similar to: [Fwd: Re: X-windows security in Gnome]

What else can possibly be done to integrate SSH and apps? I mean, it works, doesn't it? Jim's message was unclear - I was left with the impression that Jim was not aware of the existing X11 forwarding in SSH. Cheers, Nico -- > -----Original Message----- > From: Gregory Leblanc [mailto:gleblanc at linuxweasel.com] > Sent: Friday, May 17, 2002 5:33 PM > To: OpenSSH Devel

Hi, On Fri, Mar 27, 2015 at 02:36:50PM +0100, Hubert Kario wrote: > > Same thing with needing sshv1 to access old network gear where even sshv1 > > was an achievement. "Throw away gear that does its job perfectly well, > > but has no sshv2 for *management*" or "keep around an ssh v1 capable > > client"? > > If you depend on hardware like this,

When should sshd disconnect an SSHv2 connection? Markus Friedl says "for protocol v2 the client decides when to close the connection." In principle, I agree, because SSHv2 supports multiple sessions over the same connection, with the client able to launch new sessions anytime then it should be upto the client. But this would be a major cultural change for most users, and would break

Hi, OpenSSH 9.7p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

In SSHv2, the data that consumes window space is that sent in the channel data and channel data extended messages. My question is, how is the data that consumes window space reckoned? One would have thought that it is the total length of the message itself, but the standard seems to imply that only the data contained in the data string field in the messages above is to be taken into account. That

Hi, On Fri, Mar 27, 2015 at 12:53:05PM +0100, Hubert Kario wrote: > On Thursday 26 March 2015 11:19:28 Michael Felt wrote: > > Experience: I have some hardware, on an internal network - that only > > supports 40-bit ssl. I am forced to continue to use FF v17 because that was > > the last browser to provide SSL40-bit support. My security is weakened > > because I cannot

Hi All. This patch calls pam_chauthtok() to change an expired password via PAM during keyboard-interactive authentication (SSHv2 only). It is tested on Redhat 8 and Solaris 8. In theory, it should have simply been a matter of calling pam_chauthtok with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is if it's expired, right? From the Solaris pam_chauthtok man page:

https://bugzilla.mindrot.org/show_bug.cgi?id=2246 Bug ID: 2246 Summary: PAM enhancements for OpenSSH server Product: Portable OpenSSH Version: 6.6p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee: unassigned-bugs at

I almost never use bare 'scp' or 'sftp' anymore; I start with either 'rsync' or, if 'rsync' is not present and not installable on one end or the other, the "tar-over-bare-ssh" approach: ``` tar cf - localpath | ssh remote.host 'cd remotepath && tar xvf -' ``` I'd be in favor of one of the following: 1. 'scp' goes away, and

so, should this go into 3.5? Index: serverloop.c =================================================================== RCS file: /home/markus/cvs/ssh/serverloop.c,v retrieving revision 1.103 diff -u -r1.103 serverloop.c --- serverloop.c 24 Jun 2002 14:33:27 -0000 1.103 +++ serverloop.c 12 Jul 2002 16:34:20 -0000 @@ -388,6 +388,11 @@ buffer_append(&stderr_buffer, buf, len); } } + /*

I'm getting a floating point exception from ssh on an opteron running Linux (in 64 bit). It happens only when I ssh out to a server not supporting SSHv2 and when its public key is not already in the key file. Right after I answer "yes" to the "Are you sure?" prompt I get the exception. Here is the stack trace: Program received signal SIGFPE, Arithmetic exception

Anyone ever come across a linux server host key changing with out a reboot, sshd restart, change in negotiating (SSHv1, SSHv2), and different DNS name or IP address? I have a server on RHEL4.4 that changed its host key. Red Hat Enterprise Linux ES release 4 (Nahant Update 4) openssh-server-3.9p1-8.RHEL4.15 2.6.9-42.ELsmp uptime 944 days Started getting the eavesdropping message from a login

The patch below does two things. 1. If invoked with no arguments, attempt to add both RSA and DSA keys. 2. Remember the last successful passphrase and attempt to use it on subsequent key files which are added. Note that the latter part of the patch extends the period of time during which the passphrase is held in clear text in the ssh-add process, but doesn't introduce any _new_

Has ANYONE been able to verify that Rhosts authentication works with 3.4.p1? Does it work with other SSHv2 implementations? Anybody tried it on a RedHat 7.3 system? Also, I'm curious about this code I found in sshd.c: /* * Check that the connection comes from a privileged port. * Rhosts-Authentication only makes sense from priviledged * programs. Of course, if

When processing ~& with SSHv2 OpenSSH sends \004 (EOT) and does not bother sending SSH2_MSG_CHANNEL_EOF. Why is that? Why is there no direct way to get SSH2_MSG_CHANNEL_EOF or SSH2_MSG_CHANNEL_CLOSE sent? Or is there and I'm just missing it? Thanks, Nico -- -DISCLAIMER: an automatically appended disclaimer may follow. By posting- -to a public e-mail mailing list I hereby grant

Hi, I am still working on getting hostbased authentication working in OpenSSH 3.5p1. I emailed the user list, and got no response. It seems so simple, yet I have continued to have problems getting it working properly. I've read posts about it on this list, and the openssh-unix-dev list, and nothing I have tried seems to work. My question is this, does it matter which key, either

Background ========== "ssh -f ..." causes ssh to fork into the background when userauth successfully completes. WHAT === With this patch "ssh -f -f ..." causes ssh to fork into the background when the first forwarded port/x11 display/agent is successfully opened. WHY === This feature makes launching remote X11 apps more reliable: when ssh exits it must have exited because

Please review the function below, forkoff(), meant to be used in clientloop.c instead of daemon() and the code in process_escapes(). The intention is to make ~D ( like ~& but also detach) possible and to make it possible for ssh -f (or ssh -f -f - see other thread on this) to detach, not just forkoff(). I also intend to use the same detach technique in a feature patch for the hang-on-exit

On Fri, 29 Dec 2017, Daniel Kahn Gillmor wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > Why not make minimum key length a tunable, just as the other options are? > > Because the goal of building secure software is to make it easy to > answer the question "are you using it securely?" This is a nice summation of our approach. It's the

mdb-bsd is a FreeBSD 4.2-STABLE box morpheus is a Red Hat Linux 6.2 box with openssl 0.9.6 on it. Attempts to use SSHv2 fail. Using SSHv1 succeeds. sshd from OpenSSH2.5.1p1 is getting a fatal: xfree: NULL pointer given as argument Full client and server interaction given below. -- Mark Script started on Mon Feb 19 10:47:01 2001 1:mdb at mdb-bsd$ ssh -v -v -v -2 -x morpheus date SSH Version