similar to: [PATCH]: Remove HAVE_CYGWIN in favor of NO_IPPORT_RESERVED_CONCEPT

Hi, the SETGROUPS_NOOP define is used only for Cygwin. But it's also combined with the HAVE_SETGROUPS test in bsd-misc.c. So, since setgroups() exists and is functional in Cygwin, this is actually a noop in the more general sense. The below patch drops that entirely. Corinna Index: acconfig.h =================================================================== RCS file:

On Fri, Jul 22, 2016 at 12:05:53PM +0200, Corinna Vinschen wrote: [...] > This version doesn't build on Cygwin anymore. The reason is that > various configure tests fail. > > The culprit is the new definition of IPPORT_RESERVED to 0 in configure.ac. Sigh. How about putting it in defines.h instead? includes.h includes netinet/in.h from whence the definition of IPPORT_RESERVED

Hi! Sorry if this has already been reported or even fixed, I didn't search very thoroughly. Here's a patch to make dynamic -R remote port allocation work even when not connecting as root. Without the patch I got that "Server has disabled port forwarding." message visible in the patch. OpenSSH version I'm using is openssh-5.2p1, compiled from official source package,

I am enclosing a context diff of the changes that I made to get openssh working on UWIN. UWIN is a UNIX operating system layer that runs on Win32 systems. For more information on UWIN go to http://www.research.att.com/sw/tools/uwin/. I also ran configure using -with-cppflags=-D_BSDCOMP=2. I don't know where that information would go with the source code. Let me know if you need more

Hi, OpenSSH 5.3 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

Hi, The problem that setsockopt(IP_TOS) doesn't work on Cygwin is long fixed. Ages ago Microsoft changed the definition for IP_TOS when moving from winsock1 to winsock2 and IP_TOS in Cygwin didn't work all these years because nobody (that's especialy me) realized that we were still using the old winsock1 value. This has been fixed since 2005, though. Patch below. Corinna Index:

Hello all, It seems that RhostsAuthentication does not work on non-default port no matter what when connecting from OpenSSH (2.1.1, 2.2.0 tried) either with protocol 1 or protocol 2 (shouldn't work either..). _However_ when connecting with SSH.COM Ltd's ssh, RhostsAuthentication works just fine! Checking the port number of ssh client you can see that OpenSSH doesn't assign

Has ANYONE been able to verify that Rhosts authentication works with 3.4.p1? Does it work with other SSHv2 implementations? Anybody tried it on a RedHat 7.3 system? Also, I'm curious about this code I found in sshd.c: /* * Check that the connection comes from a privileged port. * Rhosts-Authentication only makes sense from priviledged * programs. Of course, if

The patch below implements a couple of features which are useful in an environment where users do not have a regular shell login. It allows you to selectively disable certain features on a system-wide level for users with a certain shell; it also allows you to control and audit TCP forwarding in more detail. Our system is an email server with a menu for the login shell; we selectively allow port

On Fri, Jul 22, 2016 at 10:18 PM, Corinna Vinschen <vinschen at redhat.com> wrote: [...] > Hmm. If that only affects Cygwin, and if defines.h is not synced anyway, > what about getting rid of the configure stuff entirely? > > Tested counterproposal: Looks reasonable. It's late here so I'm going to look at it tomorrow. > As for the comment preceeding the definition,

On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote: > Hi Devin, have you looked at using openssh certificates to help manage [...] > While the feature has been around for a while now (and is really > useful), there doesn't seem to be huge amount of documentation around > it. I found the following useful when getting a client of my running Yeah, when I wrote about it

Hello, The ssh client checks for privileged ports when a local forward is about to be set. This is done in readconf.c's function "add_local_forward": ??? if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0) ??? ??? fatal("Privileged ports can only be forwarded by root."); The constant IPPORT_RESERVED is system wide and fixed at make time.

Attached is a very small patch that allows the ssh clients to use the socks5 library. It should work with socks4 but is untested. Tested on linux only configure --with-socks configure --with-socks5 Also included is a configure option to disable scp statistics --disable-scp-stats modified files openssh-2.9.9p2/acconfig.h openssh-2.9.9p2/channels.c openssh-2.9.9p2/configure.in

Attached is the patch for the Cygwin port of 2.2.0p1. As usual I didn't attach the patch to `configure' but only the patch to `configure.in'. BTW: I have attached a gzip'd version of the patch since it's size is > 20K and I thought that it might be too big. The gzip'd diff is < 8K. What are "Small attachments (such as diff files) within the bounds of common

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

Hi, the below patch removes two special cases for Cygwin, which are already superfluous for a good while. - openbsd-compat/bsd-openpty.c: Since openpty() is implemented in Cygwin now, the bsd-openpty.c code just isn't build into OpenSSH on Cygwin. So the Cygwin special case is useless. - When building OpenSSH for Cygwin, the minires-devel package (development package for the special

Hi All. The recent changes to scp caused build failures on Solaris and AIX 4.2 which showed up on the tinderbox[1]. I mentioned the first to djm in email yesterday but I'm posting after finding the second, in case anyone else has seen similar problems. Solaris' nanosleep is in librt (or libposix4 in older versions) which is not linked. Adding them to configure works fine, however ldd

FreeBSD doesn't have a fixed range of reserved ports, although it still has IPPORT_RESERVED for compatibility; instead, the last reserved port number is indicated by the net.inet.ip.portrange.reservedhigh sysctl, which defaults to IPPORT_RESERVED - 1. The attached patch modifies add_local_forward() to use this sysctl instead of IPPORT_RESERVED on FreeBSD. DES -- Dag-Erling Sm?rgrav - des at

With these versions: ii autoconf 2.54-2 automatic configure script builder ii automake1.6 1.6.3-2 A tool for generating GNU Standards-complian I am unable to build the autoconfiscations. autoheader gives: autoheader2.50: error: AC_CONFIG_HEADERS not found in configure.in What versions are you using? (btw, I do think it would be a very good idea to start using

It looks like there is good support for limiting connections on the server side when the client uses the -L flag. What about support for server side connections (listens) when the client uses the -R flag? I am looking for an equivalent to permitopen that says what ports are valid for the remote host when using the -R flag. As it sits now, an unscrupulous ssh user can bind to any port above 1024