similar to: chroot patch for openssh 3.0.2p1

Hi all, I would like to do something like this at Samba level: hosts allow = subnet1/mask1 subnet2/mask2 etc hosts deny = * But this doesn't seem to work (machine that are not in subnet1 and not in subnet2 still have access) I think the * is not understood by Samba, I tried ALL, this didn't work either. I'm gonna check the samba source code but if I could get an expert answer

The included patch adds a new option to the ssh client: -d fd Read the password from file descriptor fd. If you use 0 for fd, the passphrase will be read from stdin. This is basically the same as GPG:s parameter --passphrase-fd. Flames about why this is a bad idea goes into /dev/null. I really need to do this. There are lots of ugly Expect-hacks out there, but I want a more clean

Hi, I recently downloaded openssh 3.7.1p2 to install it on a Linux RedHat, and I noticed that it was linked with libcrypt.so.1 It wasn't the case with previous versions, so I thought that was strange. So I checked the configure script and noticed this strange "esac" on : "configure" line 4021 of 17200 --23%-- col 2-9 I'm a security ingeneer and definitly not a script

Long post.. sorry. Ok.. I've got three systems, all running openssh-3.0.2p1. As a matter of fact, they were installed from the same built tree, so I know they are the same. Here's the deal. I've got three systems, call them source1, source2 and target. All are HP-UX 11.0 systems installed from the same tree. Source1 and source2 both have thier root rsa pub keys in target's

On the site : www.bubbleshare.com Photo flash frame stays white Gentoo GNU/Linux x64 Firefox 3.0 swfdec 0.6.6 Beyond, less important (french site only) : www.canalplus.fr Integrated movie player doesn't work At least, thanks a lot for your stuff

password authentication fails even tho i used LIBS=-lcrypt option Any help will be appreciated

Hi, working on tightening our network (somewhat) today, I found that OpenSSH doesn't seem to have the "AllowSHosts" directive (in sshd_config) that Commercial SSH (at least 1.2.25 & up) has. Now I wonder whether that hasn't been implemented yet, or has been dropped for a certain reason. I find this very useful for what I want to achieve - inside the company network,

On Mon, Jan 18, 2010 Joachim Schipper wrote: > What this patch does can be described as follows: > > Without: > you at local$ ssh somehost > Enter passphrase for RSA key 'foo': > you at somehost$ exit > $ ssh otherhost > Enter passphrase for RSA key 'foo': > you at otherhost$ > > With: > you at local$ ssh somehost > Enter passphrase for RSA

OpenSSH 2.9.9 has just been uploaded. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH 2.9.9 fixes a weakness in the key file option handling, including source IP based access control. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. This release contains many portability

Hi there, I just give you the script (in Python) I have just written in case of someone would like to implemant this. I think it is more simple than the one we can see over the net... It uses DISA (security issues ==> limit access with contexts and the password !!) and CAPI but it should work with type of channel. Basically, you ring your asterisk and the line goes down after 1 ring. Asterisk

ssh.1 says Protocol Specifies the protocol versions ssh should support in order of preference. The possible values are ``1'' and ``2''. Multiple versions must be comma-separated. The default is ``1,2''. This means that ssh tries version 1 and falls back to version 2 if version 1 is not available. but

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

If the source and destination file are identical, the receiving scp truncates the file. On the sending end, read() returns 0, and garbage is sent instead of actual data, and the receiving end puts it into the file, which at least confuses the users. -- Florian Weimer Florian.Weimer at RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/

Is there any way to disable the authentication agent globally? I'm not quite sure I understand it's purpose. Here is some background info: workstation: Key pair (dsa). host1: No key pair. No authorized_keys. host2: Has my workstation's key in authorized_keys. I ssh to host1 from my workstation. I ssh to host2 from host1. I am asked for a password. Good. I ssh to host2 from my

Hi guys, and another feature request for sshd which I would classify as really useful. And I think this behaviour is currently not available (If yes, sorry, I must have missed it): > I believe that the sshd should log which RSA key was used to connect to > an account. When there are a number of keys in the authorized_keys file > it is often useful to know which one was used for each

Hello, whereas most people take passwd/shadow/ldap/<whatever> as the place where decision on a chrooted environment / sandbox for certain users is met (just set the given usershell appropriateley), I needed a somewhat different approach. Below is a tiny patch to 2.2.0p1 which enhances the sshd-config by two options and, when set, places all users / users of a certain group immediately in

Hi, % scp -v user at host:file.txt . [..] debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1 debug: Local version string SSH-1.5-OpenSSH_2.1.1 [..] debug: Sending command: scp -v -f file.txt debug: Entering interactive session. Sending file modes: C0644 3093316 file.txt Since it 'interactives' the remote user needs a shell. Any workaround? But more interesting

Debian GNU/Linux 2.2 (potato), openssh-2.2.0p1 Configured with: --prefix=/usr/local/openssh --enable-gnome-askpass --with-tcp-wrappers --with-ipv4-default --with-ipaddr-display My goal here is to, as root, forward a local privileged port over an ssh tunnel to another host using a normal user's login, i.e.: root:# ssh -2 -l jamesb -i ~jamesb/.ssh/id_dsa -L 26:localhost:25 remotehost So far,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would like an 'Include' directive or similar for ssh client config files. My ~/.ssh/config file is larger than I would like, 147 Host stanzas currently (and I doubt I set any record there). I have some networks/hosts I access via some pretty complex setups (port-fwded SSH via intermediate hosts, multiple port-fwds for various applications,

Hi, I've been using PxeLinux to boot our Debian kernel successfully for some time now. I recently increased the size of the ramdisk from about 484 MBs to 517 MBs and encountered the following error during bootup: --- RAMDISK: Compressed image found at block 0 Freeing initrd memory: 105519k EXT3-fs: Magic mismatch, very weird! cramfs: wrong magic sh-2021: reiserfs_read_super: can not find