similar to: OpenSSH -current fails regression on Solaris 8, sshd dumps core

I'm not sure if this is useful to anyone, but I made a small patch to include the local IP address that the user connected to in the environment (the opposite of SSH_CLIENT). The variable is called SSH_LOCAL. -Eric -------------- next part -------------- *** openssh-2.9.9p2/canohost.c.bak Sun Jun 24 22:01:24 2001 --- openssh-2.9.9p2/canohost.c Fri Oct 12 16:52:09 2001 *************** ***

Hi, ssh clients shows "closed by UNKNOWN" message when a socket is closed by a remote side while ssh is waiting for user's password: $ ssh user at localhost user at localhost's password: Connection closed by UNKNOWN When the packet_read_seqnr() calls get_remote_ipaddr(), a connection's socket is already closed and there's not been any other call of this function yet

Hi, we got a report on the Cygwin mailing list showing that there's a spurious error message when using the -W option. This didn't occur with OpenSSH 6.4p1. Here's an example: $ ssh machine1 -W machine2:22 getsockname failed: Bad file descriptor SSH-2.0-OpenSSH_6.1 The error message is a result of getsockname being called with a file descriptor -1. The call stack at the

Hi, openssh-1.2.2p1 seems to have 2 problems on ipv6 (and ipv4 mapped addresses). 1. "BREAKIN ATTEMPT" warnings from ipv4 node 2. X forwarding The following patche fixes them. Thanks. diff -ru openssh-1.2.2p1/canohost.c openssh-1.2.2p1-20000308/canohost.c --- openssh-1.2.2p1/canohost.c Fri Jan 14 13:45:48 2000 +++ openssh-1.2.2p1-20000308/canohost.c Wed Mar 8 00:25:18 2000 @@

I'm seeing something similar to bug 1179 (https://bugzilla.mindrot.org/show_bug.cgi?id=1179), even with the reordered IP options check. For some reason, getsockopt is returning an IP options of length 2, value 00 00. Would Mark Weindling's original patch (https://bugzilla.mindrot.org/attachment.cgi?id=1105) break anything if I incorporated it? Platform: HP NonStop S7000 series

Attached is a patch which sets the SSH_AUTHKEY environment variable to be the remaining data at the end of an SSH key which is used for authentication. The motivation behind this is that there are time in which it's useful to know who is on the other end of the connection. For example, if I log in as root on a box, I'd like to be able to configure vi-specific settings, while another user

This is just the first part -- it adds support for correctly reporting incoming connections when there's an external d?mon accepting the connections and invoking 'sshd -i' with them, like inetd does. In later patches I'll extend sshd to listen on a Bluetooth socket (and advertise the service in SDP) for itself, and extend the ssh client to make the connection directly. For now,

On Thu, 26 Feb 2015, Darren Tucker wrote: > I noticed this error log spam on the tinderbox when looking at one of the > failures. It happens with Unix domain socket forwarding is requested: > > debug1: channel 1: new [forwarded-streamlocal at openssh.com] > get_socket_address: getnameinfo 1 failed: ai_family not supported > get_sock_port: getnameinfo NI_NUMERICSERV failed:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just uploaded 1.2.1pre18. This is mainly merges from the OpenBSD tree, bugfixes for Solaris and libc5 Linux systems. It should fix all reported bugs except the snprintf problems on some older Solaris versions. Please test thoroughly, my hope is to have a stable version released before Jan 1. At this point the main holdup is Solaris. I have

In the current implementation, ssh always uses the hostname supplied by the user directly for the SSHFP DNS record lookup. This causes problems when using the domain search path, e.g. I have "search example.com" in my resolv.conf and then do a "ssh host", I will connect to host.example.com, but ssh will query the DNS for an SSHFP record of "host.", not

Hi all, this is a patch to make Ciphers, MACs and KexAlgorithms available in Match blocks. Now I can reach a -current machine with some Android terminal app without changing the default ciphers for all clients: Match Address 192.168.1.2 Ciphers aes128-cbc MACs hmac-sha1 KexAlgorithms diffie-hellman-group-exchange-sha1 Index: servconf.c

https://bugzilla.mindrot.org/show_bug.cgi?id=2373 Bug ID: 2373 Summary: memory leak in sshd.c:2262 Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: trivial Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2256 Bug ID: 2256 Summary: ssh - Connection closed by UNKNOWN Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=377 Summary: Reduce compiler warnings. Use unsigned args to the ctype.h is*() macros. Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: trivial Priority: P2 Component: Miscellaneous

The Kerberos V support may still fail on hosts with two or more interfaces. Regards Markus -------------- next part -------------- *** auth-krb5.c.orig Mon May 20 11:51:57 2002 --- auth-krb5.c Mon May 20 11:53:34 2002 *************** *** 38,43 **** --- 38,44 ---- #include "servconf.h" #include "uidswap.h" #include "auth.h" + #include "canohost.h"

https://bugzilla.mindrot.org/show_bug.cgi?id=2257 Bug ID: 2257 Summary: ssh - Connection closed by UNKNOWN Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

Hi ! I haven't found an easy solution to determine the local IP to which the remote SSH client is connected to the local SSHD. We use MC/Serviceguard which can create many Interfaces where a remote client could connect and we like to know within .profile which interface the client has connected to. I've looked at the sourcecode and maybe the following could do something I described :

As far as I know this patch has no security implications -- I don't believe that allowing sshd to use get_local_name() (in canohost.c) on a connected socket to determine it's own fqdn will allow a malicious client (or router or dns server) to make it come to the wrong conclusion. But please let me know if you think I'm wrong. Please also let me know if you're just not interested

https://bugzilla.mindrot.org/show_bug.cgi?id=2147 Bug ID: 2147 Summary: OpenSSH remote forwarding of dynamic ports doesn't work when you create more than one Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5

Hi, I'm working on some project which is sort of log filter. Last few days I noticed that there are some wacky people scanning sshd port all the time from anywhere. Although sshd reports it with syslog error message which is very helpful, I'd like to know the source ip address with following message: canohost.c: around line #100 if (getaddrinfo(name, NULL, &hints, &aitop) !=