similar to: OpenSSH 3.3p1 AIX packages available

Hi All. The 3.3p1 packages became obsolete even faster than I expected! I've just put up SMIT installable .bff packages of 3.4p1 for AIX 4.[23].x at the link below. The usual caveats apply (see page). Link: http://www.zip.com.au/~dtucker/openssh/ -- Darren Tucker (dtucker at zip.com.au) GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with

Hello All, Since (a) I've offered them to people and (b) the previous source of AIX OpenSSH packages (freeware.bull.net) seems to be offline I've put my AIX bff (SMIT/installp installable) packages up for download. Packages for 3.1p1 and 3.2.2p1 are currently available. If you want AIX packages I recommend you build them yourself with contrib/aix/buildbff.sh, however if you can't

Hello All, I've updated the AIX package builder (contrib/aix/buildbff.sh). The changes are below. Please review and commit if OK. First, a question: Does anyone want SRC (System Resource Controller) support in the packages? I don't use it but I've been sent an example of how do do it without modifying sshd itself. Onto the changes: * Supports PrivSep. Postinstall will create

Hi All. AIX native installp/SMIT installable packages of openssh-3.5p1 are now available. There are 2 packages: openssh-3.5p1-1 which contains the PermitRootLogin patch and openssh-3.5p1-1x which also contains the (experimental) password expiration patch. I'm still interested in feedback on the password expiration patch, so if you choose to download the package with it, please let me know

Hi All. New AIX packages of OpenSSH 3.6.1p1 are available for download at [1]. There are two tarballs, one for the as-distributed code and one with the password expiration patch. Each tarball contains binaries for AIX 4.x and AIX 5.x. The usual caveats apply (see page). These packages have been more popular than I ever thought they'd be. They are about to clock up the one thousandth

Hi. If sshd is configured to use PAM and UsePrivilegeSeparation=no or you are logging is as root, any messages returned by PAM session modules are not displayed to the user. (Even when the config file has privsep=yes, logging in as root disables privsep anyway since there's no point, so it behaves the same way as privsep=no). I think I've figured out why: when privsep=no,

Hi all. For those that didn't know it, the OpenSSH portable team has been collecting survey data about the platforms that it runs and the options that it is built with. Partitipation is entirely voluntary and is as simple as running "make send-survey" after building (see the INSTALL file for details and caveats). I've used the data to answer a couple of questions on this list

Hi all. I have a question regarding privsep. Firstly, the following is my understanding of what happens when privsep is enabled: The sshd daemon is running as root listing on 22(a). When a connection is accepted, a child is forked to handle the connection, this child becomes the monitor(b). The monitor forks the pre-auth privsep slave(c), which sheds it privs and hides in its chroot jail.

Hi All. Attached is a patch that converts pam_chauthtok_conv into a generic pam_tty_conv, which is used rather than null_conv for do_pam_session. This allows, for example, display of messages from PAM session modules. The accumulation of PAM messages into loginmsg won't help until there is a way to collect loginmsg from the monitor (see, eg, the patches for bug #463). This is because the

Hi All. As of now, openssh on AIX passes all regressions tests (and, yes, I just checked!), works with privsep, bugzilla has zero open AIX-specific bugs and IBM ship it essentially unmodified as a supported product. I think it's beyond "support underway" :-) -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69

Darren, I went to install zlib/openssl and openssh on one of my Sun Servers(Solaris 2.7) and they would not install. Is there a website where I can get Sun versions of these products? Thanks, Lou -----Original Message----- From: Darren Tucker [mailto:dtucker at zip.com.au] Sent: Saturday, November 22, 2003 9:35 PM To: Pacelli, Louis M, ALABS Cc: OpenSSH Devel List Subject: Re: zlib missing when

Hi All. Today a patch was commited to OpenSSH that performs PAM password changes via SSH2 keyboard-interactive authentication. I should work fine with privsep, which some of the other solutions have problems with. While the patch itself is relatively small, it's bigger than it should have been due to differences in PAM implementations. I encourage anyone with a interest in this to try

Hi All. I'm pleased to report that as of yesterday, OpenSSH -current now supports forced changes of expired passwords on most platforms, and bug #14 is now closed. Specifically, AIX's native authentication, BSD Authentication and shadow passwords with the expiry field are supported. The password is changed by exec'ing /usr/bin/passwd in the session. Interested parties should

Hi, Please find the mail appended below. I need some help on SSH installation. The machine is running on AIX 4.3.2.0. It is a production machine and has some known vulnerable issues with current version of SSH installed. Current SSH version is openSSH_3.7p1 I need to know the highest version of SSH which can be installed on this machine. Please be so kind to send me this info. Regards,

Hi All. Attached is a patch against OpenBSD, based in part on the owl-always-auth patch. The idea is that the only way out of auth_passwd for the failure case is the "return 0" at the bottom. I don't know if this is a good way to do it or not, it's presented for discussion. Also, I don't think 3.6.1p2 is quite right WRT these timing issues (eg, you get a fast failure

Hi all. As Corinna pointed out, there are some cases where sshd will log some authentications twice when privsep=yes. This can happen on any platform although it seems most obvious on the ones that don't do post-auth privsep. It also occurs when sshd logs to stderr (eg running under daemontools) or when you have a /dev/log in the privsep chroot. The patch below attempts to solve this for

[Note: CC to openssh-unix-dev added] "Ph. Marek" wrote: > I found you mail > http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=104970105603800&w=2 > where you claim that you've compiled openssh in AIX. That is correct, AIX 4.2.1, 4.3.3 and 5.1. > Not my situation is as follows: > openssh-3.6.1p1 > AIX 4.2 > gcc >

Hi all. The old (~3.6.x) PAM code used to send PAM messages to stderr, whereas the new generic loginmsg code sends them to stdout, and it sends an extra newline. I think stderr is probably right, but the extra \n should probably be removed either way. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with

Olli Savia wrote: > The attached patch is a port of the current CVS (2005-08-11) version > of OpenSSH portable to LynxOS. Could you consider adding it to the > future releases of OpenSSH? If the patch needs additional work, please > let me know. Looks mostly reasonable, some comments and questions below. > + AC_DEFINE(LYNXOS_BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf()

Is there a problem with the snapshots? The newest one on ftp.ca.openbsd.org is a week old. -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.