similar to: README and zlib

Solaris 2.5 does not seem to define MAXHOSTNAMELEN, and a compilation of vanilla OpenSSH 2.9.9p2 fails: > gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. > -I/usr/local/ssl/include -I/usr/local/include > -DETCDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" > -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" >

My port forwarding changes require an authorization (authentication) context in channel_connect_to(). I'd like to change the dispatch_* functions so that they accept an Authctxt * instead of a void * (this parameter is already used this way). In addition, I'd have to pass the authctxt all the way down to channel_connect_to(). As a side effect, it's possible to get rid of the global

The patch below fixes a compile-time warning in readpass.c. MIME-Version: 1.0 Content-Type: application/aegis-patch Subject: openssh.2 - Fix warning in readpass.c Content-Name: openssh.2.C010.patch Content-Disposition: attachment; filename=openssh.2.C010.patch X-Aegis-Project-Name: openssh.2 X-Aegis-Change-Number: 10 # # Fix the following warning in readpass.c: # # readpass.c: In function

If the source and destination file are identical, the receiving scp truncates the file. On the sending end, read() returns 0, and garbage is sent instead of actual data, and the receiving end puts it into the file, which at least confuses the users. -- Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/

I've just discovered the permitopen flag. We need such a feature for our poor man's VPN services, but this flag seems to be usable only if you generate your authorized_keys file from a database or something like that: keeping a long list of host/port combinations up to date for several users and keys is no fun. As announced before, we have developed a far more powerful mechanism for

The server daemon writes the following error message to the syslog (running on a HP 9000/712/80 box): | Mar 28 18:01:54 <server> sshd[755]: Did not receive ident string from <client-ip>. Any suggestions? This happens if I connect using OpenSSH from the same box or another one (running the Linux version of OpenSSH). BTW: OpenSSH didn't compile out-of-the-box. I had to disable

Hi, we are using usernames on our systems that contain a point '.', like "r.john". We found it necessary to patch the source to make the "scp" command work with those usernames. Cheers Kai --- openssh-2.2.0p1/scp.c Wed Aug 30 01:11:30 2000 +++ withpoint/scp.c Mon Dec 11 02:06:35 2000 @@ -1042,7 +1042,7 @@ c = *cp; if (c & 0200) goto bad; - if

Hi all, We are in the process of compiling OpenSSH for our product UWIN which is very similar to cygwin. ======================================================= Here is a brief description about UWIN: Wipro UWIN is a Unix to Windows migration toolkit that gives you most features of a traditional Unix operating system on Windows NT and Windows 95/98. Features include pipes, hard file links, Unix

Secure FTP through SecureFX 1.8B3: issues (Using OpenSSH 2.1.1p2) I downloaded the latest SecureFX because it now claims support for OpenSSH. I'm like cool, now I'll finally be able to secure my ftp on my gateway. First off, I really like the new configure. Everything went ok, I could ssh into the box just fine. Unfortunately ftp didn't work work through SecureFX. I would get

After browsing "Remote timing attacks are practical" (Boneh & Brumley, <http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html>), I wonder if it might be a good idea to add calls to RSA_blinding_on() before the OpenSSL RSA decryption routines are invoked. The issue is not a LAN-only issue, BTW. Packet delay variation is usually higher in LANs than in WANs. -- Florian

hi folks, right now im implementing a quick hack to restrict ports the server will allow to be forwarded. This is to heighten security from clients accessing a server behind a firewall and as far as I could tell this is not possible with ssh so far. I think this is a reasonable feature for a release and shouldnt be too hard to implement in a way that follows the setup already used in the

I'm curious as to whether or not there is a way to restrict forwarded ports server side. For instance, I'm running an IRC server and am allowing users to connect via ssh forwarding (so I can take advantange of using openssh's public key method for authentication). Each client I tell to setup their ~/.ssh/config in a certain way, but the relevant line is: LocalForward 6667

http://bugzilla.netfilter.org/show_bug.cgi?id=759 Summary: "iptables -m recent" crashes a LXC host on lxc-stop Product: netfilter/iptables Version: linux-2.6.x Platform: x86_64 OS/Version: Ubuntu Status: NEW Severity: critical Priority: P5 Component: ip_tables (kernel) AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=377 Summary: Reduce compiler warnings. Use unsigned args to the ctype.h is*() macros. Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: trivial Priority: P2 Component: Miscellaneous

I have a problem compiling openssh 2.3.0p1 The configure script runs fine then if you see below; when I compile it dies: Manual pages: /usr/local/man/manX PID file: /usr/local/etc Random number collection: Builtin (timeout 200) Manpage format: man PAM support: yes KerberosIV support: no

I need to setup something for a group of CAD guys to provide a web interface for clients/customers to send files to them. I was hoping to have an interface where the customer would be given a logon and it would email a link to the employee upon his successful upload. This would require an internal facing site to provision a slot to give to a customer. Anyone know of a project like this so I

Hi, I'd like to bring this up again as there has been discussion about 2.4.0 patches. Getting something this big in would probably delay the release too much, but something similar should be considered for 2.5 then. A lot of people would like some control over port forwarding. Florian Weimer's patches (http://cert.uni-stuttgart.de/files/openssh/) are one, rather "big"

Hello, samba. I upgraded samba 2.2.5 to samba 2.2.6 in Debian 3.0. Both versions was built myself by script "rules binary". Before: Our network have a few of W2KSP2.rus and a few of W2KSP2RP1.rus. All workstations can logon to samba 2.2.5. After: W2KSP2.rus can't login to samba 2.2.6, though W2KSP2RP1.rus still can logon to PDC on samba 2.2.6. W2KSP2 tells me, that it can not find

On Fri, Feb 21, 2020 at 04:00:30PM +0100, Florian Weimer wrote: > * Richard W. M. Jones: > > > On Fri, Feb 21, 2020 at 01:19:34PM +0100, Florian Weimer wrote: > >> I think what confuses me is that keep talking about a single binary, but > >> clearly there is this separate vddk DSO, and there is talk of plugins. > >> So it seems to me that multiple files are

On Sun, Jun 14, 2009 at 10:50 AM, Florian Weimer<fw at deneb.enyo.de> wrote: > Is this really a problem for MLton?  I think you only get less precise > alias analysis, and that's it. Correct. However, I want a fair comparison between LLVM performance and the native x86 codegen. If I don't give LLVM the same information the x86 codegen has, it's an unfair comparison.