similar to: just curious

Hello all, I just found a bug a nice bug that can be turned into a real feature on systems (usually Linux) that are built with --with-ipv4-default. If you enable IPv6 in kernel, and enable both listenaddress 0.0.0.0 and ::, sshd will error out 'address family not supported'. However, you can work around this error by starting sshd with 'sshd -4 -6'. As far as man page is

Hi, there is a cosmetic problem in openssh (all versions AFAIK): When you start sshd with no "ListenAddress" lines in sshd_config, it tries to bind address "::" (successfuly) and then "0.0.0.0" and it fails with "Address already in use". Moreover it can happen that "0.0.0.0" is in addr list sooner than "::" so sshd than will listen

Hi, I built rpm from openssh-2.5.1p1 srpm on redhat 6.2, then installed it. When trying to ssh from other machine, sshd gives error: ..... Feb 20 17:54:24 foo PAM_pwdb[925]: (login) session opened for user doe by LOGIN(uid=0) Feb 20 17:55:15 foo sshd[1342]: Connection closed by 192.168.0.3 Feb 20 17:55:43 foo sshd[1343]: PAM unable to dlopen(/lib/security/pam_stack.so) Feb 20 17:55:43 foo

Is there any work going into placing keys in a central directory such as LDAP ? Jeff McElroy jmcelroy at dtgnet.com

Damien-- Attached is a patch to contrib/redhat/sshd.init which eliminates the dependency on the success() and failure() functions from initscripts>=4.16. This allows sshd.init to be used for both early and recent releases of Red Hat Linux (i've confirmed it works on both 4.2 and 5.2 as well as 6.2). The patch also removes the 'Requires: initscripts >= 4.16' line from

Hello all, sshd configuration file options change from one release to another. If you forget updating sshd_config, sshd will not start. This is especially painful for update scripts etc. where you can't do e.g. 'sshd -p 2022' to see if it's okay. May I suggest some option, e.g. sshd -t, which would test config files and other obvious issues and return an errorcode if something

Hi, I'd like to bring this up again as there has been discussion about 2.4.0 patches. Getting something this big in would probably delay the release too much, but something similar should be considered for 2.5 then. A lot of people would like some control over port forwarding. Florian Weimer's patches (http://cert.uni-stuttgart.de/files/openssh/) are one, rather "big"

Hello all, OpenSSL 0.9.5a and 0.9.6 are incompatible, causing weird errors. I'd like to get a check for this in the RPMs. However, now I want to make sure whether anyone has experienced problems with RHL 0.9.5a OpenSSL libs vs. the 0.9.5a ones provided at openbsd.org? Ie: is it enough to check like '= 0.9.5a' or do you have to check '= 0.9.5a-xyz'. -- Pekka Savola

Hello all, Very recently, djm added compability patch so that aes/rijndael encryption problems could be avoided when talking to broken server/client; and you wouldn't have to toggle off the protocols yourself. Might this be a candidate for 2.5.2p2 or the like? This would be helpful when there are a lot of broken, 2.3.0 and like, systems. -- Pekka Savola "Tell me of

Hello all, I'm using the attached patch. With it, if you add OPTIONS="-6" in /etc/sysconfig/sshd (this kind of sysconfig/<name> is a pretty normal RHL practice), then you can enable ipv4 and ipv6 on RHL without problems and without having to modify the init.d/sshd script. This or something like should IMO be added. Removing 'noreplace' from sshd_config

ChangeLog: 20010429 - (bal) Updated INSTALL. PCRE moved to a new place. - (djm) Release OpenSSH-2.9p1 However, OpenSSH 2.9p1 is not on the official FTP sites, at least yet? -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords

OpenSSH gurus: Apologies if this has been covered already (or is a genuine FAQ). I've searched both Google and MARC extensively on this issue, and have come up empty. I use OpenSSH 3.0.2p1 (openssl-0.9.6c) on a group of Linux (Slackware 8.0, kernel 2.4.13, glibc 2.2.3) machines that have this in /etc/hosts: 10.1.1.2 s1 s1.[domain].com ... 10.1.1.6 s5 s5.[domain].com This is in

Hi, Running openssh-2.9p2 on Linux. If server is run with 'sshd -6' (to enable ipv6 easily on server end), ie all IPv4 are represented as mapped addresses, port forwarding will not work; just running plain ol' IPv4 fixes this of course. The server error, when forwarding from the client '143:localhost:143' and connecting to localhost 143 is: debug1:

Hi, Here's a problem in openssh, some logs, and a very minor patch that cures this: Issue: (open)ssh client WILL NOT talk to F secure SSH-2.0-2.1.0pl2 client S/W version: openssh-2.3.0p1 client O/S version: SunOS 5.7 Generic_106541-11 sun4u sparc server S/W version: SSH-2.0-2.1.0pl2 server O/S version: SunOS 5.7 Generic_106541-11 sun4u sparc Log/Details: : % telnet <mymachine> 22

I'm getting minor reports from the EFNET irc channel I hang out that ./configure fails to find OpenSSL. However ./configure --with-pam successed. The config.log hints to the fact that -ldl is not included when one does not use --with-pam. Can I get conformation on this? It does not occur on Redhat 7.0. - Ben

http://bugzilla.mindrot.org/show_bug.cgi?id=408 ------- Additional Comments From djm at mindrot.org 2003-01-03 15:26 ------- Created an attachment (id=191) --> (http://bugzilla.mindrot.org/attachment.cgi?id=191&action=view) Suppress protocol errors ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hi! I've got a few machines (Red Hat Linux, IBM AIX, HP-UX) with OpenSSH 2.3.0p1. But it's that RhostAuthentication doesn't work :( Is it true or not? yuliy

The RHL 6.2 command "/etc/rc.d/init.d/crond start" prevents clean logout from compiled version of OpenSSH-2.5.1p1 on all hosts. The command "/etc/rc.d/init.d/crond stop" is OK. This occurs for interactive or command line requests. ssh remotehost /etc/rc.d/init.d/crond stop --- works every time ssh remotehost /etc/rc.d/init.d/crond start --- hangs every time Control-C will

http://bugzilla.mindrot.org/show_bug.cgi?id=44 ------- Additional Comments From jan.iven at cern.ch 2002-07-05 01:11 ------- Update: I have reported this to the glibc people, who say that they will not modify their mkstemp(). (http://bugs.gnu.org/cgi-bin/gnatsweb.pl?debug=&database=default&cmd=view+audit-trail&cmd=view&pr=3573) Attached is a patch to configure{ac,in} to

Hi all, Is there a straightforward way to enable the none cipher for v1 and v2 in the server? Please include my email address in your reply, as I'm not subscribed to this list. Thanks! Mordy -- Mordy Ovits Network Engineer Bloomberg L.P.