Displaying 20 results from an estimated 5000 matches similar to: "Partial Authentication in OpenSSH"
2002 May 29
0
New initial patch to implement partial auth with SSH2
HI!
I would like to introduce new patch which adds new config option
"AuthOrder2" to sshd_config.
I would like to say that I only modyfied the patch made by Carson
Gaspar.
If you want to know more about this patch see thread at:
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98577021011067&w=2
I will appreciate any feedback from you.
This patch is against 3.1p1.
BTW:
2003 Nov 07
2
Partial authentication
Hello,
I would like to bring up the topic of possibly including partial
authentication functionality into OpneSSH again - it was discussed a few
weeks ago. I believe that implementing auth vectors was suggested as a way
to achieve this.
The reasoning behind the need for partial auth is that there are cases when
multiple methods of authentication are required for the user to be
successfully
2001 Apr 25
6
Updated partial auth patch against CVS
Here is a new version of my partial auth patch against the April 24, 2001
CVS image. It fixes a couple of things (thanks to Karl M
<karlm30 at hotmail.com>), and includes support for hostbased auth. It's still
not pretty, but it works. 2 things Karl mentioned aren't fixed:
- auth methods are still hard-coded into servconf.c. Fixing this would
require a lot of work, and all the
2016 Feb 18
3
Call for testing: OpenSSH 7.2
On 2/17/16 6:02 PM, Darren Tucker wrote:
> On Thu, Feb 18, 2016 at 12:43 PM, Carson Gaspar <carson at taltos.org> wrote:
> [...]
>> Is there a sane way to run just one test script? LTESTS can't be overridden
>> AFAIK...
>
> make t-exec LTESTS=testname
>
> where testname is the name of the specific test script without the .sh
> extension.
Nope, that runs
2003 Aug 22
5
No interest in partial auth?
Hi,
I don't mean to be annoying, but it seems like there isn't any interest in
partial authentication. Is this true? It's not a future plan for OpenSSH
to have this feature?
I'd just like to know if I'm on my own or not.
Thanks
Erik.
2001 Apr 25
2
Makefile.in diff against CVS to prevent man/config rebuild every make
Bug: all .out files get rebuilt every make. This is silly, and breaks make
install if root cannot write to your build dir.
Fix: add dependancy check sop .out files only get rebuilt if the source
file changes
FixBug: if any source file gets changed, all .out files get rebuilt. This
is because man pages and config files both get .out extensions but get
created differently. It's
2001 Jun 15
1
EOL problem with channels.h in CVS
channels.h from today's CVS has MS-DOS ^M end-of-line chars.
--
Carson Gaspar - carson at taltos.org
Queen trapped in a butch body
2001 Mar 28
1
OSSH 2.5.2p2: Why is /usr/local/ put into the include & lib p aths under Solaris?
But the main question hasn't been answered: Why is /usr/local placed before
user-specified paths? Hypothetical example: You want to link against OpenSSL
0.96 for OpenSSH, but /usr/local contains 0.95, which is needed for
something else. (Assume it comes binary only on Solaris for the sake of
argument...)
--Matt
> -----Original Message-----
> From: Damien Miller [mailto:djm at
2001 May 02
2
2.9p1?? core dump in auth_log
auth.c:auth_log contains the following code:
authlog("%s %s for %s%.100s from %.200s port %d%s",
authmsg,
method,
authctxt->valid ? "" : "illegal user ",
---> authctxt->valid && authctxt->pw->pw_uid == 0 ? "ROOT" :
authctxt->user,
get_remote_ipaddr(),
2001 Apr 25
1
Once more, with diffs... (configure.in aclocal.m4 patch against CVS)
The attached unified diff fixes configure so that all --with-libfoo options
are allowed to be --with-libfoo=PATH. If the option is specified with a
PATH, only that PATH is searched for the library. If it is specified as
=yes or with no argument, it tries without modifying anything, and then
tries looking in /usr/local. The SunOS5 targets no longer add /usr/local to
include or library paths
2001 Jun 15
1
Patch for stdout/stderr buffer flush write() handling
The attached patch against today's CVS improves write() error handling and
logging in clientloop.c when flushing stdout/stderr.
