Displaying 20 results from an estimated 2000 matches similar to: "RhostsAuthentication?"
2002 Jun 25
0
getnameinfo(), PrivSep, FreeBSD 4.1.1
Hi,
I spent the last couple of hours scratching my head about a problem on
FreeBSD 4.1.1 with OpenSSH 3.3p1.
Without privsep:
debug1: Trying rhosts with RSA host authentication for client user gert
debug3: Trying to reverse map address 195.30.1.100.
debug1: Rhosts RSA authentication: canonical host moebius2.space.net
debug2: auth_rhosts2: clientuser gert hostname moebius2.space.net ipaddr
2002 Jul 25
0
openssh-unix-dev digest, Vol 1 #505 - 15 msgs
subscribe openssh-unix-dev at mindrot.org
> Send openssh-unix-dev mailing list submissions to
> openssh-unix-dev at mindrot.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> or, via email, send a message with subject or body 'help' to
> openssh-unix-dev-request at mindrot.org
>
2016 Mar 08
2
Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565
Hi Gert,
Thanks for your reply.
But we can't upgrade to 7.2 version also we don't have plan to upgrade in
near future. Can I fix these vulnerabilities in the current version?
Regards
Abhishek
On Tue, Mar 8, 2016 at 6:42 PM, Gert Doering <gert at greenie.muc.de> wrote:
> Hi,
>
> On Tue, Mar 08, 2016 at 06:14:01PM +0530, abhi dhiman wrote:
> > Actually I am working
2011 Aug 17
1
openssh-unix-dev Digest, Vol 100, Issue 3
Works on my netbsd tinkerbox.
NetBSD 5.0.2 NetBSD 5.0.2 (GENERIC)
It uses rlimit.
Privsep sandbox style: rlimit
I also get warnings during make.
fmt_scaled.c: In function 'scan_scaled':
fmt_scaled.c:84: warning: array subscript has type 'char'
fmt_scaled.c:111: warning: array subscript has type 'char'
fmt_scaled.c:155: warning: array subscript has type 'char'
2000 Dec 22
1
bug in sshd.d (destroy_sensitive_data core dumps)
Hi,
experimenting with openssh_cvs on my SCO Unix 3.2v4.2 machine, I had
sshd core dumping on me.
Tracking this, I found that if a host key is specified in the sshd_config
that does not exist (I used "./sshd -d -d -d -f sshd_config" with the
shipped sshd_config file, to work around incompatibilities with the
installed sshd.com's sshd_config, and I do not have ssh2 host keys on
2001 Feb 16
1
CVS and AIX
Hi,
trying "current CVS" on AIX 4.3.3, yields:
gcc -O2 -Wall -I/usr/local/include -I/gnulocal/include -I/gnu/include -I. -I./openbsd-compat -I. -DETCDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/gnu/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/gnu/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/gnu/libexec/sftp-server\" -DHAVE_CONFIG_H -c auth.c
auth.c: In
2000 Oct 30
2
Feature disappeared?
Hi,
working on tightening our network (somewhat) today, I found that OpenSSH
doesn't seem to have the "AllowSHosts" directive (in sshd_config) that
Commercial SSH (at least 1.2.25 & up) has.
Now I wonder whether that hasn't been implemented yet, or has been dropped
for a certain reason.
I find this very useful for what I want to achieve - inside the company
network,
2002 Mar 12
1
Disconnecting: Corrupted check bytes on input.
Hi,
just "cvs update"'d to get the latest portable version, to start
rebuilding our AIX systems to get zlib-1.1.4 and the channel-bug fix.
SSH protocol 2 seems to work nicely, ssh protocol 1 doesn't work properly.
Environment: AIX 4.3.3, openssl 0.9.6c, openssh as of today (Mar 12, 11:20
GMT).
Client/blowfish, to openssh 3.0p1 or to 2.5.1p1:
debug1: Encryption type: blowfish
2000 Dec 22
1
Makefile dependencies
Hi,
the openssh_cvs Makefile includes the following rules:
$(LIBSSH_OBJS): config.h
$(LIBOPENBSD_COMPAT_OBJS): config.h
but no equivalent for $(LIBSSHD_OBJS) - is this desired or an oversigt?
In my case, I built the sshd, tested it, reconfigured with SKEY support,
rebuilt (just running "make", no "make clean"), and tracked down the
non-working s/key for a while before I
2001 Feb 20
2
openssh wish list for 2.6.*
Hi,
something that I'd like to see for the next major release is "build
OpenSSH without installing zlib and openssl".
