similar to: IdentityFile patch

Here is a patch to allow private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location on systems where home directories are NFS mounted. This is especially important for users who use blank passphrases rather than ssh-agent (a good example of where this is necessary is for tunnelling lpd through ssh on systems that run lpd as user lp). IdentityFile now accepts

Here is the user-dependent IdentityFile patch for openssh3.5 (BSD version), which allows private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location. This addresses an important security hole on systems where home directories are NFS mounted, particularly if there are users who use blank passphrases (or when lpd is tunneled through ssh on systems running lpd

This allows me to set 'ControlPath ~/.ssh/sockets/%h.%p.%u' for example. Have I missed a good reason why ssh_connect finds the default port number for itself instead of just having it in options.port (like we do for the the default in options.user)? --- openssh-4.1p1/ssh.c~ 2005-06-12 09:47:18.000000000 +0100 +++ openssh-4.1p1/ssh.c 2005-06-12 09:40:53.000000000 +0100 @@ -604,6 +604,17

Hi, the attached patch adds support for the keywords "OpenCommand" and "CloseCommand" to ssh_config. They are commands which are executed before the connection is established (or ProxyCommand started) and after the connection has been closed (or ProxyCommand ended). this is usefull for stuff like portknocking or (that's what I wrote the patch for) talking with trapdoor2

Moin, attached is a patch, which adds a new configuration option "PreferAskpass" to the ssh config. ssh{,-add,-keygen,-agent} will use ssh-askpass to prompt for passwords, if this option is set to "yes", and if ssh-askpass is available. Default for "PreferAskpass" is "no". Pacth is against current CVS. Sebastian -- signature intentionally left blank.

http://bugzilla.mindrot.org/show_bug.cgi?id=95 Summary: Allow '%' expansion to work in ssh and ssh-add Product: Portable OpenSSH Version: 3.0.2p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org

OpenSSH 3.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability bug-fixes (listed in the ChangeLog) as well as several new features (listed below). We would like to thank the

Hello. I have one, small question. There are any security reasons to not use a getenv("HOME") instead of pw->pw_dir in ssh.c and tildexpand.c to find user home directory? -- Grzegorz Kryza mailto: kryza at nomachine.com http://grzegorz.kryza.net

Hello, After upgrading OpenSSH to 2.9.9p2, I've found some troubles on public key authentication with an sshd working at Solaris 2.5.1 machine. The server failed to validate the user's path in auth.c:secure_filename(). There were actually two reasons for the trouble: 1. the "realpath" of pw->pw_dir (that realpath() would return) was different from pw->pw_dir itself.

This patch is against 3.0.2p1. It produces output like the first line in the example below for both v1 and v2 logins. Logging is turned on by sticking ``LogFingerprint yes'' in sshd_conf. It would be nice if something like this would make it into OpenSSH. Dec 4 14:21:09 lizzy.bugworks.com sshd[7774]: [ID 800047 auth.info] Found matching RSA1 key:

This patch adds a new option to sshd, chroot_users. It has the effect of chroot()ing incoming ssh users to their home directory. Note: this option does not work if UsePrivilegeSeparation is enabled. Patch is based on OpenSSH 3.4p1. *** servconf.h@@\main\1 Tue Oct 1 17:25:32 2002 --- servconf.h Wed Oct 2 06:17:48 2002 *************** *** 131,136 **** --- 131,137 ---- char

Hello there! I have made a patch against OpenSSH 3.0.2p1 which allows the fingerprint of the accepted key to be printed in the log message. It works with SSH1-RSA and SSH2 pubkey (DSA+RSA) authentication. This feature is controllable by the LogKeyFingerprint config option (turned off by default). Michal Kara -------------- next part -------------- diff -u5

Here is a little patch against 2.9p1 that performs the SNK (also known as TIS authserv) challenge-response automaticly instead of asking the user. hope you find it useful. --larry -------------- next part -------------- diff -NuBw openssh-2.9p1/Makefile.in openssh/Makefile.in --- openssh-2.9p1/Makefile.in Thu Apr 26 20:31:08 2001 +++ openssh/Makefile.in Wed Jun 6 16:15:56 2001 @@ -43,9 +43,9

Damien, I've filed a bug for this on mindrot as requested, https://bugzilla.mindrot.org/show_bug.cgi?id=1348. Patch attached in case that helps reviewing. Comments welcome, Rob -- Rob Holland <rob at inversepath.com> http://www.inversepath.com - Chief R & D Engineer Inverse Path Ltd, 63 Park Road, Peterborough, PE1 2TN, UK Registered in England: 5555973 -------------- next

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

After the commit titled "expand %h to the hostname in ssh_config Hostname options" (2010-07-16), %n always got the same value as %h in the LocalCommand config option. Fix this and add a regression test. --- regress/Makefile | 6 ++++-- regress/host-expand.sh | 18 ++++++++++++++++++ ssh.c | 6 ++++-- 3 files changed, 26 insertions(+), 4 deletions(-) diff

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just uploaded openssh-1.2pre16 to: http://violet.ibs.com.au/openssh This is mainly a bugfix release, it should fix some of the recurrent compile problems that have been reported to the mailing list and to me (the __P() stuff on Solaris for example). Full changelog: 19991207 - sshd Redhat init script patch from Jim Knoble <jmknoble at

From: Haiyang Zhang <haiyangz at microsoft.com> Rename camel case variables in channel.c Signed-off-by: Haiyang Zhang <haiyangz at microsoft.com> Signed-off-by: Hank Janssen <hjanssen at microsoft.com> --- drivers/staging/hv/channel.c | 729 +++++++++++++++++++++--------------------- 1 files changed, 368 insertions(+), 361 deletions(-) diff --git

From: Haiyang Zhang <haiyangz at microsoft.com> Rename camel case variables in channel.c Signed-off-by: Haiyang Zhang <haiyangz at microsoft.com> Signed-off-by: Hank Janssen <hjanssen at microsoft.com> --- drivers/staging/hv/channel.c | 729 +++++++++++++++++++++--------------------- 1 files changed, 368 insertions(+), 361 deletions(-) diff --git

http://bugzilla.mindrot.org/show_bug.cgi?id=95 ------- Additional Comments From jprondak at visualmedia.com 2002-02-02 09:25 ------- Created an attachment (id=18) patch to tildexpand.c and auth.c to allow '%' substitution everywhere ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.