similar to: a problem in snapshot generation?

Hi, With recent snapshots, I noted a warning in compilation on Red Hat Linux 7.3 system with glibc 2.2.5: uidswap.c: In function `permanently_set_uid': uidswap.c:155: warning: implicit declaration of function `setresgid' uidswap.c:168: warning: implicit declaration of function `setresuid' The problem appears to be that these should be prototyped in unistd.h, but aren't. There

Hi, When implementing forced-commands using authorized-keys, I realized that scp (when run at the server end) arguments -d, -f and -t are not documented on the man page. scp.c: ... /* Server options. */ case 'd': targetshouldbedirectory = 1; break; case 'f': /*

Hi, I'm running Dovecot 1.0.7 (with various patches) on CentOS 5.2. The server has suffered a couple of power loss events. Dovecot is run as a standalone server. The problem is that dovecot refuses to start up at boot because the PID file from before the power loss is left behind. The message is as follows: $ /sbin/service dovecot start Starting Dovecot Imap: Error: Dovecot is already

Hi, I did a command-line upgrade of a RHL73 server to Centos 5. It was a bit rocky road, but in the end it was successful. There's one thing that bugged me. I'm using software RAID1 consisting of /dev/hd{a,c}. No LVM or anything fancy, a number of /dev/mdX partitions, including the root (+/boot). I'd have preferred to continue using lilo as it works more easily with RAID1

There has not been any mention of this, so.. I'm having hard time trying to figure out whether this is for real or just a joke. (Anyway, I don't use those possibly vulnerable features myself.) Any analysis yet? -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R.

Hi, I'm not sure if this has been brought up in the past yet, but when building the kernel from yesterdays 4_RELENG CVSup, I got a lot of complilation warnings (it seems if_ie.c hasn't been updated in 3 months, so changes have happened elsewhere, it seems.) HTH, /usr/src/sys/dev/ie/if_ie.c: In function `ieget': /usr/src/sys/dev/ie/if_ie.c:1178: warning: passing arg 1 of

Hi, The portable R/O CVS repository, openssh at anoncvs.at.openbsd.org, has started asking for password, and this has lasted for about 3-5 days at least. Is something wrong there? -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Hello all, My logs get filled with bogus SSH connection attemps which I'd expect should have been denied without logging, so a couple of observations. Syslog has lots of entries like: Aug 29 02:23:31 otso sshd[21000]: reverse mapping checking getaddrinfo for powered.by.e-leven.be [78.110.207.104] failed - POSSIBLE BREAK-IN ATTEMPT! Aug 29 02:23:31 otso sshd[21000]: Invalid user upload from

whoops, not announce. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Thu, 7 Mar 2002 16:59:38 +0200 (EET) From: Pekka Savola <pekkas at netcore.fi> To: Markus Friedl <markus at

Hello all, I just noticed that AllowHosts feature of SSH Inc's sshd isn't there in OpenSSH yet. Has anyone been working on this? Am I the only one that seems to miss this feature? AllowUsers and AllowGroups is a very nice feature though :) -- Pekka Savola "Tell me of difficulties surmounted, Pekka.Savola at netcore.fi not those you stumble over and

Hello all, It seems that RhostsAuthentication does not work on non-default port no matter what when connecting from OpenSSH (2.1.1, 2.2.0 tried) either with protocol 1 or protocol 2 (shouldn't work either..). _However_ when connecting with SSH.COM Ltd's ssh, RhostsAuthentication works just fine! Checking the port number of ssh client you can see that OpenSSH doesn't assign

No response yet, so resending. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords ---------- Forwarded message ---------- Date: Fri, 12 Oct 2001 09:44:54 +0300 (EEST) From: Pekka Savola <pekkas at netcore.fi> To: Damien Miller

Hello all, OpenSSL 0.9.5a and 0.9.6 are incompatible, causing weird errors. I'd like to get a check for this in the RPMs. However, now I want to make sure whether anyone has experienced problems with RHL 0.9.5a OpenSSL libs vs. the 0.9.5a ones provided at openbsd.org? Ie: is it enough to check like '= 0.9.5a' or do you have to check '= 0.9.5a-xyz'. -- Pekka Savola

Hello all, Tested the latest snapshot. ssh-keyscan seems to have gone in. :) Two issues about it (patched): 1) the man pages aren't installed, only uninstalled 2) RH spec file (and the others no doubt..) won't include it. General observations: for RSA keys only?, kinda obsoletes contrib/make-ssh-known-hosts*. -- Pekka Savola "Tell me of difficulties surmounted,

Hello all, If you try to make a TCP connection to a host, and the host is down, timeouts can be as long as an hour. This is not specific to ssh, or OS. Is this a scenario worth working around, e.g. with a timer when connecting or the like? -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems.

Hello all, I just found a bug a nice bug that can be turned into a real feature on systems (usually Linux) that are built with --with-ipv4-default. If you enable IPv6 in kernel, and enable both listenaddress 0.0.0.0 and ::, sshd will error out 'address family not supported'. However, you can work around this error by starting sshd with 'sshd -4 -6'. As far as man page is

Hello all, I wonder if this is an oversight/bug/feature, but here it goes. It seems that in OpenSSH 2.1, 'w' (or who) command may print out something like this: ---- USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT pekkas ttyp1 - 3:10am 0.00s 0.08s 0.03s w ---- 2.0beta1 was the one I used before, and that printed FROM field properly. Now,

Hello all, Compiling 2.1.1p1 on my RedHat Linux 6.2 w/ 2.2.16 kernel seems to cause errors from the start.. ---- gcc -O2 -m486 -fno-strength-reduce -Wall -DETCDIR=\"/etc/ssh\" -DSSH_PROGRAM=\"/usr/bin/ssh\" -DSSH_ASKPASS_DEFAULT=\"/usr/libexec/ssh/ssh-askpass\" -DHAVE_CONFIG_H -c -o bsd-base64.o bsd-base64.c In file included from defines.h:261, from

Hello all, sshd configuration file options change from one release to another. If you forget updating sshd_config, sshd will not start. This is especially painful for update scripts etc. where you can't do e.g. 'sshd -p 2022' to see if it's okay. May I suggest some option, e.g. sshd -t, which would test config files and other obvious issues and return an errorcode if something

Hi, I'd like to bring this up again as there has been discussion about 2.4.0 patches. Getting something this big in would probably delay the release too much, but something similar should be considered for 2.5 then. A lot of people would like some control over port forwarding. Florian Weimer's patches (http://cert.uni-stuttgart.de/files/openssh/) are one, rather "big"