similar to: openssh never cleans out Xauthority

Since there never was an answer on the secureshell at securityfocus.com list to this question, I thought I'd ask you guys on your own list and maybe I'll even get an answer. If the answer involves PAM in any way, then the most obvious question becomes "what about IRIX, Tru64, or any other platforms whose login procedure does not have PAM?". ----- Forwarded message from Atro

SSH.COM says their SSH2 is not vulnerable to the ZLIB problem even though they use the library (details below). Can OpenSSH say the same thing? In either case, it seems like there ought to be an openssh-unix-announce message about what the situation is. I may have missed it, but I don't believe there was one. Yes, openssh doesn't have its own copy of zlib source but it would still be

http://bugzilla.mindrot.org/show_bug.cgi?id=333 Summary: X11 forwarding not working in OpenSSH 3.4p1 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

Since i/we didn't receive any answer on secureshell at securityfocus.com I like to ask this question to you. What's your opinion on this topic? Thanks! Miro +-------------------------------+ +-------------------------------+ | Miro Dietiker | | MD Systems Miro Dietiker | +-------------------------------+ +-------------------------------+ -----Urspr?ngliche

I'm not a ssh expert and I don't know if the log is good or bad, but I too am running OpenSHH under OpenServer. I find that after I connect, the return key has no effect unless I first type: stty sane <Ctrl>j If you've hit <ENTER> before that you must first press <Ctrl>j a couple of times to clean out the buffer. After I type the above command, everything

Robert, [OpenSSH with AFS not compiling on HP-UX 10.20] I'm using OpenSSH 2.9p2, OpenSSL 0.9.6a, KTH KerberosIV 1.0.8, and AFS 3.4 5.81. > cc: "auth-passwd.c", line 188: error 1530: Undefined struct or union. > cc: "auth-passwd.c", line 188: error 1529: Cannot select field of non-structure. I had exactly the same problem compiling SSH Inc. ssh-1.2.27 with AFS for

I am trying to generate a ssh_known_hosts2 file, 2.9.9p2, using: ssh-keyscan -f list_of_hosts -t rsa > ssh_known_hosts.rsa and ssh-keyscan -f list_of_hosts -t dsa > ssh_known_hosts.dsa but both commands fail almost immidiately with: Couldn't obtain random bytes (error 604389476) What could that mean? Servers that I am aware of that I query is: OpenSSH_2.5.1p2 OpenSSH_2.5.2p2

I've seen others working on a vxWorks port for OpenSSH. I'll CC: this to the OpenSSH dev list. Maybe they can provide you with the help you need. - Ben On Mon, 29 Oct 2001, Manoj Jaitly wrote: > I need a vxWorks port for openSSH. Can you send me some info on this topic. > If it is not available, then which is the best version to start porting and > what all I need to port

Hi- I built openssh-3.0p1 on a Tru64 4.0G without any problem. The system uses enhanced security, so the sia_* routines are used by sshd. Unfortunately, password authentication fails because sia_ses_authent() returns 0 in auth-sia.c. The thing is, the password is CORRECT; I verified this by inserting debugging statements before the call to sia_ses_authent(). The call to sia_ses_init()

Hi, this is merely FYI, but i would appreciate if someone had any comments or further information on the topic. We were using the following setup : cryptocard easyradius with RB-1 hardware tokens (hex or decimal display, synchronous (quicklog) mode) f-secure ssh with pam radius authentication This worked fine until we updated to openssh 2.9p2. Then all authentications where the response

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=57859 There's a method to see if an account exists or not: if it does exist, and the password fails, there's a small delay before getting the prompt again. But if it doesn't, the password prompt returns immediately. Looks like a bug... :o) -- Florin Andrei Linux Is Not "gnU linuX"

I joined the secureshell at securityfocus.com mailing list yesterday, and posted a message, but it doesn't seem like it ever made it to the list. Anyone know if it's down? Tnx, DR

Hello, anybody knows what happened to the ssh user mailing list on secureshell at securityfocus.com? it seems to be dead for more than two months now. I tried to post, but my postings never appeared on the list. Unfortunately, there's no administrative contact given on the subscription page, so I post to the dev list in the hope that somebody knows what's going on. Sorry for being OT.

I have been experiencing problems with remote data collection systems reporting not enough entropy in RNG. It mostly seems to be self correcting since a retry of the data transport succeeds. One system however shows the following everytime an ssh connection is attempted. Interactive commands do not seem to be affected. I have perused the code but the entropy gatherer seems to be fairly simple and

Hi. I see this XAUTHORITY=/tmp/ssh-*/cookies issue has been discussed repeatedly, but I haven't seen a solution to the following problem. Remote user logs into firewall. On firewall, DISPLAY var set to secure channel, XAUTHORITY set to /tmp/ssh-*/cookies. X11 forwarding from firewall works fine. User logs into machine behind firewall, and sets DISPLAY var to firewall:X11DisplayOffset.0.

Hello all, $XAUTHORITY location has moved from under /tmp to ~/.Xauthority in 2.9p2. The commit message was: --- remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since we do already trust $HOME/.ssh you can use .ssh/sshrc and .ssh/environment if you want to customize the location of the xauth cookies --- The latter is true, but can only be enabled in per-user basis as far as I see.

This issue has been discussed here and elsewhere a fair bit in the past year or so, but to re-address the issue... As of OpenSSH 2.9.something the ability to have an Xauthority located in /tmp was removed, with the following description in the ChangeLog : - markus at cvs.openbsd.org 2001/06/12 21:21:29 [session.c] remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since

http://bugzilla.mindrot.org/show_bug.cgi?id=771 Summary: Add option to override XAUTHORITY env variable Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: SunOS Status: NEW Severity: enhancement Priority: P5 Component: sshd AssignedTo: openssh-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=733 Summary: ssh doing xauth stuff even when it can't access local .Xauthority file Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=1401 Summary: ssh does not remove staled credentials from .Xauthority Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket