similar to: PrivSep and portability

Displaying 20 results from an estimated 6000 matches similar to: "PrivSep and portability"

2016 Mar 08
2
Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565
Hi Gert, Thanks for your reply. But we can't upgrade to 7.2 version also we don't have plan to upgrade in near future. Can I fix these vulnerabilities in the current version? Regards Abhishek On Tue, Mar 8, 2016 at 6:42 PM, Gert Doering <gert at greenie.muc.de> wrote: > Hi, > > On Tue, Mar 08, 2016 at 06:14:01PM +0530, abhi dhiman wrote: > > Actually I am working
2000 Dec 22
1
bug in sshd.d (destroy_sensitive_data core dumps)
Hi, experimenting with openssh_cvs on my SCO Unix 3.2v4.2 machine, I had sshd core dumping on me. Tracking this, I found that if a host key is specified in the sshd_config that does not exist (I used "./sshd -d -d -d -f sshd_config" with the shipped sshd_config file, to work around incompatibilities with the installed sshd.com's sshd_config, and I do not have ssh2 host keys on
2001 Feb 16
1
CVS and AIX
Hi, trying "current CVS" on AIX 4.3.3, yields: gcc -O2 -Wall -I/usr/local/include -I/gnulocal/include -I/gnu/include -I. -I./openbsd-compat -I. -DETCDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/gnu/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/gnu/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/gnu/libexec/sftp-server\" -DHAVE_CONFIG_H -c auth.c auth.c: In
2002 Jun 25
0
getnameinfo(), PrivSep, FreeBSD 4.1.1
Hi, I spent the last couple of hours scratching my head about a problem on FreeBSD 4.1.1 with OpenSSH 3.3p1. Without privsep: debug1: Trying rhosts with RSA host authentication for client user gert debug3: Trying to reverse map address 195.30.1.100. debug1: Rhosts RSA authentication: canonical host moebius2.space.net debug2: auth_rhosts2: clientuser gert hostname moebius2.space.net ipaddr
2017 May 19
2
feature request: use HOME before getpwnam() in misc.c
I'm using bash. The shell does the correct thing.? Sorry ?didn't give the use case clearly.? I'm talking about the use of tilde inside client config. ?The example was to illustrate desired behavior. Ssh itself does not eval tilde with any consideration for environment. That is the problem.? ? Original Message ? From: Gert Doering Sent: Friday, May 19, 2017 02:19 To: matthew patton
2017 Oct 17
2
Status of OpenSSL 1.1 support
Hi, On Tue, Oct 17, 2017 at 05:54:52AM -0600, The Doctor wrote: > The best solution is if (LIBRESSL) || (OPENSSL < 1010...) > > Else > > Whatever. > > Is that too much work? Littering code with #ifdef is almost never a good idea. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert
2001 Nov 12
1
Interesting problem with 3.0p1 and IPv6
Hi, I just ran into an interesting problem with 3.0p1 on FreeBSD 4.0 and IPv6/v4 mapped addresses. If I do "ssh -v machine", where "machine" has an IPv4 address in the DNS, everything works fine (machine is "hilbert.space.net"): debug1: Connecting to hilbert [194.59.182.6] port 22. ... Warning: This may be due to an old implementation of ssh. debug1: Received
2000 Oct 30
2
Feature disappeared?
Hi, working on tightening our network (somewhat) today, I found that OpenSSH doesn't seem to have the "AllowSHosts" directive (in sshd_config) that Commercial SSH (at least 1.2.25 & up) has. Now I wonder whether that hasn't been implemented yet, or has been dropped for a certain reason. I find this very useful for what I want to achieve - inside the company network,
2016 Feb 17
5
Using 'ForceCommand' Option
Gert, Thank you for the feedback. Can you give any further direction on where to get more information on what you are describing? On Wed, Feb 17, 2016 at 3:17 PM, Gert Doering <gert at greenie.muc.de> wrote: > Hi, > > On Wed, Feb 17, 2016 at 12:59:57PM -0600, Lesley Kimmel wrote: > > I would like to implement an arbitrary script to be executed when logging > > on via
2015 Jul 07
2
[PATCH 1/1] paint visual host key with unicode box-drawing characters
Hi, On Tue, Jul 07, 2015 at 04:25:25PM +0200, Roland Mainz wrote: > General comments: > 1. Not all locales use UTF-8 as encoding but can still use the Unicode > characters you use (e.g. GB18030 is a modern example and it's use is > mandated by all software vendors in PRC China). A quick solution is to > use |iconv()| to convert the UTF-8 byte sequences to the local >
2018 Jul 06
2
Does anyone use UsePrivilegedPort=yes or setuid ssh(1) ?