That is, I have a source tree with the following subdirectories:
.../src/zlib-1.1.3/
/openssl-0.9.6/
/openssh_cvs/
and want "configure", run from openssh_cvs, to be able to find the zlib
and openssl trees in the directory
2001 Nov 09
1
socklen_t - where?
Hi,
openssh_cvs as of today, SCO Open Server 3.0, socklen_t
this typedef doesn't exist on SCO OSR 3, and "configure" properly detects
this, leading to
/* #undef HAVE_SOCKLEN_T */
in config.h.
Problem: I can't find any place where this is actually being used? I'd
expect something like
#ifndef HAVE_SOCKLEN_T
typdef int socklen_t;
#endif
("int" is what the
2002 Mar 07
1
SCO 3 / CVS version
Hi,
just to give you a quick "success" note: current portable CVS snapshot
builds mostly fine on SCO3. The only remaining problem is truncate() in
sftp-server.c - SCO3 can replace ftruncate() with chsize() (detected by
configure and works), but has no truncate() equivalent.
Run-time testing tomorrow, but I do not expect nasty surprises.
gert
--
USENET is *not* the non-clickable
2016 Feb 17
5
Using 'ForceCommand' Option
Gert,
Thank you for the feedback. Can you give any further direction on where to
get more information on what you are describing?
On Wed, Feb 17, 2016 at 3:17 PM, Gert Doering <gert at greenie.muc.de> wrote:
> Hi,
>
> On Wed, Feb 17, 2016 at 12:59:57PM -0600, Lesley Kimmel wrote:
> > I would like to implement an arbitrary script to be executed when logging
> > on via
2001 Nov 15
1
ssh -2 and hostbasedauth
Hi,
I'm trying to figure out how to read OpenSSH's log files (to assist
our people in diagnosing "why is it always asking me for passwords").
All clients and servers are 3.0p1.
First: server does not have the client's RSA2 key in known_host.
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got
2006 Nov 01
0
No subject
(yet-unknown) server key, but just checking all possible locations, not
finding the key, and giving up.
I have seen a similar effect on a system that had a /dev/tty entry that
was not world-writeable (thus the ssh client couldn't open it to ask for
a confirmation).
The effect will also happen if you have "StrictHostKeyChecking yes" in
ssh_config - set that to "ask",
2001 Mar 08
0
PRNGD/TCP
Hi,
On Wed, Mar 07, 2001 at 10:05:07AM +1100, Damien Miller wrote:
> > now to patching openssh to actually *use* prngd/socket... :-)
> Was done last week - use the "--with-prngd-port=XXX" configure option.
OpenSSH + PRNGD + SCO3 seem to work nicely. Thanks!
One other thing: I'm not fully convinced that current OpenSSH does
everything right regarding utmp/wtmp on SCO3
2001 Aug 30
0
Force S/Key for all but known hosts?
Hi,
I'm not sure if what I'm thinking of is doable with current OpenSSH's,
and if yes, how.
I want to force our users to use S/Key-Authentication, but only if they
do not come from "known hosts". "known hosts" could be hosts that
are listed via IP address ("network 192.168.0.0/24") or hosts that are
listed in ssh_known_hosts - this doesn't really
2002 Jun 25
0
version.h of portable says "3.3"?
Hi,
version.h of the 3.3p1 portable release, and of (yesterday's) CVS tree
says
#define SSH_VERSION "OpenSSH_3.3"
and not "OpenSSH_3.3p1".
Is this an oversight, or are portable releases not tagged anymore? (I'm
asking because I used this to distinguish between the different FreeBSD
ports - "openbsd openssh" and "portable", which is harder
2002 Apr 02
3
PrivSep and portability
Hi,
I've seen a few patches related to the PrivSep works. As far as I can
see, it seems to work by using a shared memory segment to communicate.
I just want to point out that there are some unix systems that do not
have mmap() (SCO, older SVR3 systems) or that might have problems with
anonymous shared mmap() (don't have an examples, but e.g. the INN docs
are full of warnings concerning
2017 Oct 17
2
Status of OpenSSL 1.1 support
Hi,
On Tue, Oct 17, 2017 at 05:54:52AM -0600, The Doctor wrote:
> The best solution is if (LIBRESSL) || (OPENSSL < 1010...)
>
> Else
>
> Whatever.
>
> Is that too much work?
Littering code with #ifdef is almost never a good idea.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert