similar to: Call for testing for 3.5 OpenSSH

Significant changes since last patch. Deleted patches to packet.c and channel.c - not needed. Add small patch to sshd.c and openbsd/ssh-cray.c to disable cray process privileges. Depending on how a cray unicos/unicosmk system is configured user could su to root without a password with out this mod. Add no_sco flag to noop check for -lrpc which assumes that their was a -lyp library.

sorry, Darren. Long over due comments. [..] >+/* Record a failed login attempt. */ >+void >+record_failed_login(const char *user, const char *host, const char *ttyname) >+{ >+#ifdef WITH_AIXAUTHENTICATE >+ loginfailed(user, host, ttyname); >+#endif >+#ifdef _UNICOS >+ cray_login_failure((char *)user, IA_UDBERR); >+#endif /* _UNICOS */ >+} I like the

This patch fixes my botched attempted to patch deattack.c. I created a bsd-cray.h file and cleaned up a few error cases in bsd-cray.c. Fixed cray_setup call to pass uid and login name in session.c and moved its call so that its called with root privs. Its been tested on a irix, sun, aix, unicos(SV1) and unicosmk(T3E) systems. If you are building this on a T3E you may have to edit the Makefile

Hi, I've seen a few patches related to the PrivSep works. As far as I can see, it seems to work by using a shared memory segment to communicate. I just want to point out that there are some unix systems that do not have mmap() (SCO, older SVR3 systems) or that might have problems with anonymous shared mmap() (don't have an examples, but e.g. the INN docs are full of warnings concerning

Hi, SSH brute force attacks seem to enjoy increasing popularity. Call me an optimist or a misrouted kind of contributer to the community, but on our company server I actually go through the logs and report extreme cases to the providers of the originating IP's. With the increasing number of these attacks, however, I have now decided that it's better to move the SSHd to a different

do_pre_login() in session.c is used (in do_exec_pty()) before it's declared, which is causing some problems for me. please move it up a couple hundred lines in the file. patch included for 0807 snapshot. thanks, wendy % diff -u session.c.orig session.c.mod --- session.c.orig Tue Aug 7 13:11:51 2001 +++ session.c.mod Tue Aug 7 16:21:07 2001 @@ -397,6 +397,34 @@ } }

I'm using openssh 2.5.2p2 on Solaris-x86 2.6. I ran into a couple problems when I set UseLogin to "yes": The big one seems to have been reported before: login refuses to run without a utmpx entry. This problem appears to have been caused by the changes in revision 1.24 of session.c. Before this revision, the record_login() function was always called, no matter how UseLogin was

if i want to learn more about implementing a /dev/urandom, where would be a good place to start? thanks, wendy -- wendy palm Cray OS Sustaining Engineering, Cray Inc. wendyp at cray.com, 651-605-9154

I installed 2.5.1p2 on an irix system and noticed that if a user logged in typed "logname" it was providing the wrong username. File creations were correct, "w" produces the correct output....so something is funky in p2 that wasn't there in p1.

simon- any luck with that GSS-API patch for 3.6.1? ben/markus/whoever - will this ever be added to source? thanks, wendy -- wendy palm Cray OS Sustaining Engineering, Cray Inc. wendyp at cray.com, 651-605-9154

Hi, We are planning on releasing the next version of OpenSSH in a couple of weeks. As always, we would like to see it tested as widely as possible before this happens. We would therefore like you to test the latest snapshots (20030122 and later) on as many machines that you have access to. Ideally this testing should include running the regress tests and use of the snapshots in a

Hi, the following patch fixes a potential security hole in the Cygwin version of sshd. If you're logging in to a Cygwin sshd with version 2 protocol using an arbitrary user name which is not in /etc/passwd, the forked sshd which is handling this connection crashes with a segmentation violation. The client side encounters an immediate disconnect ("Connection reset by peer").

Hi All. For various reasons, we're currently looking at extending (or even overhauling) the config parser used for sshd_config. Right now the syntax I'm looking at is a cumulative "Match" keyword that matches when all of the specified criteria are met. This would be similar the the Host directive used in ssh_config, although it's still limiting (eg you can't easily

--- auth1.c.orig Sat Feb 3 18:17:53 2001 Bringa AIX modes in line with latest changes to auth1.c +++ auth1.c Sat Feb 3 18:19:15 2001 @@ -347,7 +347,7 @@ if (authctxt->failures++ > AUTH_FAIL_MAX) { #ifdef WITH_AIXAUTHENTICATE - loginfailed(user,get_canonical_hostname(),"ssh"); +

OpenSSH 3.3 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.2.3: ============================

Hello Porters, I am attempting to compile OpenSSH 2.9.9p2 on a Dynix V4.4.4 host. I have set USE_PIPES and BROKEN_SAVED_UIDS (the latter because there are no functions for set{eu,eg}id() that I can find). I configured with "./configure '--with-libs=-lnsl -lsec'". Each time I attempt to login, I get this error: No utmp entry. You must exec "login" from

Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /*

This patch is against Cray patch against openssh-SNAP-20010710. Here a few notes about them: 1) rijndael does not work on cray due to the fact it is rooted in 32 bits. I looking for a fix, it may come form Wendy Palam. For now the cray default to the following cihpers for ssh version 2 ssh are: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour 2) Crays don't have setitimer so I

http://bugzilla.mindrot.org/show_bug.cgi?id=367 ------- Additional Comments From wendyp at cray.com 2002-07-23 08:38 ------- Created an attachment (id=134) cray patches ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hi, I've gone and ported the latest version of openssh, 3.1p1, to GNU/Hurd. I've tried to learn from the other threads on this topic, but I still had to get rid of MAXHOSTNAMELEN where I could. James A. Morrison diff -urN openssh-3.1p1.old/Makefile.in openssh-3.1p1/Makefile.in --- openssh-3.1p1.old/Makefile.in Tue Feb 26 14:24:22 2002 +++ openssh-3.1p1/Makefile.in Tue Apr 9 16:16:49