similar to: [PATCH]: Fix potential security hole in Cygwin version

Hi, the following patch checks if OpenSSH is running under a Cygwin version >= 1.3.2 which allows switching user context without password. Otherwise sshd allows changing the user context only if password authentication is used as it was before. Corinna Index: openbsd-compat/bsd-cygwin_util.c =================================================================== RCS file:

Hi, the following patch removes some of the Cygwin specific code from OpenSSH. Since Cygwin is able to change the user context on NT/W2K even without a password since the new Cygwin version 1.3.2, there's no need anymore to allow changing the user context only if the sshd user is the same user as the one which logs in or when a password is given. For that reason the whole function

Hi, the attached patch file contains two patches in one: - contrib/cygwin/ssh-host-config: Create sshd_config according to latest changes. - openbsd-compat/bsd-cygwin_util.c: Rewrite a bit to allow easier retrieval of Cygwin capabilities from version number (uname). For Cygwin versions beginning with API minor version 56 assume ntsec being on by default. Thanks in advance for applying

Hi, the following patch rearranges some checkings in bsd-cygwin-util.c to keep in sync with Cygwin versions. I moved the uname() check into it's own function so that it's easier to add further checks when necessary. Corinna Index: openbsd-compat/bsd-cygwin_util.c =================================================================== RCS file:

Hi, attached is a patch which solves the following problem: Sometimes scp could hang in Cygwin when used as remote end using the -t option. This is due to a binmode/textmode problem which could be raised by the login shell which is used by the user and it's setting of textmode on stdin. The patch solves that problem by explicitly setting binmode on stdin. Besides solving the hanging

Hi, the following patch is a (hopefully least intrusive) extension when sshd is started so that it daemonizes itself. In that case Windows 9x/Me has a slight problem with sshd as soon as the current user logs off. The sshd daemon will be killed as well. Since installing services is very different between NT and 9x, the way used for NT boxes isn't working well for 9x. For that reason

Hi, is it possible to apply the below patch before 3.8.1p1 comes out? Due to a posting on the Cygwin mailing list it turned out, that the prerequisites to allow public key authentication where to tight. Since Cygwin version 1.5.x the so called `ntsec' setting isn't require anymore to allow switching user context without password. The below patch to bsd-cygwin_util.c fixes the test for

Attached is the patch for the Cygwin port of 2.2.0p1. As usual I didn't attach the patch to `configure' but only the patch to `configure.in'. BTW: I have attached a gzip'd version of the patch since it's size is > 20K and I thought that it might be too big. The gzip'd diff is < 8K. What are "Small attachments (such as diff files) within the bounds of common

I had to update the Cygwin port for two reasons: - scp could fail because of another textmode/binmode problem. - Privileged ports are not privileged on Windows and there's no coherence between privileged user and uid 0. So I send the complete patch again with the above changes. ChangeLog: ========== - Makefile.in: Changed to support $EXEEXT transparently. Added `cygwin_util.o' to

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

On Feb 22 16:02, Darren Tucker wrote: > On Fri, Feb 22, 2019 at 03:32:43PM +1100, Darren Tucker wrote: > > On Wed, 20 Feb 2019 at 23:54, Corinna Vinschen <vinschen at redhat.com> wrote: > > > The previous revert enabled case-insensitive user names again. This > > > patch implements the case-insensitive user and group name matching. > > > To allow Unicode

Hi, I have left this slip through already too long. When compiling openbsd-compat/bsd-cygwin_util.c, the following warnings appear: openbsd-compat/bsd-cygwin_util.c: In function `binary_open': openbsd-compat/bsd-cygwin_util.c:67: warning: implicit declaration of function `open' openbsd-compat/bsd-cygwin_util.c: In function `binary_pipe': openbsd-compat/bsd-cygwin_util.c:73:

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

Windows usernames are case-insensitive and almost any Unicode character is allowed in a username. The user should be able to login with her username given in any case and not be refused. However, this opens up a security problem in terms of the sshd_config Match rules. The match rules for user and group names have to operate case-insensitive as well, otherwise the user can override her settings

Hi All, While testing another patch, I found that I could not longer log in as root, even if PermitRootLogin was yes. It seems to be the following code in auth_password: $ cvs diff -r1.48 -r1.49 auth-passwd.c [snip] #ifndef HAVE_CYGWIN - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + if (pw->pw_uid == 0 && options.permit_root_login !=

OpenBSD tree is heading into a lock and this includes OpenSSH. So we are winding up for a 3.5 release. If we can get people to test the current snapshots and report any problems that would improve the odds that your platform won't be broke for 3.5. Issues I know off of right now. 1. I can't test NeXT. So I TRULY need someone in that community to test for me. Last I heard there was

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));

----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> ----- Date: Fri, 2 May 2003 14:01:33 +0200 From: Andrea Barisani <lcars at infis.univ.trieste.it> To: openssh at openssh.com Subject: openssh 3.6.1_p2 problem with pam Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour: # ssh -l lcars mybox [2 seconds delay] lcars at mybox's

Hi, could somebody apply the below patch, please? It removes a couple of environment variables which are propagated to the child process so far, but which not really necessary to keep child processes running. What's left now is the bare minimum which is requested by scripts, typically. Thanks, Corinna Index: openbsd-compat/bsd-cygwin_util.c

BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's authentication library. However, BSDI's patches have several problems: 1. They don't run the approval phase, so they can allow users to login who aren't supposed to be able to. 2. They don't patch configure to automatically detect the BSDI auth system, so they're not ready to use in a general portable