similar to: chrooting/jailing transfer-only accounts

Folks, On AIX 4.3.3-08ML with the IBM C Compiler, and ssh configured to use the prngd-socket "/dev/egd-pool", the make bombs out at: /usr/bin/cc -g -I. -I. -I/usr/local/include -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"

... who are nervous because: (a) it seems that there will be a widely-known vulnerability and/exploit for OpenSSH available in the coming days, and (b) the advertised fix for the problem, privilege separation, doesn't seem to be working on AIX as of the latest release version of OpenSSH (based on the comments I've read; I haven't tried it yet) ... ... what should we do? I've

Hello, OpenSSH 2.5.1p1 running under AIX 4.3.3ML06. When I send a HUP signal to the parent sshd, that parent process dies, it's children get "adopted" by init, and the following message is put in the error log ... Mar 13 12:01:48 whippet sshd[31644]: Received SIGHUP; restarting. Mar 13 12:01:48 whippet sshd[31644]: RESTART FAILED: av[0]='sshd', error: No such file or

Hello, The item that causes me the most difficulty in deploying OpenSSH (and the commercial ssh, as well) is confusion over the large number of options for the configuration file; while the man page gives an explanation of each one, they are listed alphabetically there, with no "logical" grouping. For my own use, I've created a heavily annotated sample sshd_config file,

Can we do this? Or should we drop the whole char *tty; ? There will be no way of setting the TTY= correctly while using privsep (Mainly for multiple streams over single session). The only thing we really could do is do: In do_setusercontext() if (use_privsep) aix_usrinfo(pw, NULL); and back in the old spot put: if (!use_privsep) aix_usrinfo(pw, s->ttyfd == -1 ? NULL : s->tty);

I''ve "inherited" the administration of a puppet-dashboard (version 1.1.0, installed on RHEL 5.6 from puppetlabs RPM), and have hit a problem I''m hoping for some help with. In short, one table, "resource_statuses" appears to be growing at a rate far higher then the other tables: mysql> select count(*) from nodes; +----------+ | count(*) | +----------+ |

Recently we made somemajor changes to do_child() in OpenSSH -current. Those changes included splitting it up into smaller chunks to help with readability and also to extract out IRIX and AIX specific code to reduce the number of lines in our diffs against the OpenSSH tree. I need people to do some testing on different platforms to ensure that all the right #ifdef/#endif bits got put back in

I was discussing with Don about a private topic..and while skimming the code I noticed that during a 'ssh mouring at site ls' the /etc/environment is *ONLY* read if the remote machine is an AIX box. This is undocumented and I'm wondering if someone using AIX could explain WHY it exists in the session.c:do_child()? No other OS has this. I don't see why AIX should require it.

I hope someone can help. I've installed 2.9p2 on a number of AIX boxes and it works great. The problem is that a HUGE >700 number of defunct processes get generated by sshd. Did I do something wrong ? Any suggestions ? Please email chuck at fiu.edu as I don't subscribe to the list. TIA, Chuck -------------- next part -------------- A non-text attachment was scrubbed... Name:

Hi, I was looking through the source, and I noticed that the following code appears twice in the file serverloop.c. Is it supposed to, and if not, would there be any ill effect? +289 +290 /* Read and buffer any available stdout data from the program. */ +291 if (!fdout_eof && FD_ISSET(fdout, readset)) { +292 len = read(fdout, buf,

Hi everybody. I posted this also to comp.sec...ssh, so excuse me for multiple emails. I downloaded openssh-3.5p1 and compiled under AIX. Now, if I run that program, Sandor W. Sklar in bugzilla #124 suggested (see below), it works in linux, not in AIX 5.1. in AIX it produces the same "hang" as the original problems Ihave with "tclsh"-command. sshd hangs with this output:

Some of the Red Hat Enterprise Linux servers in our environment sometimes get assigned virtual IP addresses (eth0:1, eth0:2, etc). Puppet Dashboard''s parameters seem like an ideal way to define and provision virtual IPs on these servers. One could create a "vip1" parameter on a node, and define a value of the IP address to use for that vip. A manifest could then be written to

Hello, I believe that there is a bug in OpenSSH that affects its usage on AIX 4.3.3 - Maintenance Level 3 and higher. This bug was introduced by a change by IBM in the "/usr/lib/drivers/ptydd" driver, and it affected IBM's own telnetd daemon (reference

Hi, Folks ... Apologies in advance for the length of this message, but I wanted to be thorough, and provide as much info as I could. I'm trying to figure out a problem in trusted-host authentication using AIX hosts as clients, and a Sun host as the server; either I'm missing something real obvious, or there might be a bug somewhere in some piece of software involved here. -- All of

Hi, It's a shame that the sshd/sftp-server programs do not support chroot and sftp-only users. As far as I can tell, there's a patch availble that modifies OpenSSH to chroot() based on a specific entry in /etc/passwd. Since, I personally, do not enjoy applying unofficial patches to released programs, I was looking for an alternative but found none. I've written a small sample

This message was sent to bugtraq today: While playing around with FreeBSD 5.4 and jailing I discovered that it was possible to put an ethernet interface into promiscious mode from within the jailed environment, allowing a packetsniffer to gather data not meant for the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.x This can be reproduced on boxes where BPF support is

hello, we need to transfer files in a secure way with different partners and clients. at the momet we're using commercial ssh because we found it the only way to transfer files in a jailed environment and without offering a login shell. we'd like to use openssh but found only some patches and wrapper scripts but nothing "official" to do what we need. i could image (and read on

We are heading into a lock here. So we need to get people to test their respective platforms if they wish them to be supported out of the tar file. So if you have any patches you need to ensure your platform works speak up. We are looking at a lock on the 17th. I believe I have an AIX/Cray patch and a Tru64 patch sitting in my mailbox that I'll be looking at soon and more than likely

In 2.3.0, the per-user config file was read before the system-wide config file, so options set in ~/.ssh/config took precedence over system-wide defaults. In 2.9.9, the system-wide file seems to be read first, contrary to the man page (cf. ssh.c ll. 631-632). It seems to me that the old behaviour made more sense. (I discovered the change because I could not override a "ForwardX11"

http://bugzilla.mindrot.org/show_bug.cgi?id=413 Summary: Port forwarding: [localhost:]localport:remotehost:remoteport Product: Portable OpenSSH Version: older versions Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: