similar to: [Bug 364] New: resolution for bug 302 doesn`t appear to work

http://bugzilla.mindrot.org/show_bug.cgi?id=364 mouring at eviladmin.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From mouring at eviladmin.org

I've been trying to cut down the size of openssh so I can run it on my Nokia 770. One thing which helps a fair amount (and will help even more when I get '-ffunction-sections -fdata-sections --gc-sections' working) is to have the option of compiling out privilege separation... Is it worth me tidying this up and trying to make it apply properly to the OpenBSD version? Does the openbsd

Hello, I updated the latest snapshot as RPM's to two of my systems. Basic stuff seems to be working ok. Privilege separation failed though, possibly because I didn't populate /var/empty with PAM entries. Privsep might be a bit raw in any case, at least for the portable. FWIW, I came across error message 'sshd: no user' and had to scratch my head a bit to figure out what it

Hi. Solaris packages created by buildpkg.sh don't create privsep user or group and sshd won't start until they are created (or privsep is disabled): ## Executing postinstall script. starting /usr/local/sbin/sshd... Privilege separation user sshd does not exist /etc/init.d/opensshd: Error 255 starting /usr/local/sbin/sshd... bailing. The attached patch (against -cvs) ports the relevant

Hi, Right now, the unprivileged account for privilege separation is only configurable at compile time (SSH_PRIVSEP_USER). I'd like to ask if it would be acceptable to have the account runtime configurable by adding something like PrivilegeSeparationAccount foo to sshd_config. The reason I'm asking is this. I'm working on a long overdue change to Cygwin which is supposed to get

Dear ssh group, I am having the same problem as reported by mkoopman at cac.com on July 19th on various SUN platforms which I manage. I would appreciate notification of when the bug is fixed or any work-around. Until then I am running 3.4 without the "UsePrivilegeSeparation". Thanks for any help.

Hello Darren, Could you comment on this issue being raised by myself and Corinna Vinschen? This will create big problems for me. I'm not clear if this is a conscious decision supported by solid reasons or if it is just collateral damage. Thank you for all you work! Jack DoDDs -------- Original Message -------- Date: Mon, 27 Mar 2017 16:31:03 +0200 Subject: Re: Announce: OpenSSH 7.5

There are a couple of niggles with the sandboxing of the unprivileged child in the privsep code: the empty directory causes namespace pollution, and it requires care to ensure that it is set up properly and remains set up properly. The patch below (against the portable OpenSSH, although the patch against the OpenBSD version is very similar) replaces the fixed empty directory with one that is

http://bugzilla.mindrot.org/show_bug.cgi?id=302 Summary: make install reports that separation user does not exist... Product: Portable OpenSSH Version: -current Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo:

Hi, This patch (relative to -HEAD) defines an API to allow sandboxing of the pre-auth privsep child and a couple of sandbox implementations. The idea here is to heavily restrict what the network-face pre-auth process can do. This was the original intent behind dropping to a dedicated uid and chrooting to an empty directory, but even this still allows a compromised slave process to make new

Hi, This is included in the release now; any feedback? Privilege separation, or privsep, is method in OpenSSH by which operations that require root privilege are performed by a separate privileged monitor process. Its purpose is to prevent privilege escalation by containing corruption to an unprivileged process. More information is available at:

OpenSSH 7.5 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH community

This patch allows the OpenSSH client to make connections over SCTP, and allows the OpenSSH server to listen for connections over SCTP. SCTP is a robust transport-layer protocol which supports, amongst other things, the changing of endpoint IPs without breaking the connection. To connect via SCTP, pass -H or set "ConnectViaSCTP yes". To listen via SCTP as well as TCP, set

http://bugzilla.mindrot.org/show_bug.cgi?id=302 stevesk at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From stevesk at pobox.com 2002-07-18 15:04

Hi, in my rhtml, I have two parts, the main part and a partial, the main part has a width almost the same, but the partial is much longer and width. when it happens. the vertical scroll appear correctly on the browser, but the horizontal scroll doesn''t appear on the browser, it appears instead on the partial render part, so I have to scoll down until the end of the partial, that use the

Hi, in my rhtml, I have two parts, the main part and a partial, the main part has a width almost the same, but the partial is much longer and width. when it happens. the vertical scroll appear correctly on the browser, but the horizontal scroll doesn''t appear on the browser, it appears instead on the partial render part, so I have to scoll down until the end of the partial, that use the

http://bugzilla.mindrot.org/show_bug.cgi?id=1364 Summary: default for ChallengeResponseAuthentication doesn't match sshd_config Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Other Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

Hi all, I am running Debian Etch. I've compiled openssh-5.0p1 with pam support. I'd like to use a chrooted sftp environment for my users and also log their sftp file transfers. Currently file transfer logging stops working when I implement a jail. Logging from within the chroot seems like a useful feature. I hope it makes it in sooner rather than later. Here's the contents of my

Hello Steve, Hello OpenSSH-portable developers, I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe operating system, and I noticed you do the same for OS/390. Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2 or some such), I thought it was fair enough to help with a little co-operation; we might come up with a unified EBCDIC patch which could be contributed to

Hi, the following patch patches the files in contrib/cygwin. The changes are necessary to allow a better support of privilege separation. On NT machines the script asks now if it should create a user called "sshd" and all that. Additionally it creates the /etc/ssh_config and /etc/sshd_config files follows the latest versions. Would you mind to apply this to the official OpenSSH