similar to: OpenSSH_3.6.1p2: key authentication on HP-UX.

"DiNisco, Jeff" wrote: > I read in the change log that you fixed a bug that denies access to > accounts with locked passwords. My environment is dependent on public > key authentication. The account used does not have a person associated > with it but rather a service. I want to keep the password locked. Is > there a way to turn this fix off? What platform are we

On Wed, Feb 25, 2015 at 09:20:01AM +1100, Darren Tucker wrote: [...] > Sigh. And now the right patch from the tree that compiled. > (djm: I get the idea :-) Tim: is this sufficient to back out the "Work around finicky USL linker" change? https://anongit.mindrot.org/openssh.git/commit/?id=d1db656021d0cd8c001a6692f772f1de29b67c8b > diff --git a/openbsd-compat/bsd-misc.c

On Wed, Feb 25, 2015 at 11:50 AM, Kevin Brott <kevin.brott at gmail.com> wrote: > > Interestingly enough if I re-run 'make tests' using HP-UX cc it continues > into the tests because it actuall did build regress netcat! (not executable > - but it's there) ... > > run test connect.sh ... > ssh connect with protocol 1 failed > ssh connect with protocol 2

Hi All. First the questions: Is there anything objectionable in this patch? Is AUDIT_FAIL_AUTH appropriate for the "Reason" field? Now the details: attached is a patch that changes some of the #includes for AIX. It moves the AIX-specific includes to port-aix.h and adds includes that contain the prototypes for many of the authentication functions. The idea isto fix some warnings.

Hi All. As of last night, sshd now segfaults on HP-UX (11.00, gcc 3.2.2) on startup. I've single-stepped through the code in freeaddrinfo and it's called with a valid *addrinfo, follows ai_next once then for some reason attempts to deref the second pointer which is NULL. Suspecting a compiler/optimization bug I recompiled fake-getaddrinfo.c without optimization but that made no

On Wed, Feb 25, 2015 at 09:04:57AM +1100, Darren Tucker wrote: > On Tue, Feb 24, 2015 at 12:11:16PM -0800, Kevin Brott wrote: > > ld: Unsatisfied symbol "xstrdup" in file > > openbsd-compat//libopenbsd-compat.a[bsd-misc.o] > > How about removing the dependency on xmalloc? eg (untested): Shoulda tested it. Now one that will compile: diff --git

Hi all. The old (~3.6.x) PAM code used to send PAM messages to stderr, whereas the new generic loginmsg code sends them to stdout, and it sends an extra newline. I think stderr is probably right, but the extra \n should probably be removed either way. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with

Olli Savia wrote: > The attached patch is a port of the current CVS (2005-08-11) version > of OpenSSH portable to LynxOS. Could you consider adding it to the > future releases of OpenSSH? If the patch needs additional work, please > let me know. Looks mostly reasonable, some comments and questions below. > + AC_DEFINE(LYNXOS_BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf()

Is there a problem with the snapshots? The newest one on ftp.ca.openbsd.org is a week old. -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

Does anyone actually use sshd on a system that doesn't have socketpair? It's used elsewhere so the don't-have path seems like it'd never be exercised these days. Index: monitor.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh/monitor.c,v retrieving revision 1.147 diff -u -p -r1.147 monitor.c --- monitor.c

Hi All. For a couple of weeks, the Portable snapshots have contained optional support for NetBSD's libedit in the sftp client, thanks to djm's work in OpenBSD. It's enabled with: ./configure --with-libedit. If enabled, sftp gains command history, recall and line editing (and probably other features too, I haven't looked into libedit's capabilities much). If not

I am just looking for a quick answer as to whether or not OpennSSH is compatible with Digital Unix Tru64 v 4.0F. Hing Fei Wong Systems Engineer Building 100, M1309 Valley Forge, PA Admin # 4-6242 -----Original Message----- From: Darren Tucker [mailto:dtucker at zip.com.au] Sent: Friday, June 23, 2006 3:53 AM To: Wong, Hing Fei Cc: www at openbsd.org Subject: Re: OpenSSH compatibility with

Hi All. As of now, openssh on AIX passes all regressions tests (and, yes, I just checked!), works with privsep, bugzilla has zero open AIX-specific bugs and IBM ship it essentially unmodified as a supported product. I think it's beyond "support underway" :-) -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69

Hi all. I was getting something working over socks5 and was trying to figure out why it kept using socks4. It wasn't, it was just a misleading debug message.... Patch applies to either OpenBSD or Portable. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience

Hi All. Right now, if OpenSSH is configure'ed --with-kerberos5 and the system has a krb5-config that's not in /usr/local/bin then configure won't find it. The attached patch changes this so krb5-config will be used if it's anywhere in the path (although if it exists in the directory specified by --with-kerberos5= then the user-supplied path will take precedence). You will

Hi All. The attached patch speeds up the dynamic forwarding regression test: * moves starting the test sshd to the outer loop. * kills the sleep of when it's no longer required. -Daz. $ time PATH="`pwd`:$PATH" sh ../regress/test-exec.sh `pwd` \ ../regress/dynamic-forward.orig.sh ok dynamic forwarding real 0m54.585s user 0m5.760s sys 0m0.370s $ time

Hi All. While working on something I noticed core dumps from sshd. They don't seem to be related to what I was working on. It's from the process forked to run the shell. Just after the fork, fatal_remove_all_cleanups() is called, which looks like: fatal_remove_all_cleanups(void) { struct fatal_cleanup *cu, *next_cu; for (cu = fatal_cleanups; cu; cu = next_cu) {

Hi. I made a regression test to catch the crash-on-sighup error that 3.6.1p2 had on a couple of platforms where it would not restart correctly. It's almost entirely code stolen from other tests. I verified it works by breaking saved_argv (the actual problem was not consistent on most platforms). I'd like it to suggest it be included in both the OpenBSD and -portable test suites. --

lambert lau wrote: > I did try the chsys command and it worked, an lssrc > showed it subsystem as active for a while but the SRC > stopped responding a short while later. I then ran > chssys -s prngd -a '-D' which had no effect. I get a > message telling me that the System Resource Controller > daemon is not active. "-D" the option to prevent *sshd* from

Thomas Boernert wrote: > we've a big problem with the new version. > we're using key authentication and in the > sshd_config on the server ist "PasswordAuthentication no". > in this case password authentication should be rejected. > But in the new release it does'nt work !!! > > i do > # ssh server > Enter passphrase for key