similar to: logging of which key authenticated?

Hi, The code definitely attempts to unlink any old listener beforehand (see misc.c:unix_listener()) so I don't understand why that isn't being called. You might try simulating your configuration using sshd's -T and -C to make sure the flag is correctly being set. Could chroot be interfering? Some platforms implement additional restrictions on devices and sockets inside chroot. -d

On Tue, 3 May 2016, Rogan Dawes wrote: > Hi Damien, > Thanks for the response! > > I tried moving the StreamLocalBindUnlink directive outside of the Match > rule, and it worked. But that doesn't explain why the Match was not > correctly setting the directive: > > This is running on an alternate port with -ddd: > > debug3: checking match for 'User

Hi folks, (3rd time I am sending this message, none of the other appear to have made it through!) Using "OpenSSH_6.9p1 Ubuntu-2ubuntu0.1, OpenSSL 1.0.2d 9 Jul 2015" on the server, "OpenSSH_7.2p2, OpenSSL 1.0.2g 1 Mar 2016" on the client. I am trying to use sshtunnel with StreamLocal forwarding to enable me to connect back to the client's ssh port, without having to

Hi folks, I'm wondering if it is possible to set up a dynamic port forward (i.e. socks proxy), where the listening socket is actually on the server rather than the client as is currently the case for -D ? A possible use case is providing a deeply firewalled box with an outbound SOCKS proxy, but only while an inbound ssh connection is active. Or, in my particular case, I have many routers

Hi folks, I have successfully compiled and run OpenSSH 4.1p1 on NCR MPRAS: $ uname -a UNIX_SV support1 4.0 3.0 3446 Pentium Pro(TM)-EISA/PCI $ However, I have found one pretty critical problem, arising from the way that MPRAS handles changes to the IP stack. Background: To update any of the IP or TCP configuration options, system administrators should use the program "tcpconfig".

On Sun, May 8, 2016 at 9:04 PM, Markus Friedl <mfriedl at gmail.com> wrote: > I have an ugly patch for that feature that requires protocol modification. Why does it require a protocol modification? Couldn't the client request regular forwarded-tcpip from the server then decode SOCKS entirely within the client? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9

Hi folks, I was thinking about the possibility of separating the OpenSSH transport and authentication functions from the terminal emulation functions, and making it available as a library for other applications to use for secure authenticated transport. My thinking is along the lines of: A whole bunch of applications have implemented "secure" versions of the transport protocol, using

Hi, I was thinking about the difficulties and complexities of using chroot in scp or sftp-server, in order to limit the user in which files they can access. I've seen a lot of arguments about how it is pointless to try and secure scp or sftp (also from a logging perspective) because if we allow SSH access, the user can simply provide their own scp or sftp binary, that does not do the

Hi folks, I am sitting with a requirement to configure an account for shared use, with access via SSH, and RSA/DSA keys. What I would like to do, and I know it is not foolproof, is log the key presented in order to log on, for audit purposes. The intention is that each user has their own key pair, and the public keys are all stored on the server, as expected. When the key presented is accepted,

Hi: I'm in the middle of recoverying from a tactical error copying around an Mac OS X 10.10.5 Time Machine backup (turns out Apple's instructions aren't great...), and I had rsync running for the past 6 hours repairing permissions/acls on 1.5 TB of data (not copying the data), and then it just died in the middle with: .L....og.... 2015-03-11-094807/platinum-bar2/usr/local/mysql

Hi, I'm having trouble connecting to my postgreSQL db on Heroku(Amazon) using RPostgreSQL. I've looked through GitHub for people doing the same thing. There are quite a few examples and all look similar to the below: drv <- dbDriver("PostgreSQL") con <- dbConnect( drv, dbname = "dadqn30er7ghpl", host =

Just curious. There seems to be an awful lot in the source, but no actual configure option. Please advise. -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: austin at coremetrics.com "It is the part of a good shepherd to shear his flock, not to skin it." Latin Proverb

On Wed, Nov 21, 2001 at 01:41:42PM -0500, John Hawkinson wrote: > auth-krb5.c > auth1.c > compat.c > comapt.h > servconf.c > session.c > session.h > sshconnect1.c > sshd_config why do you need to touch these files? for MIT K5? or for adding back the told ticket passing behaviour? i have no string opinion about whether the AFS/Kerb tickets should be passed

Hello, I am using an incoming iax provider to bring calls to my server. When an incoming call comes in, the calling party does not hear a ring tone. I figured that this was no big deal, and that I just needed to enable the "r" flag to dial. This has not fixed the situation though. Just to try to make sure the line was being picked up properly, I tried the following: [inbound] exten

>>> configuration holes are the *default* configuration. ssh-keygen >>> creates passphrase frees by default if you simply hit "Enter" a few >>> times, and there is no way I've ever seen for ssh_config to reject >>> them by default when loading local keys or loading them into an >>> ssh-agent. >> >> So where are your

Folks: We use an old AFS cell with Kerberos 4. Our use of Kerberos 4 is fairly limited; we have never needed to implement rcmd host principals for most of our systems. Indeed, given that Kerberos 4 strips off the domain name portion of a hostname when determining the rcmd instance, we would not be able to do this, since we do have duplicate hostnames in multiple subdomains. For AFS

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

HI All, We have the latest Dovecot 1.1.6 running and I need to migrate some POP3 users over from Courier to Dovecot and would need to convert the courierpop3dsizelist to maintain the UIDs. I just need to confirm that the script (http://www.dovecot.org/tools/courier-dovecot-migrate.pl) only works for Dovecot v1.0 and not for v1.1? As the dovecout-uidlist file that is created (by the script) is not

Hi I'm getting Jun 11 13:12:46 "Fatal: Can't open configuration file /home/dovecot/dovecot-pgsql.conf: Permission denied this file have fulle permissions and has belonged to dovecot and root but still no joy what am i missing must be something stupid on this side Thanks for the previos comments about scripting I am swithcing to postgress for the mail env and will look at mysql

Hi All My first post to the list, so "hello world"! Having searched the list archives and the wiki for an answer to this, I don't think it is possible. However, let me ask nonetheless... Is it possible for a Dovecot proxy's login process (IMAP and POP3) to include the "destuser", i.e. the uid used to authenticate to the backend IMAP/POP3 server, in its logging?