On 6 July 2018 at 17:24, Gert Doering <gert at greenie.muc.de>wrote: [...] > I think we have one customer connection where their firewall admin > thinks "it is more secure that way" - read, we can't ssh in if we come > from high ports. > > OTOH, thanks for the pointer with ProxyCommand - it's a very specific > niche problem with a viable workaround, so I
2002 Jul 30
1
openssl+openssh
On second thought...at which point in the code does openssh use openssl? Would this take place while the "little guy" is jailed off in some obscure non-root location? If that's the case, then do we have to worry about the ssl bug in privsep'd installations? To what extent do we even need to worry about the openssl problem? --Eric
2017 Oct 19
2
Status of OpenSSL 1.1 support - Thoughts
Hi, On Thu, Oct 19, 2017 at 09:43:41AM +1100, Damien Miller wrote: > You've got this exactly backwards. We don't want a shim that allows > OpenSSL-1.1 to present a OpenSSL-1.0 API. We want a shim that allows > us to use the OpenSSL-1.1 API when using OpenSSL-1.0, so we don't have > to maintain a forest of #ifdefs. For obvious reasons this shim cannot exist. If the
2024 Sep 09
1
OL8 (RHEL8), ssh-rsa turned off using update-crypto-policies, receiving an openssh error that I don't seem to be able to override in my personal .ssh/config file
Hi, On Mon, Sep 09, 2024 at 05:41:42PM +0200, Jan Schermer wrote: > The correct solution is to throw whatever requires it to the garbage and never buy from that vendor again. As nice as this sounds, the selection of possible algorithms on the (usually "internal network only") management interface is waaaaay low on the priority list when shopping for a $50k router... gert --
2007 Jun 20
1
NULL ptr dereferences found with Calysto static checker
Hi, I've ran my static checker Calysto on openssh and found the following bug: Possible NULL-ptr deref (vc536): @/work/benchmarks/SOURCES/openssh-4.6p1/moduli.c:173 + ptr gtm returned from gmtime dereferenced without checking (gmtime can return NULL). There are probably more possible NULL-ptr dereferences, but Calysto currently does not check the usage of library functions (for instance, if
2003 Jan 08
1
Trivial patch: update README about AIX port status
Hi All. As of now, openssh on AIX passes all regressions tests (and, yes, I just checked!), works with privsep, bugzilla has zero open AIX-specific bugs and IBM ship it essentially unmodified as a supported product. I think it's beyond "support underway" :-) -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
2015 Apr 22
3
shared private key
On Wed, Apr 22, 2015 at 1:53 PM, Gert Doering <gert at greenie.muc.de> wrote: > Hi, > > On Wed, Apr 22, 2015 at 01:26:06PM -0700, Reuben Hawkins wrote: >> Let me know if I'm missing something. :) > > Signed keys from a common CA? I don't think the signed key helps in my particular case (I may be wrong, if so please correct me). I'm working on a management
2001 Nov 09
1
socklen_t - where?
Hi, openssh_cvs as of today, SCO Open Server 3.0, socklen_t this typedef doesn't exist on SCO OSR 3, and "configure" properly detects this, leading to /* #undef HAVE_SOCKLEN_T */ in config.h. Problem: I can't find any place where this is actually being used? I'd expect something like #ifndef HAVE_SOCKLEN_T typdef int socklen_t; #endif ("int" is what the
2002 Mar 07
1
SCO 3 / CVS version
Hi, just to give you a quick "success" note: current portable CVS snapshot builds mostly fine on SCO3. The only remaining problem is truncate() in sftp-server.c - SCO3 can replace ftruncate() with chsize() (detected by configure and works), but has no truncate() equivalent. Run-time testing tomorrow, but I do not expect nasty surprises. gert -- USENET is *not* the non-clickable
2002 Apr 05
14
PLEASE TEST snapshots
The next OpenSSH release is close, too. If you want OpenSSH 3.2 to be the best version of OpenSSH, then please test the snapshots. If you like to see new features in future OpenSSH releases, then test the snapshots. If you are running OpenBSD then please test the OpenBSD snapshots. If you are running the portable OpenSSH release then please test the nightly snapshots from