Displaying 20 results from an estimated 300 matches similar to: "restricing port forwarding ports server-side"
2002 Oct 10
3
pks for openssh
I was directed to the following site by one of our customers regarding
a keyserver built into openssh. There's a patch for 3.4p1 on their
site, but the license isn't very clear, nor is it clear if they have
approached the openssh team regarding the inclusion of this subsystem
into openssh proper.
I've been asked to patch Mandrake's openssh with this feature, but I'm
2009 Jul 07
2
Does anyone know anything about this "0-day" ssh vulnerability?
Hi all. I've looked at the archives and it seems to be quiet regarding
this supposed "0-day" openssh vulnerability and I'm wondering if anyone
here may have some insight or further information regarding it.
We've been monitoring things and the amount of speculative info flying
around is incredible. Some claim it's the CPNI-957037 issue, thus
affecting <5.2, others
2011 Aug 04
3
[Announce] Samba 3.5.11 Available for Download
===================================================================
"Birthdays are nature's way of
telling us to eat more cake."
Source Unknown
==================================================================
Release Announcements
=====================
This is the latest stable release of Samba 3.5.
Major enhancements in Samba 3.5.11 include:
o Fix access to
2011 Aug 04
3
[Announce] Samba 3.5.11 Available for Download
===================================================================
"Birthdays are nature's way of
telling us to eat more cake."
Source Unknown
==================================================================
Release Announcements
=====================
This is the latest stable release of Samba 3.5.
Major enhancements in Samba 3.5.11 include:
o Fix access to
2004 Jun 11
1
LDAP issues with 3.8.1p1
Hello,
I have recently compiled and installed release 3.8.1p1. This was done
on a Solaris 8 system using LDAP as its naming service. The new
release, however, will not let me log in (as a regular user). I
repeatedly get "Permission denied, please try again" messages. The root
user, though, can log in okay. The same thing happened with the 3.7.1p2
release. The 3.6.1p1 release
2005 Sep 06
3
OpenSSH-4.2p1 with OpenSSL-0.98 (bug)
Hello.
Installed OpenSSL-0.98
I cannot collect new OpenSSH-4.2p1 at assembly there is a mistake:
if test ! -z ""; then \
/usr/bin/perl5 ./fixprogs ssh_prng_cmds ; \
fi
(cd openbsd-compat && make)
make[1]: Entering directory `/home/pkg/openssh-4.2p1/openbsd-compat'
make[1]: ???? `all' ?? ??????? ?????????? ??????.
make[1]: Leaving directory
2011 Sep 27
2
[OT] Fetchmail and Mutt help
Hi All,
I setup Fetchmail and wanted to use Mutt to read e-mail. I used to use
Pine and I just am sick of GUI e-mail clients these days. Bloat,
complication and unreliable. Pine was my first ever e-mail client. I
prefer to use POP still as I want may mail on my machine at all times.
I can go into mutt and execute: 'fetchmail -v' and watch it bring down
my e-mail.
But in mutt i dont see
2004 Apr 29
1
openssh and pam_ldap
An observation and a question on the new version of OpenSSH. With
previous version of OpenSSH, using something like pam_ldap to
authenticate users against an LDAP directory worked great, however with
3.8p1 this is no longer the case. If I try to log into a machine with
an account under "LDAP's control", I always get password failures.
However, using an account with a ssh key
2000 Jun 11
0
Additions to UPGRADING?
In upgrading from ssh-1.1.25 to openssh-2.1.1p1, I've come
across a pair of incompatibilities not mentioned in the UPGRADING
list. The first involves the authorized_keys file:
n. No un-quoted spaces are permitted in the options field of the
authorized_keys file.
