similar to: [PATCH] tcp-wrappers support extended to x11 forwards

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

hi, this can be applied to the latest portable CVS. by default bind sshd fake display to localhost. [stevesk at jenny stevesk]$ uname -sr HP-UX B.11.11 [stevesk at jenny stevesk]$ echo $DISPLAY localhost:14.0 [stevesk at jenny stevesk]$ netstat -an|grep 6014 tcp 0 0 127.0.0.1.6014 *.* LISTEN this is currently controlled with sshd_config gatewayports;

OpenSSH 5.1p1 I can't grasp why, when connecting with 'ssh -Y' to this test host, I am not tickling the verbose() call below that I have added. I am logging as auth + verbose in sshd_config The X11 forward for the session works fine as tested with xterm. At any rate, I am looking for some guidance on where to log X11 forwards that are established, ideally with a username and remote

Hi, This also has been discussed in SSHSCI's SSH context. All SSH versions (both SSHSCI and OpenSSH) derive value for DISPLAY variable from `uname -n`. The problem is that the returned value is not necessarily resolvable to a valid IP number which in turn might cause a failure. To make it fool-proof I suggest to set DISPLAY to the interface's address the user has reached the system in

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

http://bugzilla.mindrot.org/show_bug.cgi?id=101 Summary: session.c modifications for correct UNICOS behavior Product: Portable OpenSSH Version: 3.0.2p1 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

Hello, Was looking in the archives... and haven't seen this one listed. When I compile openssh-1.2pre17 on AIX v4.3.3 with the native compiler I get the following errors. I haven't see this __attribute__ code.. What compiler/libraries are needed to compile this? I have seen that people have compiled openssh on AIX.. Just wondering what you have used. # make cc -g

Hello, I upgraded (?) one of my machines to Linux kernel 2.4.0-test9, and sshd started failing. Specifically, the sshd child processes would segfault if a user requested X11 forwarding. I tracked the problem down to these bits of code: channels.c, x11_create_display_inet, line 1738: sock = socket(ai->ai_family, SOCK_STREAM, 0); if (sock < 0) { if (errno != EINVAL) {

Hi! At compilation of the openssh-2.9.9p2 with Solaris WorkShop 6.01 the following compilation error was given out. /opt/SUNWspro/bin/cc -Xa -xF -xCC -xildoff -xarch=v9 -xchip=ultra -dalign -I/usr/include/v9 -D_REENTRANT -xO2 -I. -I. -I/usr/local/include -DETCDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"

Jim Klimov <jimklimov+nut at gmail.com> writes: > By the way, on the NUT CI farm the libwrap is present on some (though not > all) systems - covering linux, freebsd, openindiana... and neither > complained about `sockdebug` :\ > > What version do you have? Maybe it is some alternate implementation? Looks like 7.4, as amended in NetBSD over the years. Looks like the

Hi, 2.0 compiles fine in Solaris but and I've found only one glitch so far. Tcpwapper support needs some tweaks. I need to add CPPFLAGS=/usr/sfw/include because tcpd.h is in there. Then also LDFLAGS='-R/usr/sfw/lib -L/usr/sfw/lib' is needed. It would be nice to have --with-tcpwrap-dir or something. After this linking gives an error Undefined first referenced symbol in file

By the way, on the NUT CI farm the libwrap is present on some (though not all) systems - covering linux, freebsd, openindiana... and neither complained about `sockdebug` :\ What version do you have? Maybe it is some alternate implementation? Jim On Thu, Nov 9, 2023 at 3:44?PM Greg Troxel <gdt at lexort.com> wrote: > I am (belatedly) updating pkgsrc to 2.8.1 (+ bugfix). > >

Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I haven't been able to figure out what changed in the code, but the symptom seems to be that the TTY name being registered with SIA is truncated to eight characters. This apparently prevents it from matching with entries in the tty database, and the dreaded "Cannot obtain database information on this terminal

Hello, I tried building OpenSSH-2.9p1 on AIX 4.3.3(ML6) with gcc. I included the --with-tcp-wrappers flag in configure. Configure went just fine, make went just fine, but 'make install' failed with the following error: exec(): 0509-036 Cannot load program ./ssh-keygen because of the following errors: 0509-130 Symbol resolution failed for /usr/local/lib/libwrap.a(libwrap.so)

The patch below implements a couple of features which are useful in an environment where users do not have a regular shell login. It allows you to selectively disable certain features on a system-wide level for users with a certain shell; it also allows you to control and audit TCP forwarding in more detail. Our system is an email server with a menu for the login shell; we selectively allow port

Hi all, After the memory leaks (bug 1967 <https://bugzilla.mindrot.org/show_bug.cgi?id=1967>) I reported in bugzilla are fixed, I also applied melton(http://lcs.ios.ac.cn/~xuzb/melton.html) to detect the potential bugs in sshd (openssh-5.9p1). The url below is the index of bug reports that are checked as real bugs manually.

I am (belatedly) updating pkgsrc to 2.8.1 (+ bugfix). (FWIW, I think a 2.8.1.1 or 2.8.2 immediately with the fix is in order. >From a packaging viewpoint, the effort to update for a release is about 3 minutes plus time to adapt anythhing that has changed. So I'd much rather have releases more often.) In the pkgsrc build, nut finds tcp wrappers because they are part of the base system.

Thanks, I think it would not hurt to add the variables into the source if that helps? A bit puzzled why it wants TCP wrappers though, the program is primarily about the Unix socket access. It can be used by end-users or more likely by developers for troubleshooting; potentially for some automations that act like a NUT driver. Not intended as a prime-time mechanism, but could have its uses... As

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

On Mon, Jul 23, 2001 at 12:49:14AM +0100, Matthew Vernon wrote: > ------- start of forwarded message ------- > From: <mouring at etoh.eviladmin.org> > To: Matthew Vernon <matthew at empire.ucam.org> > cc: <openssh-unix-dev at mindrot.org> > Subject: Re: [patch] GNU/Hurd compatibility patches > Date: Sun, 22 Jul 2001 12:39:32 -0500 (CDT) > > > We