similar to: Patch to add "warn" value to ForwardX11 and ForwardAgent

this (uncomplete) patch makes various features compile time options and saves up to 24K in the resulting ssh/sshd binaries. i don't know whether this should be added to the CVS since it makes the code less readable. perhaps WITH_COMPRESSION should be added, since it removes the dependency on libz -m Index: Makefile.inc =================================================================== RCS

Hi OpenSSH developers I use OpenSSH under FreeBSD. It's cool and useful for me. By the way, sample line of ForwardX11 in ssh_config was not fit for default setting in readconf.c. I want to change ssh_config. ---------- In ssh source (src/usr.bin/ssh/readconf.c), currently ForwardX11 is disabled. 731 if (options->forward_x11 == -1) 732

The patch below implements a couple of features which are useful in an environment where users do not have a regular shell login. It allows you to selectively disable certain features on a system-wide level for users with a certain shell; it also allows you to control and audit TCP forwarding in more detail. Our system is an email server with a menu for the login shell; we selectively allow port

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

Hi all, I'm very new in this list, as looking for codes to plug up the lack of functionality of "Protocol 2 Remote Forwardig". Fortunately, I could find it in MARC's archive. Mr. Jarno Huuskonen posted the codes in Sept, last year, and I tried applying it to my FreeBSD box environment. I couldn't apply an original patch, of course, for incompatibility of virsion. The

this is the proposed gssapi diff against OpenSSH-current (non-portable). note: if this goes in, the old krb5 auth (ssh.com compatible) will be removed. please comment. jakob Index: auth.h =================================================================== RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v retrieving revision 1.1.1.2 retrieving revision 1.3 diff -u -r1.1.1.2 -r1.3 --- auth.h

Hi ! Here's a patch to add remote port forwarding support (protocol 2) for openssh. I have tried to test that it works like it should but a more thorough testing is needed. This patch adds both client/server support. The patch should be applied to openssh-2.1.1p4 source tree. Also included is a PortForwarding sshd_config option, new ./configure option --disable-forwarding that should make it

Hey All, Found a very minor problem with client implementation of KerberosTgtPassing command line flag in ssh.c (first diff). We also made some readability patches to the config files and manpages to make the option clearer (the remainder of the diffs). diffs are against -current Index: ssh.c =================================================================== RCS file:

https://bugzilla.mindrot.org/show_bug.cgi?id=3555 Bug ID: 3555 Summary: ForwardAgent doesn't work under Match canonical Product: Portable OpenSSH Version: 8.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2438 Bug ID: 2438 Summary: Warn about using ForwardAgent with all hosts Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

Hi, At the n2k10 OpenBSD network hackathon, I finally got some time to clean up and rewrite the ssh(1) client multiplexing code. The attached diffs (one for portable OpenSSH, one for OpenBSD) are the result, and they need some testing. The revised multiplexing code uses a better protocol between the master and slave processes and I even bothered to write it up :) It tracks the control sockets

It seems that users may be disclosing unintended public key info when logging into remote hosts. Use of the words keypair/keyid/etc have been bastardized. Signature is likely better. Note also, the author may be without clue. Setup: [g] - refers to an administrative group of hosts [n] - refers to a host within that group ws[g][n] - management workstations [trusted] User ssh-add's keys for

https://bugzilla.mindrot.org/show_bug.cgi?id=1682 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org CC| |djm at mindrot.org, |

https://bugzilla.mindrot.org/show_bug.cgi?id=1997 chrysn at fsfe.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |chrysn at fsfe.org --- Comment #3 from chrysn at fsfe.org --- Given the approach of distinguishing sockets based on their QoS has not led

https://bugzilla.mindrot.org/show_bug.cgi?id=1997 --- Comment #4 from Peter Lebbing <peter at digitalbrains.com> --- (In reply to chrysn from comment #3) Sorry for not replying sooner, it slipped my mind! > Would a patch to add a "%I" for "1 for interactive sessions, 0 > otherwise" to the expansion be generally acceptable? Peter, would it > still serve your

https://bugzilla.mindrot.org/show_bug.cgi?id=1499 Simon Arlott <bugzilla.mindrot-org.simon at arlott.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bugzilla.mindrot-org.simon@ | |arlott.org ---

https://bugzilla.mindrot.org/show_bug.cgi?id=1499 Summary: Add "ForwardAgent ask" to ssh_config Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs

Hi, I usually have around 10 identities loaded in my local ssh-agent and when I use the "ForwardAgent" option all them are forwarded to the remote server, which is not ideal. I usually only need to forward one (or two) of the identities and I would like to be able to choose which one(s) to forward. Looking for solutions it seems that the only option is to create a new ssh-agent, add

As you know, revoking RSA/DSA keys in an SSH environment requires editing all authorized_keys and authorized_keys2 files that reference those public keys. This is, well, difficult at best but certainly very obnoxious, particularly in a large environment. SSH key management is difficult. This patch simplifies key management wherever GSS-API/Kerberos is used and is general enough to be used with

https://bugzilla.mindrot.org/show_bug.cgi?id=1682 Summary: verbose log message unclear when X11 forwarding denied Product: Portable OpenSSH Version: 5.3p1 Platform: All OS/Version: NetBSD Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org