; - if

Hi all, We are in the process of compiling OpenSSH for our product UWIN which is very similar to cygwin. ======================================================= Here is a brief description about UWIN: Wipro UWIN is a Unix to Windows migration toolkit that gives you most features of a traditional Unix operating system on Windows NT and Windows 95/98. Features include pipes, hard file links, Unix

Secure FTP through SecureFX 1.8B3: issues (Using OpenSSH 2.1.1p2) I downloaded the latest SecureFX because it now claims support for OpenSSH. I'm like cool, now I'll finally be able to secure my ftp on my gateway. First off, I really like the new configure. Everything went ok, I could ssh into the box just fine. Unfortunately ftp didn't work work through SecureFX. I would get

I've just discovered the permitopen flag. We need such a feature for our poor man's VPN services, but this flag seems to be usable only if you generate your authorized_keys file from a database or something like that: keeping a long list of host/port combinations up to date for several users and keys is no fun. As announced before, we have developed a far more powerful mechanism for

ChangeLog 20001230 - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination. Suggested by Christian Kurz <shorty at debain.org> This change causes compiler warnings on UnixWare 7, Solaris 7, others? ... gcc -g -O2 -Wall -I/usr/local/include -I/usr/local/ssl/include -I. -Isrc -DETCDI R=\"/usr/local/etc\" -DSSH_PROGRAM=\"/usr/local/bin/ssh\"

hi folks, right now im implementing a quick hack to restrict ports the server will allow to be forwarded. This is to heighten security from clients accessing a server behind a firewall and as far as I could tell this is not possible with ssh so far. I think this is a reasonable feature for a release and shouldnt be too hard to implement in a way that follows the setup already used in the

I'm curious as to whether or not there is a way to restrict forwarded ports server side. For instance, I'm running an IRC server and am allowing users to connect via ssh forwarding (so I can take advantange of using openssh's public key method for authentication). Each client I tell to setup their ~/.ssh/config in a certain way, but the relevant line is: LocalForward 6667

After browsing "Remote timing attacks are practical" (Boneh & Brumley, <http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html>), I wonder if it might be a good idea to add calls to RSA_blinding_on() before the OpenSSL RSA decryption routines are invoked. The issue is not a LAN-only issue, BTW. Packet delay variation is usually higher in LANs than in WANs. -- Florian

http://bugzilla.mindrot.org/show_bug.cgi?id=377 Summary: Reduce compiler warnings. Use unsigned args to the ctype.h is*() macros. Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: trivial Priority: P2 Component: Miscellaneous

As far as I know this patch has no security implications -- I don't believe that allowing sshd to use get_local_name() (in canohost.c) on a connected socket to determine it's own fqdn will allow a malicious client (or router or dns server) to make it come to the wrong conclusion. But please let me know if you think I'm wrong. Please also let me know if you're just not interested

Hi, I've gone and ported the latest version of openssh, 3.1p1, to GNU/Hurd. I've tried to learn from the other threads on this topic, but I still had to get rid of MAXHOSTNAMELEN where I could. James A. Morrison diff -urN openssh-3.1p1.old/Makefile.in openssh-3.1p1/Makefile.in --- openssh-3.1p1.old/Makefile.in Tue Feb 26 14:24:22 2002 +++ openssh-3.1p1/Makefile.in Tue Apr 9 16:16:49

On Tue, 24 Feb 2015, Tom G. Christensen wrote: > I've switched to HEAD in the git repo and it now builds on Solaris > 2.6, 7, 8 and 9 but the testsuite still cannot be built due to the > missing <err.h>. > > I noticed one of the changes was about HOST_NAME_MAX but I don't > think that change addresses the real issue on at least these old > Solaris systems. It

The server daemon writes the following error message to the syslog (running on a HP 9000/712/80 box): | Mar 28 18:01:54 <server> sshd[755]: Did not receive ident string from <client-ip>. Any suggestions? This happens if I connect using OpenSSH from the same box or another one (running the Linux version of OpenSSH). BTW: OpenSSH didn't compile out-of-the-box. I had to disable

I have a problem compiling openssh 2.3.0p1 The configure script runs fine then if you see below; when I compile it dies: Manual pages: /usr/local/man/manX PID file: /usr/local/etc Random number collection: Builtin (timeout 200) Manpage format: man PAM support: yes KerberosIV support: no

Damn, forgot the rest of the patch. Here it comes. diff -Nur openssh-2.2.0p1-/ssh-keygen.c openssh-2.2.0p1/ssh-keygen.c --- openssh-2.2.0p1-/ssh-keygen.c Wed Aug 23 02:46:24 2000 +++ openssh-2.2.0p1/ssh-keygen.c Sun Oct 29 16:44:50 2000 @@ -68,7 +68,7 @@ static const char *__progname = "ssh-keygen"; #endif /* HAVE___PROGNAME */ -char hostname[MAXHOSTNAMELEN]; +char

On Fri, Feb 21, 2020 at 04:00:30PM +0100, Florian Weimer wrote: > * Richard W. M. Jones: > > > On Fri, Feb 21, 2020 at 01:19:34PM +0100, Florian Weimer wrote: > >> I think what confuses me is that keep talking about a single binary, but > >> clearly there is this separate vddk DSO, and there is talk of plugins. > >> So it seems to me that multiple files are