--
Carson Gaspar - carson at taltos.org
Queen trapped in a butch body
-------------- next part --------------
A non-text attachment was scrubbed...
Name: clientloop.c.diff
Type: application/octet-stream
Size: 966 bytes
Desc: not available
Url :
2016 Feb 18
5
Call for testing: OpenSSH 7.2
On 2/17/16 3:02 PM, Carson Gaspar wrote:
>
> Sadly I'm hitting a different autoconf bug :-(
I was being an idiot - configure was bombing out & I didn't notice (boy
that openssl version error message is loooooong...)
With Mr. Wilson's patch, I still get:
"sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used
with the Solaris sandbox"
2001 Oct 22
2
configure changes
I finally got around to looking at a bunch of patchs to configure.in, some
of them from back in March. One from Carson Gaspar <carson at taltos.org> looked
promissing at first glance but after many hours I just couldn't get it to
work.
Due to much demand, I have added optional PATH to --with-pcre,
--with-zlib, and --with-tcp-wrappers.
I have done extensive testin on --with-zlib, and
2002 Mar 18
0
Block ssh logins for specific hostnames (CNAMES) all bound to same IP ???
Hi,
I'm interested in the ability to block ssh logins (or alternatively, not
have sshd answer client requests) for certain hostnames that are DNS CNAME
aliases to the canonical name for a given IP address.
To tell you the truth, I don't think this is currently possible through this
setup, and may look further to try to block it at the firewall, but that's a
different discussion... :)
2001 Apr 24
0
About the configure.in patch for 2.5.2p2
Hi !
According to
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98577747029227&w=2
[...snip...]
List: openssh-unix-dev
Subject: Updated configure.in patch for 2.5.2p2
From: Carson Gaspar <carson at taltos.org>
Date: 2001-03-28 11:03:29
[...snip...]
there exists a patch to add --with-zlib (needed when zlib isn't installed
in the standard path. Happens on Solaris
2001 Apr 25
0
configure.in aclocal.m4 patch against CVS
The attached unified diff fixes configure so that all --with-libfoo options
are allowed to be --with-libfoo=PATH. If the option is specified with a
PATH, only that PATH is searched for the library. If it is specified as
=yes or with no argument, it tries without modifying anything, and then
tries looking in /usr/local. The SunOS5 targets no longer add /usr/local to
include or library paths
2001 Apr 25
0
Corrected Makefile.in diff
I attached a broken diff to my last mail. This one actually works. Sorry
for the brain-o's tonight...
--
Carson Gaspar - carson at taltos.org
Queen trapped in a butch body
-------------- next part --------------
A non-text attachment was scrubbed...
Name: makediff
Type: application/octet-stream
Size: 3569 bytes
Desc: not available
Url :
2001 Apr 25
0
Minor bug in HostbasedAuthentication
When using "HostbasedUsesNameFromPacketOnly yes", the ssh client sends the
hostname with a trailing dot, but the server does not strip off the
trailing dot when matching against .shosts et. al., or when looking up keys
in ssh_known_hosts2. This causes the host to not be found. Adding the
hostname with trailing dot to the config files "fixes" this, but I think
sshd should
2001 Apr 25
0
Case study of new possibilities with PartialAuth and HostbasedAuth
Finally all the pieces are in place to allow strong user and host
authentication with SSH2 and the latest OpenSSH code (plus my partial auth
patch). Herein I describe one problem case, and a possible solution thereof.
Target: Allow user logins from host charles to host steve using passwords
Previously, you would have had to trust the IP headers to authenticate
charles. If charles had a
2016 Feb 17
4
Call for testing: OpenSSH 7.2
On 2/17/16 9:50 AM, Carson Gaspar wrote:
> Solaris 10 has setppriv, but does not have priv_basicset. To work on
> Solaris 10, the call would need to be replaced with the equivalent set
> of explicitly listed privs:
The prior art in other apps on the system seems to suggest that
priv_str_to_set is a better fallback if priv_basicset is not available.
I've attached a patch that seems