similar to: Opensh Bug Free

I have openssh on my solaris servers, my question or concern I need to lockdown/jail the sftp users so they won't cd out of their home dir (setup of an anonymous ftp servers) and destroy or view other sftp users files. Is this doable with openssh??

On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote: > Date: Mon, 24 Jun 2002 15:00:10 -0600 > From: Theo de Raadt <deraadt at cvs.openbsd.org> > Subject: Upcoming OpenSSH vulnerability > To: bugtraq at securityfocus.com > Cc: announce at openbsd.org > Cc: dsi at iss.net > Cc: misc at openbsd.org > > There is an upcoming OpenSSH vulnerability that

On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote: > Date: Mon, 24 Jun 2002 15:00:10 -0600 > From: Theo de Raadt <deraadt at cvs.openbsd.org> > Subject: Upcoming OpenSSH vulnerability > To: bugtraq at securityfocus.com > Cc: announce at openbsd.org > Cc: dsi at iss.net > Cc: misc at openbsd.org > > There is an upcoming OpenSSH vulnerability that

It's *very* late here (or very early, depending on how you look at it), so please forgive me if this is incoherent. I thought I'd put this out there and perhaps save a few people some frustration. The configure script is much improved, but I still had problems with the OpenSSL detection. Had to tweak it a bit: *** configure-1.2.3pre1 Sat Mar 11 03:29:00 2000 --- configure Sat Mar 11

http://bugzilla.mindrot.org/show_bug.cgi?id=362 Summary: Loss of change password functionality Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-unix-dev at mindrot.org

Hey folks, Here at USC we have a few changes we make to the source code for various reasons -- and we have to make them for each new version. I always shrugged off sending a patch in because the changes felt very internal, but the more I think about it, the more I think perhaps they would be good for the main tree. Additionally, the more of this that gets into the main tree the easier upgrades

OpenSSH 4.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

OpenSSH 4.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

Another instance of OpenSSH 2.9p1 hanging on exit. This occurs when connecting to a Solaris 8 box (both from other Solaris 8 hosts and from Linux hosts, all using OpenSSH 2.9p1). This problem doesn't appear to involve active background jobs; it is not fixed by either the bash fix listed in the FAQ or by zsh's "setopt HUP". I do not see the hang-on-exit behavior with the

On Tue, 6 Nov 2001, Dan Astoorian wrote: > Date: Tue, 6 Nov 2001 13:23:58 -0500 > From: Dan Astoorian <djast at cs.toronto.edu> > To: Dave Dykstra <dwd at bell-labs.com> > Cc: Ed Phillips <ed at UDel.Edu> > Subject: Re: Entropy and DSA key > > On Tue, 06 Nov 2001 10:54:12 EST, Dave Dykstra writes: > > > On Mon, 5 Nov 2001, Ed Phillips wrote: >

safely say they can't get it to work period. I personally (this is ME.. not anyone else mind you!) find it silly to for a bunch of people to stand up and yell "Not vulnerable!". It makes it harder to find the few people in the crowd yelling "Hey, idiots.. upgrade! We are affected!" However, in --current we did decide all fatal() calls should skip dealing with zlib stuff

Hello All, I just had an interesting experience tracking down a bug on Solaris 8, and ssh -vvv was of no help which is part of the reason why I write this email. When DSA public/private keys fail to authenticate me without a password, it just falls thru to the next authentication type and I can't see a way to see why it happened. The extra debug levels don't tell me "Hey you idiot,

It compiled with no problems on both UnixWare 7.1.1 and AIX 4.3.3 by running './configure' Thanh > -----Original Message----- > From: Damien Miller [mailto:djm at mindrot.org] > Sent: Wednesday, June 28, 2000 5:02 PM > To: Gilbert.R.Loomis at saic.com > Cc: nikhil at mailsafe.org; openssh-unix-dev at mindrot.org > Subject: Please test this snapshot > > > On

hey all, I'm using openssh-3.5p1, was trying to set up a 'reverse telnet' session (sun solaris 2.6 on both machines). Anyways, I was doing: server% ssh -R 1111:<server>:2222 <client> client% ssh -p 1111 <client> where <server> is behind a firewall and <client> cannot reach <server> Anyways the idea was to connect to the socket on

SecureComputing's PAM library doesn't pass back the correct context to the pam_conversation function, i.e. it passes back NULL. So this patch works around this fact. likely you'll only want this hack if you expect to use pam_safeword.so in your authentication check, and only if you run sshd in privilege separation (separate process) mode so that the PAM conversation is single

OpenSSH 4.5 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

if [ ! -f /opt/sldx/slwo/openssh-3.1p1/openssh-3.1p1/contrib/solaris/package/usr/local/etc/moduli ]; then \ if [ -f /opt/sldx/slwo/openssh-3.1p1/openssh-3.1p1/contrib/solaris/package/usr/local/etc/primes ]; then \ echo "moving /opt/sldx/slwo/openssh-3.1p1/openssh-3.1p1/contrib/solaris/package/usr/local/etc/primes to /opt/sldx/

Frank-- > Hi, I have a trouble on open ssh, from time to time I got error from > messages file (solaris 8) say sshd socket close, can somebody tell me why. First, it helps if you give your message a better subject than "ssh bug". Second, if this is on a system with port 22 exposed to un-trusted networks, there's a good chance that the messages you're seeing are being

OpenSSH 8.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

My apologies Nico, I overlooked the fact that your post was not to the list since most I receive are cc'd to me. You have my sincere apology for the public re-posting of your private comments. > > I expect private e-mail to stay private. Particularly if I'm > helping someone who I'm not required to help. It seems that you > think that I'm obligated to you. > I have