While this was documented as a restriction in F-Secure SSH, in
practice this was not enforced. OpenSSH does enforce this
2010 Nov 13
2
[PATCH -next] xen: fix header export to userspace
From: Randy Dunlap <randy.dunlap at oracle.com>
scripts/headers_install.pl prevents "__user" from being exported
to userspace headers, so just use compiler.h to make sure that
__user is defined and avoid the error.
unifdef: linux-next-20101112/xx64/usr/include/xen/privcmd.h.tmp: 79: Premature EOF (#if line 33 depth 1)
Signed-off-by: Randy Dunlap <randy.dunlap at
2010 Nov 13
2
[PATCH -next] xen: fix header export to userspace
From: Randy Dunlap <randy.dunlap at oracle.com>
scripts/headers_install.pl prevents "__user" from being exported
to userspace headers, so just use compiler.h to make sure that
__user is defined and avoid the error.
unifdef: linux-next-20101112/xx64/usr/include/xen/privcmd.h.tmp: 79: Premature EOF (#if line 33 depth 1)
Signed-off-by: Randy Dunlap <randy.dunlap at
2010 Nov 13
2
[PATCH -next] xen: fix header export to userspace
From: Randy Dunlap <randy.dunlap at oracle.com>
scripts/headers_install.pl prevents "__user" from being exported
to userspace headers, so just use compiler.h to make sure that
__user is defined and avoid the error.
unifdef: linux-next-20101112/xx64/usr/include/xen/privcmd.h.tmp: 79: Premature EOF (#if line 33 depth 1)
Signed-off-by: Randy Dunlap <randy.dunlap at
2002 Jun 26
5
[PATCH] improved chroot handling
There are a couple of niggles with the sandboxing of the unprivileged
child in the privsep code: the empty directory causes namespace pollution,
and it requires care to ensure that it is set up properly and remains set
up properly. The patch below (against the portable OpenSSH, although the
patch against the OpenBSD version is very similar) replaces the fixed
empty directory with one that is
2008 May 08
1
cvsup.uk.FreeBSD.org
Greetings,
cvsup.uk.FreeBSD.org is outdated.
I know this is not the proper list, but which one is?
--
Best Wishes,
Stefan Lambrev
ICQ# 24134177
2011 Mar 04
2
remote DoS in sftp via crafted glob expressions (CVE-2010-4755)
Hi folks.
We were made aware of a MITRE CVE assignment on OpenSSH for a remote DoS
in sftp, described as:
The (1) remote_glob function in sftp-glob.c and the (2) process_put
function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3
and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote
authenticated users to cause a denial of service (CPU and memory
consumption) via
2002 Jul 25
3
[PATCH] prevent users from changing their environment
We have a system on which users are given a very restricted environment
(their shell is a menu) where they should not be able to run arbitrary
commands. However, because their shell is not statically linked, ld.so
provides a nice clutch of holes for them to exploit. The patch below
adds a new configuration option to sshd which quashes their attempts
to set LD_PRELOAD etc. using ~/.ssh/environment
2002 Aug 13
1
[PATCH] global port forwarding restriction
Here's another patch for people providing ssh access to restricted
environments.
We allow our users to use port forwarding when logging into our mail
servers so that they can use it to fetch mail over an encrypted channel
using clients that don't support TLS, for example fetchmail. (In fact,
fetchmail has built-in ssh support.) However we don't want them connecting
to other places
2003 Feb 05
2
Minor races in sftp-server.c
There are a couple of races in sftp-server as this patch shows:
--- sftp-server.c 28 Jan 2003 18:06:53 -0000 1.1.1.2
+++ sftp-server.c 5 Feb 2003 19:19:42 -0000
@@ -832,19 +832,22 @@
process_rename(void)
{
u_int32_t id;
- struct stat st;
char *oldpath, *newpath;
- int ret, status = SSH2_FX_FAILURE;
+ int status;
id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
2000 Aug 18
0
[RHSA-2000:052-04] Zope update
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Zope update
Advisory ID: RHSA-2000:052-04
Issue date: 2000-08-11
Updated on: 2000-08-18
Product: Red Hat Powertools
Keywords: Zope
Cross references: N/A
2004 Dec 10
5
PDC, BDCs - how do you synchronize roaming profiles?
Hello,
I'm about to deploy Samba PDC and several BDCs.
As far as I understand Samba and domain logons, this means that a user
will be able to log onto any server, with his workstation choosing a
domain controller that is probably the closest/fastest etc. one.
As a consequence, this also means, that on each server there has to be a
copy of a profile of a given user, right?
If so, how can