similar to: sftp-server (secure) chroot patch, comment fix

Hello, I know this chroot issue has been brought up many times before on this list. I saw that the contribibuted chroot-patch was removed from the contrib directory because it always was out of date. The main reason was of course was that sftp-server has to be run as root to be able to do the chroot() call? Most of you are against chroot (since it isnt in the src) but I believe a lot of users

Hello all, Here is an updated patch. I published the original patch published on august 16. --- openssh-3.7.1p2/sftp-server.c.org 2003-08-22 01:34:41.000000000 +0200 +++ openssh-3.7.1p2/sftp-server.c 2003-09-30 17:22:43.730402000 +0200 @@ -24,6 +24,7 @@ #include \"includes.h\" RCSID(\"$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp $\"); +#define CHROOT

Using OpenSSH SFTP with chroot ============================== Several people have been asking now for some kind of documentation on how to use the chroot-patch for the sftp-server. So here it comes. I hope nobody minds that i post this in the developer list. The patch has been provided to the list some time ago. I'm sorry not giving credit to the author, but I really don't know who

Sorry to repost, but I finally have the code on a machine that has diff -u, and I've updated it for 2.9p2. Attached is the unified diff to add logging of SFTP activity to auth.info. If there is a more proper way to contrib patches, please let me know. Cheers, Jason # "Jason A. Dour" <jason at dour.org> http://dour.org/ # Founder / Executive Producer - PJ

This is another take on logging for sftp-server. Given the number of private email requests I've received for this patch, I assume there is signifigant enough interest to request it be reviewed for inclusion into the release. The patch is against 3.1p1, and is completely disabled by default. To enable logging, one must use compile time directives (-DSFTP_LOGGING). This was done due to prior

Hi, please find a patch against openssh-4.7p1 This patch: 1) Allows for an optional configuration file 2) Allows a user to be restricted to a directory and it's children. Enjoy -- Alain Williams Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information:

this patch adds a LogFile option to sshd_config. it just logs messages directly to a file instead of stderr or syslog. the largest change is an additional argument to log_init() in log.c for the log file name (and then changes to the rest of the tools to add a NULL arg). galt -------------- next part -------------- diff -urN openssh-3.5p1-orig/log.c openssh-3.5p1/log.c ---

I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if

The following patch allows OpenSSH 2.2.0-p1 to be started (and managed) from /etc/inittab (by "init") on systems which support that. This is useful when you *really* want SSHD to always run since it will be automatically restarted by "init" if it dies (and if "init" dies the the systems dies :-). I use a line (in /etc/inittab) like this on Solaris systems:

Please find enclosed two patches for OpenSSH 3.1p1. The first patch solves a problem where sessions will be left "hanging" when you normally exit from a ssh shell (for example by logging out from the remote host via "exit" or "logout"). The problem seems to be that sshd (and some other parts of OpenSSH) doesn't check the return code and errno from waitpid() for

Quoting Rick Romero <rick at havokmon.com>: > Quoting Eric Broch <ebroch at whitehorsetc.com>: > >> On 10/4/2018 7:27 AM, Rick Romero wrote: >>> Quoting Eric Broch <ebroch at whitehorsetc.com >>> <mailto:ebroch at whitehorsetc.com>>: >>> >>>> On 10/4/2018 6:34 AM, Rick Romero wrote: >>>>> ? >>>

The following are patches against openssh 2.1.1p4 to add support for the BSD_AUTH authentication mechanisms. It allows the use of non-challenge/response style mechanisms (which styles are allowed my be limited by appropriate auth-ssh entries in login.conf). The patches also add support for calling setusercontext for the appropriate class when called with a command (so that the PATH, limits,

On 10/4/2018 7:27 AM, Rick Romero wrote: > > Quoting Eric Broch <ebroch at whitehorsetc.com > <mailto:ebroch at whitehorsetc.com>>: > >> >> On 10/4/2018 6:34 AM, Rick Romero wrote: >>> > Quoting Aki Tuomi <aki.tuomi at open-xchange.com > <mailto:aki.tuomi at open-xchange.com>>: > >> On 03.10.2018 23:30, Eric Broch wrote:

Hi Aki and Remo, switch from vpopmail driver to SQL driver (if you are using vpopmail with mysql as backend) is very simple. First you need to setup the right query for vpopmail database: # cat /etc/dovecot/dovecot-sql.conf.ext ### Vpopmail driver = mysql connect = host=192.168.1.2 dbname=vpopmail user=vpopmail password=Vp0pM4iL default_pass_scheme = MD5-CRYPT ### Query to get a list of all

Quoting Eric Broch <ebroch at whitehorsetc.com>: > On 10/4/2018 7:27 AM, Rick Romero wrote: >> >> Quoting Eric Broch <ebroch at whitehorsetc.com >> <mailto:ebroch at whitehorsetc.com>>: >> >>> >>> On 10/4/2018 6:34 AM, Rick Romero wrote: >>>> >> Quoting Aki Tuomi <aki.tuomi at open-xchange.com >>

Hi, Related to: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.c.diff?r1=1.100&r2=1.101 It'd appear that logging in readconf.c: --- debug("Applying options for %.100s", arg); debug("Reading configuration data %.200s", filename); --- Goes to /dev/null. This is caused by the fact, that in ssh.c there is: --- /* * Initialize

On 10/4/2018 6:34 AM, Rick Romero wrote: > > Quoting Aki Tuomi <aki.tuomi at open-xchange.com > <mailto:aki.tuomi at open-xchange.com>>: > >> On 03.10.2018 23:30, Eric Broch wrote: >> >>> Hello list, >>> >>> I run Dovecot with the vpopmail driver and have found that it >>> authenticates against the clear text password in the

Hi there, everyone; I've had a few requests for an updated version of my chroot patch. (the version found in contrib is outdated) So, here it goes, updated to 2.3.0p1; "chroot.diff" is a plain diff for session.c (apply, compile and go). "chroot+configure.diff" is the same patch, plus an option to "configure" for enabling/disabling chroot support (./configure

Hi, This patch implements a minimal getpwnam() function in tftpd.c. The reason for the patch is that I needed tftpd to work in my embedded system, which are without libnss*. The patch has been tested, and works for me. Please consider it. Best regards, jules -- Jules Colding <JuBColding at yorkref.com> York Refrigeration diff -urN tftp-hpa-0.34.orig/tftpd/Makefile

I'm not sure why the 'passwd' userdb didn't allow args, but it meant (for instance) that the quota plugins weren't usable. I spent quite a bit of time trying to get my new quota-rquotad plugin to work, only to find out that it was my 'quota=rquotad:<filesystem list>' argument that wasn't being passed to the imap child :) The attached patch implements