Displaying 20 results from an estimated 800 matches similar to: "chrooting/jailing transfer-only accounts"
2002 Apr 17
4
openssh-SNAP-20020412 and AIX ...
Folks,
On AIX 4.3.3-08ML with the IBM C Compiler, and ssh configured to use
the prngd-socket "/dev/egd-pool", the make bombs out at:
/usr/bin/cc -g -I. -I. -I/usr/local/include
-DSSHDIR=\"/usr/local/etc\"
-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
2002 Jun 25
1
For us AIXers ...
... who are nervous because:
(a) it seems that there will be a widely-known vulnerability
and/exploit for OpenSSH available in the coming days, and
(b) the advertised fix for the problem, privilege separation, doesn't
seem to be working on AIX as of the latest release version of OpenSSH
(based on the comments I've read; I haven't tried it yet) ...
... what should we do? I've
2001 Mar 16
2
SIGHUP/av[0] restart failure
Hello,
OpenSSH 2.5.1p1 running under AIX 4.3.3ML06. When I send a HUP
signal to the parent sshd, that parent process dies, it's children
get "adopted" by init, and the following message is put in the error
log ...
Mar 13 12:01:48 whippet sshd[31644]: Received SIGHUP; restarting.
Mar 13 12:01:48 whippet sshd[31644]: RESTART FAILED: av[0]='sshd',
error: No such file or
2001 Dec 01
0
ssh/sshd_config option confusion ...
Hello,
The item that causes me the most difficulty in deploying OpenSSH (and
the commercial ssh, as well) is confusion over the large number of
options for the configuration file; while the man page gives an
explanation of each one, they are listed alphabetically there, with
no "logical" grouping.
For my own use, I've created a heavily annotated sample sshd_config
file,
2002 Jun 28
3
AIX usrinfo() cleanup.
Can we do this? Or should we drop the whole char *tty; ? There will
be no way of setting the TTY= correctly while using privsep (Mainly for
multiple streams over single session).
The only thing we really could do is do:
In do_setusercontext()
if (use_privsep)
aix_usrinfo(pw, NULL);
and back in the old spot put:
if (!use_privsep)
aix_usrinfo(pw, s->ttyfd == -1 ? NULL : s->tty);
2011 Aug 16
4
Dashboard table resource_statuses growing uncontrollably
I''ve "inherited" the administration of a puppet-dashboard (version
1.1.0, installed on RHEL 5.6 from puppetlabs RPM), and have hit a
problem I''m hoping for some help with.
In short, one table, "resource_statuses" appears to be growing at a
rate far higher then the other tables:
mysql> select count(*) from nodes;
+----------+
| count(*) |
+----------+
|
2002 Feb 20
11
Call for testing.
Recently we made somemajor changes to do_child() in
OpenSSH -current. Those changes included splitting it up
into smaller chunks to help with readability and also to
extract out IRIX and AIX specific code to reduce the number
of lines in our diffs against the OpenSSH tree.
I need people to do some testing on different platforms to ensure
that all the right #ifdef/#endif bits got put back in
2002 Jan 22
7
AIX reading /etc/environment out of step.
I was discussing with Don about a private topic..and while skimming the
code I noticed that during a 'ssh mouring at site ls' the /etc/environment
is *ONLY* read if the remote machine is an AIX box. This is undocumented
and I'm wondering if someone using AIX could explain WHY it exists in the
session.c:do_child()? No other OS has this. I don't see why AIX should
require it.
2001 Sep 14
2
Scads of defunct processes ins AIX 4.3.3
I hope someone can help. I've installed 2.9p2 on a number of AIX boxes and
it works great.
The problem is that a HUGE >700 number of defunct processes get generated
by sshd. Did I do
something wrong ? Any suggestions ?
Please email chuck at fiu.edu as I don't subscribe to the list.
TIA,
Chuck
-------------- next part --------------
A non-text attachment was scrubbed...
Name:
2001 Mar 26
1
duplicated lines in serverloop.c? (openssh252p2)
Hi,
I was looking through the source, and I noticed that the following
code appears twice in the file serverloop.c. Is it supposed to, and
if not, would there be any ill effect?
