similar to: restricing port forwarding ports server-side

I was directed to the following site by one of our customers regarding a keyserver built into openssh. There's a patch for 3.4p1 on their site, but the license isn't very clear, nor is it clear if they have approached the openssh team regarding the inclusion of this subsystem into openssh proper. I've been asked to patch Mandrake's openssh with this feature, but I'm

Hi all. I've looked at the archives and it seems to be quiet regarding this supposed "0-day" openssh vulnerability and I'm wondering if anyone here may have some insight or further information regarding it. We've been monitoring things and the amount of speculative info flying around is incredible. Some claim it's the CPNI-957037 issue, thus affecting <5.2, others

=================================================================== "Birthdays are nature's way of telling us to eat more cake." Source Unknown ================================================================== Release Announcements ===================== This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.11 include: o Fix access to

=================================================================== "Birthdays are nature's way of telling us to eat more cake." Source Unknown ================================================================== Release Announcements ===================== This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.11 include: o Fix access to

Hello, I have recently compiled and installed release 3.8.1p1. This was done on a Solaris 8 system using LDAP as its naming service. The new release, however, will not let me log in (as a regular user). I repeatedly get "Permission denied, please try again" messages. The root user, though, can log in okay. The same thing happened with the 3.7.1p2 release. The 3.6.1p1 release

Hello. Installed OpenSSL-0.98 I cannot collect new OpenSSH-4.2p1 at assembly there is a mistake: if test ! -z ""; then \ /usr/bin/perl5 ./fixprogs ssh_prng_cmds ; \ fi (cd openbsd-compat && make) make[1]: Entering directory `/home/pkg/openssh-4.2p1/openbsd-compat' make[1]: ???? `all' ?? ??????? ?????????? ??????. make[1]: Leaving directory

Hi All, I setup Fetchmail and wanted to use Mutt to read e-mail. I used to use Pine and I just am sick of GUI e-mail clients these days. Bloat, complication and unreliable. Pine was my first ever e-mail client. I prefer to use POP still as I want may mail on my machine at all times. I can go into mutt and execute: 'fetchmail -v' and watch it bring down my e-mail. But in mutt i dont see

An observation and a question on the new version of OpenSSH. With previous version of OpenSSH, using something like pam_ldap to authenticate users against an LDAP directory worked great, however with 3.8p1 this is no longer the case. If I try to log into a machine with an account under "LDAP's control", I always get password failures. However, using an account with a ssh key

In upgrading from ssh-1.1.25 to openssh-2.1.1p1, I've come across a pair of incompatibilities not mentioned in the UPGRADING list. The first involves the authorized_keys file: n. No un-quoted spaces are permitted in the options field of the authorized_keys file. While this was documented as a restriction in F-Secure SSH, in practice this was not enforced. OpenSSH does enforce this

From: Randy Dunlap <randy.dunlap at oracle.com> scripts/headers_install.pl prevents "__user" from being exported to userspace headers, so just use compiler.h to make sure that __user is defined and avoid the error. unifdef: linux-next-20101112/xx64/usr/include/xen/privcmd.h.tmp: 79: Premature EOF (#if line 33 depth 1) Signed-off-by: Randy Dunlap <randy.dunlap at

From: Randy Dunlap <randy.dunlap at oracle.com> scripts/headers_install.pl prevents "__user" from being exported to userspace headers, so just use compiler.h to make sure that __user is defined and avoid the error. unifdef: linux-next-20101112/xx64/usr/include/xen/privcmd.h.tmp: 79: Premature EOF (#if line 33 depth 1) Signed-off-by: Randy Dunlap <randy.dunlap at

From: Randy Dunlap <randy.dunlap at oracle.com> scripts/headers_install.pl prevents "__user" from being exported to userspace headers, so just use compiler.h to make sure that __user is defined and avoid the error. unifdef: linux-next-20101112/xx64/usr/include/xen/privcmd.h.tmp: 79: Premature EOF (#if line 33 depth 1) Signed-off-by: Randy Dunlap <randy.dunlap at

There are a couple of niggles with the sandboxing of the unprivileged child in the privsep code: the empty directory causes namespace pollution, and it requires care to ensure that it is set up properly and remains set up properly. The patch below (against the portable OpenSSH, although the patch against the OpenBSD version is very similar) replaces the fixed empty directory with one that is

Greetings, cvsup.uk.FreeBSD.org is outdated. I know this is not the proper list, but which one is? -- Best Wishes, Stefan Lambrev ICQ# 24134177

Hi folks. We were made aware of a MITRE CVE assignment on OpenSSH for a remote DoS in sftp, described as: The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

Here's another patch for people providing ssh access to restricted environments. We allow our users to use port forwarding when logging into our mail servers so that they can use it to fetch mail over an encrypted channel using clients that don't support TLS, for example fetchmail. (In fact, fetchmail has built-in ssh support.) However we don't want them connecting to other places

There are a couple of races in sftp-server as this patch shows: --- sftp-server.c 28 Jan 2003 18:06:53 -0000 1.1.1.2 +++ sftp-server.c 5 Feb 2003 19:19:42 -0000 @@ -832,19 +832,22 @@ process_rename(void) { u_int32_t id; - struct stat st; char *oldpath, *newpath; - int ret, status = SSH2_FX_FAILURE; + int status; id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL);

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Zope update Advisory ID: RHSA-2000:052-04 Issue date: 2000-08-11 Updated on: 2000-08-18 Product: Red Hat Powertools Keywords: Zope Cross references: N/A

Hello, I'm about to deploy Samba PDC and several BDCs. As far as I understand Samba and domain logons, this means that a user will be able to log onto any server, with his workstation choosing a domain controller that is probably the closest/fastest etc. one. As a consequence, this also means, that on each server there has to be a copy of a profile of a given user, right? If so, how can