similar to: pubkey auth with NFS home on AIX

I have just uploaded a new snapshot to: http://www.mindrot.org/misc/openssh/openssh-SNAP-20001114.tar.gz This snapshot includes Markus Friedl's new SSH2 RSA authentication work and -R portforwarding for SSH2. Please give these a good test. The new RSA authentications works similar to the current SSH2 DSA keys, but requires a little modification to config files. Currently RSA key cannot be

I've discovered a problem with OpenSSH 2.9.9p2 under Solaris 2.5.1 . In auth.c, secure_filename() walks upwards toward the user's home directory or the filesystem root, verifying that no directories along the way are group or world writable. Solaris 2.5.1's dirname() function has a bug where dirname("/.ssh") returns an empty string instead of "/". This causes

I've attached a patch relative to OpenSSH 2.5.1p1 which sets the default PAM service name to __progname instead of the hard-coded value "sshd". This allows you to have multiple invokations of sshd under different names, each with its own PAM configuration. Please let me know if you have any questions or problems. -- Mark D. Roth <roth at feep.net> http://www.feep.net/~roth/

I've attached a patch for openssh-SNAP-20001028 which fixes the following two problems: 1) I fixed fixpaths to complain instead of failing silently if it can't write the output file. 2) I changed log-server.c to use av0 as the first argument to openlog(). I also made sure it called openlog() before the TCP wrapper stuff, because libwrap calls syslog() and winds up using the

Hello everyone, I have been given the task of working out a number of issues with OpenSSH for my company (Hertz). I have been following the mailing list for several days now and I'm beginning to compile a list of who is working on what. To make my task faster, it would nice if the people working on the following issues would drop me a email before I start to rewrite their code and get it

In 2.3.0, the per-user config file was read before the system-wide config file, so options set in ~/.ssh/config took precedence over system-wide defaults. In 2.9.9, the system-wide file seems to be read first, contrary to the man page (cf. ssh.c ll. 631-632). It seems to me that the old behaviour made more sense. (I discovered the change because I could not override a "ForwardX11"

http://bugzilla.mindrot.org/show_bug.cgi?id=220 ------- Additional Comments From markus at openbsd.org 2002-04-18 06:01 ------- i think i've seen this before and it was related to the realpath() implementation.... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

On Thu, 27 Sep 2001 20:41:05 EDT, Damien Miller writes: > On Thu, 27 Sep 2001, Dan Astoorian wrote: > > > > > It would (IMHO) be useful if there were a way to optionally configure > > that code to fall back to the internal entropy gathering routines in the > > event that EGD was not available; as it is, the routines simply fail if > > EGD is unavailable at the

Is there a way for a PAM module to force a client (and the server) to use kbd-interactive? As far as I can tell, when in the INITIAL_LOGIN phase, all communication with the client returns a PAM_CONV_ERR. I am trying to write a PAM module that will prompt a user for a second username and a second password in order for the module to succeed so that proper authentication relies on the ability

I've just compiled and installed openssh-2.9.9p2 (compiled against openssl-0.9.6b using gcc-3.0.0) on a Slackware 7-based Linux machine (kernel 2.4.6ac2). The previously installed version was 2.9p2, compiled against openssl-0.9.6a, also with gcc-3.0.0, but with a different build of gcc-3.0.0. Everything seems to work fine except for one problem: passphrase matching for ssh2 keys

Dear Patrick, Documentation on some AIX routines to do the same thing can be found at http://publib.boulder.ibm.com/infocenter/comphelp/v8v101/index.jsp?topic=/com.ibm.xlcpp8a.doc/proguide/ref/dynamic_load.htm. Interestingly enough, the same page suggests that AIX does, in fact, support dlopen() and friends for POSIX compatibility. You might need to find out if there's a header file or a

On Thu, 15 Nov 2001, Dan Astoorian wrote: > Date: Thu, 15 Nov 2001 16:09:20 -0500 > From: Dan Astoorian <djast at cs.toronto.edu> > To: Ed Phillips <ed at UDel.Edu> > Subject: Re: X11 cookies and forwarding > > On Thu, 15 Nov 2001 15:46:22 EST, Ed Phillips writes: > > I'm guess I wasn't following the whole cookies discussion completely > >

http://bugzilla.mindrot.org/show_bug.cgi?id=220 ------- Additional Comments From George.Baltz at noaa.gov 2002-06-20 01:23 ------- FWIW, I reported this to IBM Support, and they seem to agree realpath() is broken. I have received a patched libc.a, which in light testing seems to resolve the problem: public key login with perms 770 on ~/.ssh works. ------- You are receiving this mail

This is just portable todo list. From the sounds of it Markus has his own to do list. But can everyone review and let me know if there is anything missing from this list. (Note.. I'm not looking for 'SSH should support XYZ feature.' unless it's directly related to portability.) Or if there is anything on this list that has been completed. (Namely Tru64 SIA support?) Thanks.

Hi, AIX's implementation of posix_fallocate is a little bit, let me say, peculiar. Attached is a patch to "fix" (=work around) this. Without you'll see this in the logs: Jul 28 01:17:41 trevi mail:err|error dovecot: IMAP(beckerr): posix_fallocate() failed: File exists Jul 28 01:17:41 trevi mail:err|error dovecot: IMAP(beckerr): file_set_size() failed with mbox file

My colleagues and I believe we have found a problem in the auth.c:secure_filename() code which causes it to be more aggressive than intended. We first noticed the problem in OpenSSH-2.9.9. secure_filename() comments that the loop walking up the directory components stops if it is past the home directory. However, the filename argument to the function is canonicalized with realpath() while the

Hi Timo, Hello list, I've played around with dovecot-1.1.1 on AIX to get quotas (especially NFS quotas) to work. I've found that dovecot doesn't implement handling of 'mntctl' and so it is unable to determine filesystem mountpoints on AIX correctly. Your'll find more information about 'mntctl' here:

http://bugzilla.mindrot.org/show_bug.cgi?id=29 mouring at eviladmin.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE ------- Additional Comments From mouring at eviladmin.org

I've tried to get OpenSSH_3.7.1p2 to work over IPv6 under AIX 5.1.0 and 5.2.0 without success. If I configure sshd to listen to an IPv6 address it will take the uppermost 32 bits of the IPv6 address and interpret it as an IPv4 address. sshd_config: ------------ ListenAddress [2001:6b0:b:1::133] ListenAddress 130.238.4.133 ListenAddress 172.17.1.2 $ /usr/nbin/sshd -d -d -d debug2:

Hellow, members I want to use SAMBA with disk quota support on AIX machine, but have not succeeded yet. Are there any members who could succeeded setting up SAMBA on that environment? OS:AIX4.3.3 SAMBA:2.2.5 configure option:--with-quotas First, I configured AIX's quota environment, and confirmed quota worked fine. And I accessed to SAMBA, but disk size displayed on Windows explorer did