+289
+290 /* Read and buffer any available stdout data from the
program. */
+291 if (!fdout_eof && FD_ISSET(fdout, readset)) {
+292 len = read(fdout, buf,
2002 Dec 10
1
Problems with the tty's in openssh + AIX
Hi everybody.
I posted this also to comp.sec...ssh, so excuse me for multiple emails.
I downloaded openssh-3.5p1 and compiled under AIX.
Now,
if I run that program, Sandor W. Sklar in bugzilla #124 suggested (see
below),
it works in linux, not in AIX 5.1.
in AIX it produces the same "hang" as the original problems Ihave with
"tclsh"-command. sshd hangs with this output:
2011 Sep 27
2
Dashboard parameters to control VIPs?
Some of the Red Hat Enterprise Linux servers in our environment
sometimes get assigned virtual IP addresses (eth0:1, eth0:2, etc).
Puppet Dashboard''s parameters seem like an ideal way to define and
provision virtual IPs on these servers. One could create a "vip1"
parameter on a node, and define a value of the IP address to use for
that vip. A manifest could then be written to
2001 Mar 05
0
AIX 4.3.3 + sshd = bug
Hello,
I believe that there is a bug in OpenSSH that affects its usage on
AIX 4.3.3 - Maintenance Level 3 and higher. This bug was introduced
by a change by IBM in the "/usr/lib/drivers/ptydd" driver, and it
affected IBM's own telnetd daemon (reference
2002 Jan 10
1
OpenSSH 3.0.Xp1, AIX -> Sun trusted host problem
Hi, Folks ...
Apologies in advance for the length of this message, but I wanted to
be thorough, and provide as much info as I could. I'm trying to
figure out a problem in trusted-host authentication using AIX hosts
as clients, and a Sun host as the server; either I'm missing
something real obvious, or there might be a bug somewhere in some
piece of software involved here.
-- All of
2001 Dec 27
2
sftp-server and chroot
Hi,
It's a shame that the sshd/sftp-server programs do not support chroot and
sftp-only users. As far as I can tell, there's a patch availble that
modifies OpenSSH to chroot() based on a specific entry in /etc/passwd.
Since, I personally, do not enjoy applying unofficial patches to released
programs, I was looking for an alternative but found none.
I've written a small sample
2005 Jul 14
2
[ronvdaal@zarathustra.linux666.com: Possible security issue with FreeBSD 5.4 jailing and BPF]
This message was sent to bugtraq today:
While playing around with FreeBSD 5.4 and jailing I discovered that it was
possible to put an ethernet interface into promiscious mode from within the
jailed environment, allowing a packetsniffer to gather data not meant for
the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.x
This can be reproduced on boxes where BPF support is
2002 Jun 27
1
jailing transfer-only accounts
hello,
we need to transfer files in a secure way with different partners and
clients.
at the momet we're using commercial ssh because we found it the only way to
transfer files in a jailed environment and without offering a login shell.
we'd like to use openssh but found only some patches and wrapper scripts but
nothing "official" to do what we need.
i could image (and read on
2003 Mar 07
6
Call for testing for 3.6
We are heading into a lock here. So we need to get people to test their
respective platforms if they wish them to be supported out of the tar file.
So if you have any patches you need to ensure your platform works speak
up. We are looking at a lock on the 17th.
I believe I have an AIX/Cray patch and a Tru64 patch sitting in my mailbox
that I'll be looking at soon and more than likely
2001 Oct 24
1
Config file semantics change intentional?
In 2.3.0, the per-user config file was read before the system-wide
config file, so options set in ~/.ssh/config took precedence over
system-wide defaults. In 2.9.9, the system-wide file seems to be read
first, contrary to the man page (cf. ssh.c ll. 631-632).
It seems to me that the old behaviour made more sense. (I discovered
the change because I could not override a "ForwardX11"
2002 Oct 11
2
[Bug 413] New: Port forwarding: [localhost:]localport:remotehost:remoteport
http://bugzilla.mindrot.org/show_bug.cgi?id=413
Summary: Port forwarding:
[localhost:]localport:remotehost:remoteport
Product: Portable OpenSSH
Version: older versions
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo: