similar to: [Patch] Xauthority file in /tmp

Hi ! I hacked together a couple of patches for Openssh 2.1.1p4 port forwarding. It is a one patch file that does the following two things: First: If the server is configured not to allow port forwardings it sends SSH_SMSG_FAILURE (protocol 1) while openssh client expects SSH_SMSG_SUCCESS. When the client gets the failure it exists with protocol error message. This patch will accept both failure

Hey everyone, I wanted to add support for denying PTY allocation through OpenSSH. I'm not certain if this is quite thorough enough for all cases, but for me it might work for the moment. I know that you can currently do this through authorized_keys, but as far as I know that only works for an actual key. In my use case, I wanted a user with no password which is forced to run a specific

Hi, I noticed that Markus has fixed the temporary file cleanup problems in OpenSSH cvs. What files need patching for this ? I only noticed changes in: session.c, channels.h and channels.c. -Jarno -- Jarno Huuskonen <Jarno.Huuskonen at uku.fi>

Hi ! Here's a patch to add remote port forwarding support (protocol 2) for openssh. I have tried to test that it works like it should but a more thorough testing is needed. This patch adds both client/server support. The patch should be applied to openssh-2.1.1p4 source tree. Also included is a PortForwarding sshd_config option, new ./configure option --disable-forwarding that should make it

Here's a patch for a feature I'm used to having in the old commercial ssh. It checks for usernames the file /etc/nologin.allow when /etc/nologin is in place, and lets the users mentioned in /etc/nologin.allow in regardless of /etc/nologin. This is very usefull for remote administration of servers. Please consider applying this. -jf -------------- next part -------------- ---

The patch below implements a couple of features which are useful in an environment where users do not have a regular shell login. It allows you to selectively disable certain features on a system-wide level for users with a certain shell; it also allows you to control and audit TCP forwarding in more detail. Our system is an email server with a menu for the login shell; we selectively allow port

Okay, here is a fixed version of the patch I sent before for fixing the problems I know about with Digital Unix SIA: displaying too much info (MOTD, last login, etc.) when access is denied, and the loss of the error message sometimes when access is denied. It does break some code out of do_login into a couple of separate functions. I did this to avoid duplicating the code in a couple of places.

Dear OpenSSH porting developers, finally I succeded in porting OpenSSH to QNX 4. To get things going I had to take over some definitions from Linux' include files, since they are not available under QNX (e.g. the howmany makro, NFDBITS, the lastlog structure). With this email I send a patch with all my changes as well as the file "qnx-term.h" which I created because IXANY and

in reply to: 5.1p1 and X11 forwarding failing http://lists.mindrot.org/pipermail/openssh-unix-dev/2009-February/027183.html I have the impression that SSH is running xauth with a filename in a temporary directory that does not exist: local:~ $ ssh -vv user at remote ... debug2: x11_get_proto: /usr/bin/xauth -f /tmp/ssh-VskgWb3776/xauthfile generate :0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200

Damien, I've filed a bug for this on mindrot as requested, https://bugzilla.mindrot.org/show_bug.cgi?id=1348. Patch attached in case that helps reviewing. Comments welcome, Rob -- Rob Holland <rob at inversepath.com> http://www.inversepath.com - Chief R & D Engineer Inverse Path Ltd, 63 Park Road, Peterborough, PE1 2TN, UK Registered in England: 5555973 -------------- next

Hi, We'd like to run sshd with a configuration morally equivilent to: # stuff ... AuthorizedKeysFile /var/db/keys-distributed-by-security-team/%u AuthorizedKeysFile %h/.ssh/authorized_keys # be backwards compatable for a bit longer yet AuthorizedKeysFile %h/.ssh/authorized_keys2 # more stuff ... The following patch (against the cvs source) turns the authorizedkeysfile statement in sshd.conf

Hi, I have added calls to `check_ntsec()' to the code which checks for the ownership and modes of identity files and directories. As you might know, check_ntsec() tests if owner/modes are supported by the OS (9x/ME=no, NT/W2K=yes), the filesystem (FAT/FAT32=no, NTFS=yes) and the current Cygwin settings (ntea/ntsec). Corinna Index: auth-rhosts.c

http://bugzilla.mindrot.org/show_bug.cgi?id=101 Summary: session.c modifications for correct UNICOS behavior Product: Portable OpenSSH Version: 3.0.2p1 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

$ ssh -v OpenSSH_5.1, OpenSSL 0.9.8j 07 Jan 2009 $ ssh -vvv -X example.com [ Relevant debug info: ] debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1 [OpenSSH_5.1, OpenSSL 0.9.7j 04 May 2006] debug2: x11_get_proto: /usr/X11R6/bin/xauth -f /tmp/ssh-TLLOFKxvay/xauthfile generate :0.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null Warning: untrusted X11 forwarding

Currently, openssh-2.9p2 adds cookies to a user's .Xauthority file if X11 forwarding is requested but does not delete them while closing down the connection. While this may not necessarily be a security vulnerability, but it's a good idea for the application to cleanup appropriately. This patch takes care of removing the X forwarding cookies from the user's .Xauthority file. Please

hi, this can be applied to the latest portable CVS. by default bind sshd fake display to localhost. [stevesk at jenny stevesk]$ uname -sr HP-UX B.11.11 [stevesk at jenny stevesk]$ echo $DISPLAY localhost:14.0 [stevesk at jenny stevesk]$ netstat -an|grep 6014 tcp 0 0 127.0.0.1.6014 *.* LISTEN this is currently controlled with sshd_config gatewayports;

http://bugzilla.mindrot.org/show_bug.cgi?id=771 openssh at faxm0dem.org changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|openssh-bugs at mindrot.org |bitbucket at mindrot.org ------- Comment #5 from openssh at faxm0dem.org 2006-04-13 01:12 ------- There is a patch that

Hello all, $XAUTHORITY location has moved from under /tmp to ~/.Xauthority in 2.9p2. The commit message was: --- remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since we do already trust $HOME/.ssh you can use .ssh/sshrc and .ssh/environment if you want to customize the location of the xauth cookies --- The latter is true, but can only be enabled in per-user basis as far as I see.

Hello, I know this is likely to give me a brute force attack hit, but the only thing anyone can accomplish by ssh-ing to my machine is to provide me with a tunnel into your machine. So don't bother. Anyway, my server machine is running this: /usr/bin/ssh -X -R ${port}:localhost:22 -o BatchMode=yes \ -o StrictHostKeyChecking=no ${user}@${my_home_machine} On my local machine: ssh -vvv -X

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)