similar to: [Bug 476] Privsep directory error could be improved

http://bugzilla.mindrot.org/show_bug.cgi?id=476 Summary: Privsep directory error could be improved Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: maf

We run ssh from a program and needed to add port-forwards dynamically. The ~C method turns out to be very cumbersome to use since it reads from /dev/tty. But then I came to think of the master/slave functionality (which we already used) which seemed a perfect place for this functionality. Unfortunately it turned out not to be possible to set up new port forwards in a slave. So I patched openssh

I have been having problems with syslinux not working on one system. The error message was "failed to create ldlinux.sys". I checked and mcopy was installed. But upon further investigation I finally found the problem. I were starting syslinux for python (2.4) and in the python code I made it ignore SIGNCHLD. It turns out that this signal state was inherited by syslinux and it made

Recently I grew tired of the repeated ssh brute-force scanning bots so I implemented a blocking algorithm in our version of OpenSSH. My goal was to find an algorithm which could block most of the brute-force attempts while being simple to implement and not rely on any external software. The algorithm I came up with is that login attempts are blocked if there has been X failed, and no successful,

i think our strategy for privsep is to just keep portable sync'd closely with openbsd's tree, even though things will be broken wrt privsep for many platforms. then we just get primary one's working and work out issues as we go along. i'll start to work on sun and hp-ux again tomorrow.

http://bugzilla.mindrot.org/show_bug.cgi?id=463 ------- Additional Comments From dtucker at zip.com.au 2003-01-07 23:43 ------- Generate the message earlier in the login process and store for display after session startup? Rather than another variable for this (eg aixloginmsg, maybe __pam_msg), what about using a single Buffer for storing all of the messages to be displayed after login?

I've been trying to cut down the size of openssh so I can run it on my Nokia 770. One thing which helps a fair amount (and will help even more when I get '-ffunction-sections -fdata-sections --gc-sections' working) is to have the option of compiling out privilege separation... Is it worth me tidying this up and trying to make it apply properly to the OpenBSD version? Does the openbsd

http://bugzilla.mindrot.org/show_bug.cgi?id=560 Summary: Privsep child continues to run after monitor killed. Product: Portable OpenSSH Version: -current Platform: ix86 URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=164797 OS/Version: Linux Status: NEW Severity: normal Priority: P2

please test Olaf Kirch's patch. it looks fine to me, but i don't to K5. i'd like to see this in the next release. thx -m -------------- next part -------------- --- openssh-3.4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002 +++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002 @@ -73,18 +73,17 @@ * from the ticket */ int -auth_krb5(Authctxt *authctxt, krb5_data *auth, char

http://bugzilla.mindrot.org/show_bug.cgi?id=112 ------- Additional Comments From dan at doxpara.com 2002-02-13 11:43 ------- Heh, I kinda like that. You should update the yes/no prompt to say that pasting the expected host key will result in appropriate testing, as well as providing some sort of error if the remote side *doesn't* match the key pasted in. I hadn't thought of cut

http://bugzilla.mindrot.org/show_bug.cgi?id=463 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #235 is|0 |1 obsolete| | Attachment #288 is|0 |1 obsolete|

http://bugzilla.mindrot.org/show_bug.cgi?id=412 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From markus at openbsd.org 2002-10-12

http://bugzilla.mindrot.org/show_bug.cgi?id=387 ------- Additional Comments From markus at openbsd.org 2002-08-22 06:27 ------- hm, the logoutput from the server would be more helpfull. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=350 ------- Additional Comments From mindrot at extern.wiggy.net 2002-07-10 20:10 ------- This happens with both privsep enabled and disabled. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=463 ------- Additional Comments From dtucker at zip.com.au 2003-05-10 12:59 ------- I've had a look at the OpenBSD source and I don't think OpenBSD *needs* a "Buffer loginmsg" right now. PrintLastLog can be easily fixed by updating s->last_login_time before the privsep split. So, is there another reason OpenBSD needs (or

On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote: > Date: Mon, 24 Jun 2002 15:00:10 -0600 > From: Theo de Raadt <deraadt at cvs.openbsd.org> > Subject: Upcoming OpenSSH vulnerability > To: bugtraq at securityfocus.com > Cc: announce at openbsd.org > Cc: dsi at iss.net > Cc: misc at openbsd.org > > There is an upcoming OpenSSH vulnerability that

On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote: > Date: Mon, 24 Jun 2002 15:00:10 -0600 > From: Theo de Raadt <deraadt at cvs.openbsd.org> > Subject: Upcoming OpenSSH vulnerability > To: bugtraq at securityfocus.com > Cc: announce at openbsd.org > Cc: dsi at iss.net > Cc: misc at openbsd.org > > There is an upcoming OpenSSH vulnerability that

Hi, I'm unable to get Kerberos4 authentication working with openssh-3.4p1. I'm getting a message that privsep is not available on my platform (Irix 6.5.15) and another message stating that compression and privsep are mutually exclusive. But, ssh decided to turn off compression, I think because of servconf.c. I think it would be more usefull to have compression enabled and disable privsep

The next OpenSSH release is close, too. If you want OpenSSH 3.2 to be the best version of OpenSSH, then please test the snapshots. If you like to see new features in future OpenSSH releases, then test the snapshots. If you are running OpenBSD then please test the OpenBSD snapshots. If you are running the portable OpenSSH release then please test the nightly snapshots from

http://bugzilla.mindrot.org/show_bug.cgi?id=205 ------- Additional Comments From mouring at eviladmin.org 2002-04-07 10:28 ------- Created an attachment (id=64) This patch (does not include configure.ac patch) should allow non-mmap platforms to compile, but will not allow them to use privsep period. One has to do more R&D to figure out where to disable compression on sshd since