similar to: CVS for portable?

maybe this is a silly question ;-) But why is it possible to login on a machine with a locked account (passwd -l ) via pubkey-authentication (authorized_keys) ? I use OpenSSH3.01p1on Solaris8 with PAM support so I thought this should not happen. If this is the normal behaviour and built in intentionally what would be the easiest way to lock an account without deleting the users authorized_keys ?

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));

Hi. Whenever I notice a typo someplace, I fix it in a local "typo tree". Attached is 2 patches from that tree, one against OpenBSD and the other against Portable. Is it worth fixing these? -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience

Is there a security issue with turning an RSA1 key into an RSA key? One might want to do this, e.g., to move to protocol 2 without having to update authorized_keys files. I thought there was a problem with this, but Google doesn't find anything. thanks /fc

Hi all. The OpenSSH Portable anoncvs service has found a temporary home (mine :-). It's on a DSL link so please be nice to it. It may move in future so please use the "anoncvs.mindrot.org" alias. $ cvs -z5 -d anoncvs at anoncvs.mindrot.org:/cvs co openssh_cvs The key fingerprints are: RSA 8e:09:e9:fb:dc:af:e4:a5:e6:a0:e2:28:59:63:84:17 DSA

Add -n to the ssh command line - see if that fixes it. Nico -- > -----Original Message----- > From: Eric Garff [mailto:egarff at omniture.com] > Sent: Wednesday, August 07, 2002 11:15 AM > To: openssh-unix-dev at mindrot.org > Subject: Re: so-called-hang-on-exit > > > That may be, but it only "hangs" when run from cron, if I run it > manually it executes

http://bugzilla.mindrot.org/show_bug.cgi?id=486 Summary: "PermitRootLogin no" can implicitly reveal root password Product: Portable OpenSSH Version: 3.5p1 Platform: All OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at

Are there any plans on the table to add native support for two-factor authentication, such as password *and* public key? Visa PCI standards require two-factor authentication for remote access and if password+key was available in openssh it would be much easier to maintain and support than a full-blown vpn with all the cross-platform compatibility issues that come with one. Thanks! Jacob

Thanks to the generosity of Rob Hagopian <rob at hagopian.net>, portable OpenSSH now has a public anonymous CVS tree and a mirror of the snapshots on a fast (colocated) machine. The nightly snapshots are now available from: http://bass.directhit.com/openssh_snap/ Please use these instead of the mindrot.org ones (which will be going away soon). To checkout the CVS tree, issue the

Thanks to the generosity of Rob Hagopian <rob at hagopian.net>, portable OpenSSH now has a public anonymous CVS tree and a mirror of the snapshots on a fast (colocated) machine. The nightly snapshots are now available from: http://bass.directhit.com/openssh_snap/ Please use these instead of the mindrot.org ones (which will be going away soon). To checkout the CVS tree, issue the

Sorry if this is stuff that's been talked about before. If it is, just ignore me. I'm curious to know why Portable OpenSSH doesn't include @bindir@ in the _PATH_STDPATH. This would save most installers of portable OpenSSH from having to --with-default-path=$PREFIX/bin in order to ensure that scp will work properly. This would also, I imagine, save quite a lot of hassle for

Hi ! Sorry to bring back the infamous "NOUSER" in the conversation but I didn't get the workaround on that problem. Firstly, I'm using : - openssh-3.1p1-15 which is the version which comes by default with my Red Hat Linux Advanced Server release 2.1AS. - I'm using PAM, set up to use radius. Please find below the /etc/pam.d/sshd file : #%PAM-1.0 auth

I'm unable to get dovecot-lda with sieve filtering to deliver into maildir folders. The examples on the wiki explicitly say "mbox", so I'm wondering, does the dovecot-lda sieve implementation not support filtering into maildir folders? -frank

Should pam_setcred() be called if pam_authenticate() wasn't called? I would say not; both of these functions are in the authenticate part of pam. It seems the the 'auth' part of pam config controls which modules get called, so if you didn't to _authenticate() you shouldn't do _setcred(). thx /fc

It's sometimes desired to be able to alter login policy depending upon how the person was connecting for the ssh server. For example you might want different rules on the internal and external interface of a gateway. In another setup you might want an sshd with a different login policy running on a different port - and setup different firewalling rules (for example). I have implemented such

If bind() fails we _always_ should close socket. I sent this patch while ago to djm but I still don't see this fix in openssh_cvs. diff -urN openssh-2.3.0p1.org/sshd.c openssh-2.3.0p1/sshd.c --- openssh-2.3.0p1.org/sshd.c Sat Jan 6 19:54:11 2001 +++ openssh-2.3.0p1/sshd.c Sat Jan 6 19:55:48 2001 @@ -782,10 +782,10 @@ debug("Bind to port %s on %s.", strport, ntop); /*

Can shared/public namespaces' prefixes have a common prefix? :) namespace public { separator = / prefix = zz/shared/ location = maildir:/var/maildir/shared:INDEX=/var/maildir/%n/shared subscriptions = no } # to share other employees mailboxes (term'd or admin access) namespace shared { separator = / prefix = zz/shared/%%u/ location =

http://bass.directhit.com/openssh_snap/ Starting tonight I plan on tracking changes very closely with the OpenBSD tree. I need people to test the latest snapshot (9/14 at of right now) and report success or failure on compiling. I am starting this now because we are looking at a code freeze soon and I really want to ensure it compiles and runs on all existing platforms. So we (the portable

I have been attempting to replace Procmail with Dovecot as the LDA for my Postfix mail server, but without success. Below is a truncated output from the /var/log/maillog. Aug 9 11:56:20 scorpio postfix/local[4338]: 88C3FC3D1: to=<gerard at localhost.seibercom.net>, orig_to=<gerard at localhost>, relay=local, delay=1119, delays=1118/0.71/0/0.11, dsn=4.3.0, status=deferred (temporary

Hi, I encountered the following when i run the below command on my Solaris 8 x86 box: #ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N "" I got the following error: Segmentation fault - core dumped Does anyone have any idea what is wrong? I am using pre-compiled packages downloaded from sunfreeware.com. Regards, Matthew This communication contains confidential or privileged