similar to: sshd also talking HTTP

While looking for leaks I came across two old packet APIs which are easy to remove. I'm sending patches for each separately. First, there is the packet_set_connection(int fd_in, int fd_out) function in opacket.c The function relies on a behavior in ssh_packet_set_connection() where, when it is passed a NULL pointer, it will implicitely allocate a struct ssh and return it after then set

Hello, I have just found little bug in OpenSSH's tcp_wrappers handling. In file sshd.c you can find: if (!hosts_access(&req)) { close(sock_in); close(sock_out); refuse(&req); } If username was not requierd for authorization (for example you are refusing all connection from specific

Hi, I am trying to create Bid/Ask for each second from a high volume stock and the only way I have been able to solve this is using loops to create the target matrix from the source tick data matrix. Looping is too slow and not practical to use on multiple stocks. For example: Bids Matrix (a real one is 400,000++ length): Bid Time 10.03 11:05:03.124 10.04 11:05:03.348 10.05

It appears that openssh has inherited the dos attack that ssh is susceptible to. This has been discussed on Bugtraq (see http://securityportal.com/list-archive/bugtraq/1999/Sep/0124.html for the thread). There does not appear to be an official for ssh. Attached below is a simple, proof of concept, patch that adds a MaxConnections to sshd_config that sets the maximum number of simultaneous

On 21/01/20 8:44 pm, Damien Miller wrote: > On Tue, 21 Jan 2020, Philipp Marek wrote: > >>> This makes me think that the syslog approach is probably the way to go >> >> Yeah, right. >> Another idea is to mirror the current preauth load via setproctitle()... >> That makes that data accessible even without a syscall (at least the >> writing of the

> This makes me think that the syslog approach is probably the way to go Yeah, right. Another idea is to mirror the current preauth load via setproctitle()... That makes that data accessible even without a syscall (at least the writing of the data - quering needs syscalls, right), so that can be kept up-to-date and allows a high monitoring frequency as well. Multiple instances of SSHd (on

http://bugzilla.mindrot.org/show_bug.cgi?id=294 ------- Additional Comments From ktaylor at daac.gsfc.nasa.gov 2002-06-26 00:53 ------- This is what's reported in the syslog from openssh-2.9.9p2 - with an ip address range listed in hosts.allow Jun 25 10:50:08 6D:server sshd[30123536]: Failed keyboard-interactive for ktaylor from xxx.xxx.xxx.xxx port 40333 ssh2 Jun 25 10:50:13 6D:server

The following is special to sshd 3.9p1 under ReliantUnix 5.45. It does not occur under ReliantUnix 5.43 nor under Solaris 5.8: `pwd`/sshd-3.9 -e -D -d -d -d Now connecting from outside [...] debug1: inetd sockets after dupping: 3, 3 debug1: get_port() calls get_sock_port(3) debug1: getpeername failed: Operation not supported on transport endpoint lsof proves FD 3 is an established TCP

Hi, I have a problem with the extern declarations of optarg, optind, etc. We're currently moving getopt from being a statically linked function to a dynamically linked function as part of the Cygwin DLL. On Windows, this requires to generate special symbols (__imp__optarg, etc.), which is done by marking the exported variables in the corresponding header. Instead of extern char *optarg;

Hello Steve, Hello OpenSSH-portable developers, I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe operating system, and I noticed you do the same for OS/390. Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2 or some such), I thought it was fair enough to help with a little co-operation; we might come up with a unified EBCDIC patch which could be contributed to

this patch adds a LogFile option to sshd_config. it just logs messages directly to a file instead of stderr or syslog. the largest change is an additional argument to log_init() in log.c for the log file name (and then changes to the rest of the tools to add a NULL arg). galt -------------- next part -------------- diff -urN openssh-3.5p1-orig/log.c openssh-3.5p1/log.c ---

Dear OpenSSH Portable sshd developers, I'm having a problem where sshd login sessions are occasionally (as often as once a day) getting stuck indefinitely. I enabled debug messages and got a backtrace of a stuck sshd, and I think I've found the bug. I wanted to run it by the list once before filing. sshd version: OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

Hi everybody, I got the following problems, as I tried to connect from ssh (1.2.27) client to openssh (2.1.1p4) server: Client: ------- $ ssh -l user1 192.168.0.2 user1 at 192.168.0.2's password: Last login: Mon Jul 17 11.05.44 2000 from 192.168.0.1 -bash: ?Ptty3: command not found -bash: Zg9tty3: command not found connection to 192.168.0.2 closed. Server: ------- logfile-entries: Jul 17

I have encountered the same problem with sshd -i (under Mandrake linux 6.1) as that described by Ben L Perkins, this time with 2.1.1p4: ... Last login: Mon Jul 17 12:04:50 2000 from orpheus.qimr.edu.au -bash: ?oe90: command not found -bash: glorious: command not found -bash: ?]r90: command not found -bash: marshall4: command not found Connection to orpheus.qimr.edu.au closed. log: Jul 17

I was wondering what everyone's thoughts were on a simpler way to exclude addresses from having listeners on them. I know a lot of people have multiple subnets, especially larger corporations. Some networks are non-route-able, and therefor unsuitable for use with SSH, aside from communication between other servers on the same subnet. Given that we may want to exclude those non-route-able

Hello all, I recently found myself wanting to run sshd with passphrase-protected host keys rather than the usual unencrypted format, and was somewhat surprised to discover that sshd did not support this. I'm not sure if there's any particular reason for that, but I've developed the below patch (relative to current CVS at time of writing) that implements this. It prompts for the

I have a few patches for AIX. The patchfile is attached below. The patch has been tested on AIX4.2 and AIX4.3. The patch is on openssh-1.2.1pre25, with openssl-0.94, using RSAref. 1) authenticate support - this function allows the system to determine authentification. Whatever the system allows for login, authenticate will too. It doesn't matter whether it is AFS, DFS, SecureID, local.

I would like to remove setsockopt(SO_LINGER), as there does not seem to be a reason for its use. If you know of specific reasons we should keep any of these let me know, or run this patch in local test trees where possible. This is against OpenBSD, but should apply to portable with some fuzz. Index: channels.c =================================================================== RCS file:

I mentioned this problem in a previous post (in November). This time I'm including a patch. Version: OpenSSH_2.3.0p1 Keywords: setsockopt keepalive hang masquerade interactive Symptom: For protocol 2, socket options (especially keepalive) are not being properly set for OpenSSH_2.3.0p1, even when request in the config files. Furthermore (for either protocol), keepalive is only set for