similar to: Logging of key fingerprint / comment with v3.4p1

Greetings! I am working on a patch that will support a "ChrootUsers" option in the v3.4p1 config file. I am wondering if there are already plans to support a chroot option on the go? Regards, _________________________________________ Open Text Corporation - HMS Division. John Furman Network Security Officer jfurman at opentext.com www.opentext.com/hms Voc: 519.888.7111 x2361 Fax:

The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2

Hi all, We are running OpenSSH v3.4p1 on three ES340 Alpha which run Tru64 v5.1A. The last couple of weeks, the system hangs at bootup for 15 minutes at the point where it is bring up sshd. When I manually stop and start sshd, it still takes 15 minutes. I manually ran sshd with the -ddd level 3 debug option. sshd hanges at the message which states it is creating a randomized seed. It also

While I was trying to get the patch to work on one of my AIX hosts (4.3.3), I discovered what is probably a bug in the section of code in session.c. for (i = 0; i < options.num_chroot_users; i++) { if (match_user(pw->pw_name, hostname, ipaddr, options.chroot_users[i])) { dir = chroot_dir(pw); /* 'dir' now points to memory block holding pathname */

Hi list, I'm not sure whether this (see below) is a "bug" or a feature but as I cannot find any information on this neither in the INSTALL file nor via ./configure --help or somewhere else, I would like to ask you whether there is an answer to my question. Thanx a lot & kind regards - have a nice day, B. Courtin Question: --------- I lately updatet from OpenSSH 3.0.1p1 to

Hi, FYI - don't sue me for posting this here - I know, everyone who needs this info *should* have it already, but maybe not ;-) Kind regards, B. Courtin -- OpenSSL Security Advisory [30 July 2002] This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory. Advisory 1 ========== A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are

http://bugzilla.mindrot.org/show_bug.cgi?id=413 Summary: Port forwarding: [localhost:]localport:remotehost:remoteport Product: Portable OpenSSH Version: older versions Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo:

We recently started upgrading OpenSSH on our Sol8 systems and we've run into a problem were we can run commands on a remote system since we installed 3.7.1p1. The debug output from sshd is attached below. We use PAM in our environment, and have since 2.9.9p2. I think most of the systems were running 3.4p1 prior installing 3.7.1p1 and they were working - the only thing we replaced was

This patch is against 3.0.2p1. It produces output like the first line in the example below for both v1 and v2 logins. Logging is turned on by sticking ``LogFingerprint yes'' in sshd_conf. It would be nice if something like this would make it into OpenSSH. Dec 4 14:21:09 lizzy.bugworks.com sshd[7774]: [ID 800047 auth.info] Found matching RSA1 key:

http://bugzilla.mindrot.org/show_bug.cgi?id=648 Summary: Cannot login using SecureCRT since openssh 3.7p1 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

Hi Eric, logging is configured in sshd_config with - # Logging # obsoletes QuietMode and FascistLogging SyslogFacility AUTH LogLevel INFO - where 'SyslogFacility' specifies which "facility" (sorry;-), i.e. e.g. 'auth', 'daemon', 'mail' etc should be used and with 'LogLevel' you can specify how verbosely sshd should be. Of course the

Hi everyone, I'm trying to build OpenSSH on my Cobalt Raq2i box which is running the standard Linux installation with all patches installed. I had no problems building OpenSSL v0.9.7b and it installed without problems as well. However, the OpenSSH build keeps failing at a certain point: gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/include

Dear openssh-unix-dev list, in OpenSSH 5.1 you introduced CIDR address/masklen matching for "Match address" blocks in sshd_config as well as supporting CIDR matching in ~/.ssh/authorized_keys from="..." restrictions in sshd. I wonder whether CIDR address/masklen matching will be implemented for permitopen="host:port" restrictions in sshd as well, that would be quite

http://bugzilla.mindrot.org/show_bug.cgi?id=503 Summary: Password is echoed when running passwd via ssh Product: Portable OpenSSH Version: 3.4p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

All, The SAMBA version 3.0.21b expired password pam_winbind.so section perhaps might still have an issue. It seems to just be in some kind of loop and never completes the section in pam_winbind.c of pam_sm_chauthtok. See ssh (Solaris 4.2.p1 ssh) sequence below: ssh hermione Password: Changing password for leeraym (current) NT password: Re-enter new Password: Password: Password:

On Thu, Nov 08, 2001 at 01:59:25PM +0100, Arthur de Jong wrote: > root and warthur both have user id 0. Sorry, I should have made that > clearer. They both have different passwords and rsa keys and I would like > to be able to make the distinction in the logs. Currently ssh only logs > that a ROOT user has logged in, not which one. hm, i don't think uid sharing is a standard unix

Hi, We have upgraded the openssh 4.6P1 on Solaris 8 servers. After upgrade we get the below error message whenever we execute the remote commands using ssh. Please let me know what the fix is for this. Apr 8 03:03:43 dvsrv10 sshd[25379]: [ID 800047 auth.info] Accepted publickey for osteam from 10.0.93.31 port 35856 ssh2 Apr 8 03:03:50 dvsrv10 sshd[25381]: [ID 800047 auth.error] error:

I have passwords turned off, and require keys to match. The zombie armies swarming outside are trying brute force attacks that in part involve guessing login NAMES. If they guess the wrong NAME, this is logged in syslog. If they guess a working user name, then the attack has PARTIALLY SUCCEEDED, but this information is IGNORED. That is, it is not logged. If the zombie army has tell when it

Hi all! wtmp entries are generated when loggin into a system without a command, e.g. "ssh -l user system". When using an additional command executed by ssh on the "other side", no wtmp entry will be generated. So the command "ssh -l user system /bin/csh" will not generate a wtmp entry but the user is logged in ... I have the problem right know. The users are starting

Hi, I've a Solaris 8 with Openshh 3.0.1 (build with these parameters --prefix=/usr/local --without-rsh --disable-suid-ssh --sysconfdir=/usr/local/etc --with-ssl-dir=/usr/local/ssl --with-tcp-wrappers). If I come from the same subnet as the server is on, I've have no problems. But When I try via the Internet I doesn't. If I run snoop I can see I get contact with the server: