similar to: Resolving error

Hello there, In OpenSSH 3.0.2p1 there is a strange name resolving bug: /etc/nsswitch.conf shows: hosts: files dns When I am trying to connect to a host that is in /etc/hosts using the hostname, ssh tries to first resolve this name using the dns, regardless to the resolve order in /etc/nsswitch.conf, if the dns is timeout or the machine is not connected to the Internet at this time -

Hello all, I just noticed that AllowHosts feature of SSH Inc's sshd isn't there in OpenSSH yet. Has anyone been working on this? Am I the only one that seems to miss this feature? AllowUsers and AllowGroups is a very nice feature though :) -- Pekka Savola "Tell me of difficulties surmounted, Pekka.Savola at netcore.fi not those you stumble over and

How do you enable hostbased authentication in OpenSSH? I have two Red Hat 7.3 machines running openssh-3.4p1, and I would like to be able to ssh from either of the machines to the other, as any user, without using passwords or per-user keys. My /etc/ssh/sshd_config contains: [...] IgnoreRhosts no HostbasedAuthentication yes [...] My /etc/ssh/ssh_config contains: [...]

Hello all, OpenSSL 0.9.5a and 0.9.6 are incompatible, causing weird errors. I'd like to get a check for this in the RPMs. However, now I want to make sure whether anyone has experienced problems with RHL 0.9.5a OpenSSL libs vs. the 0.9.5a ones provided at openbsd.org? Ie: is it enough to check like '= 0.9.5a' or do you have to check '= 0.9.5a-xyz'. -- Pekka Savola

Hi, attached is a patch by Chris Faylor <cgf at cygnus.com> relative to 2.2.0p1. Description: OpenSSH does not allow port gatewaying by default. This means that only the local host can access forwarded ports. Adding "GatewayPorts yes" to .ssh/config usually does this job. Unfortunately, OpenSSH does not recognize the same hosts.allow/ hosts.deny options as ssh.com's sshd

Hello there. I've noticed a strange problem happen in ALL my linux machines (some of them still running OpenSSH 2.9p1 (The one that comes with Slack8) and some of them are running 2.9.9p2 (That I have compiled myself). When I am having a certain host in my /etc/hosts, for example: 192.168.1.12 netinst When I am running ssh netinst -v -v -v the last line I could see is: ssh_connect:

can someone confirm this? it does not happen on openbsd. -------------- next part -------------- An embedded message was scrubbed... From: Florian Wunderlich <fwunderlich at devbrain.de> Subject: Re: fds closed after SIGCHLD bug still in newest version Date: Wed, 22 Nov 2000 14:44:17 +0100 Size: 3926 Url:

Hello all, I tried OpenSSH versions 2.1.1p4, 2.2.0p1 and the latest snapshot briefly on 64-bit Irix 6.5.7f an 6.5.9m. Both times, no matter what I do, I'll get 'PRNG initialization failed -- exiting'. This happens with ssh-keygen (the keys aren't even generated yet, ssh binary etc.) It's clear that Irix etc. don't have a proper entropy pool like *BSD and Linux do, but

Hi, Here's a problem in openssh, some logs, and a very minor patch that cures this: Issue: (open)ssh client WILL NOT talk to F secure SSH-2.0-2.1.0pl2 client S/W version: openssh-2.3.0p1 client O/S version: SunOS 5.7 Generic_106541-11 sun4u sparc server S/W version: SSH-2.0-2.1.0pl2 server O/S version: SunOS 5.7 Generic_106541-11 sun4u sparc Log/Details: : % telnet <mymachine> 22

Hello all, Compiling 2.1.1p1 on my RedHat Linux 6.2 w/ 2.2.16 kernel seems to cause errors from the start.. ---- gcc -O2 -m486 -fno-strength-reduce -Wall -DETCDIR=\"/etc/ssh\" -DSSH_PROGRAM=\"/usr/bin/ssh\" -DSSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh/ssh-askpass\" -DHAVE_CONFIG_H -c -o bsd-base64.o bsd-base64.c In file included from defines.h:261, from

Hello all, Using 20000930 snapshot on Irix 6.5.9m. SFTP connections with SSH 2.3.0 (Windows) die right out. Similar configuration and the same version works fine in Red Hat Linux 6.2. This is probably related to 'sftp' thread 7-10 days ago. The error messages captured in debug mode: --- debug1: server_input_channel_open: ctype session rchan 1 win 100000 max 8192 debug1: open session

Hello all, I just found a bug a nice bug that can be turned into a real feature on systems (usually Linux) that are built with --with-ipv4-default. If you enable IPv6 in kernel, and enable both listenaddress 0.0.0.0 and ::, sshd will error out 'address family not supported'. However, you can work around this error by starting sshd with 'sshd -4 -6'. As far as man page is

Hello all, It seems that RhostsAuthentication does not work on non-default port no matter what when connecting from OpenSSH (2.1.1, 2.2.0 tried) either with protocol 1 or protocol 2 (shouldn't work either..). _However_ when connecting with SSH.COM Ltd's ssh, RhostsAuthentication works just fine! Checking the port number of ssh client you can see that OpenSSH doesn't assign

Quite a few changes here, please test. http://www.mindrot.org/misc/openssh/openssh-SNAP-20000916.tar.gz -d 20000916 - (djm) New SuSE spec from Corinna Vinschen <corinna at vinschen.de> - (djm) Update CygWin support from Corinna Vinschen <vinschen at cygnus.com> - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage. Patch from Larry Jones <larry.jones at

Is there any work going into placing keys in a central directory such as LDAP ? Jeff McElroy jmcelroy at dtgnet.com

Hello all, sshd configuration file options change from one release to another. If you forget updating sshd_config, sshd will not start. This is especially painful for update scripts etc. where you can't do e.g. 'sshd -p 2022' to see if it's okay. May I suggest some option, e.g. sshd -t, which would test config files and other obvious issues and return an errorcode if something

Hi, I'd like to bring this up again as there has been discussion about 2.4.0 patches. Getting something this big in would probably delay the release too much, but something similar should be considered for 2.5 then. A lot of people would like some control over port forwarding. Florian Weimer's patches (http://cert.uni-stuttgart.de/files/openssh/) are one, rather "big"

Hello all, Very recently, djm added compability patch so that aes/rijndael encryption problems could be avoided when talking to broken server/client; and you wouldn't have to toggle off the protocols yourself. Might this be a candidate for 2.5.2p2 or the like? This would be helpful when there are a lot of broken, 2.3.0 and like, systems. -- Pekka Savola "Tell me of

Hello all, I'm using the attached patch. With it, if you add OPTIONS="-6" in /etc/sysconfig/sshd (this kind of sysconfig/<name> is a pretty normal RHL practice), then you can enable ipv4 and ipv6 on RHL without problems and without having to modify the init.d/sshd script. This or something like should IMO be added. Removing 'noreplace' from sshd_config

ChangeLog: 20010429 - (bal) Updated INSTALL. PCRE moved to a new place. - (djm) Release OpenSSH-2.9p1 However, OpenSSH 2.9p1 is not on the official FTP sites, at least yet? -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords