similar to: *lock* considered empty?

Well, I had just finally gotten around to downloading a snapshot to test the latest on Tru64 a couple of days ago but hadn't had a chance to build it yet, and 3.7p1 has now been released. Sigh. The problem is that Tru64 setreuid() and setregid() are broken, so privsep doesn't work. This could also be a security problem for SIA authentication in general (any version of OpenSSH on Tru64,

I just ran into what I'd describe as an unexpected side-effect. I don't think it's necessarily a bug, and I don't need any assistance in working around it, but this information might be useful to others for troubleshooting. This was using OpenSSH built under Solaris 2.5.1, and running under 2.5.1 or 8. The symptom was that after upgrading from 3.7.1p1 to 3.7.1p2, some accounts

There have been a few recent commits to portable OpenSSH that require testing. It would be appreciated if you could grab the 20031118 (or later) snapshot and give it a try on your platforms of choice. Ideally, "giving it a try" means running the regress tests, in addition to casual (non-production) use and reporting your experiences back to the list. The more platforms and compile-time

Hi, We are preparing to release another stable OpenSSH soon, so once again we are asking for your help in testing CVS snapshots. Changes include: * ssh(1) now allows the optional specification of an address to bind to in port forwarding connections (local, remote and dynamic). See the -L, -R options in the ssh(1) man page as well as LocalForward and RemoteForward options in

Tru64 patch will not make it into 3.5 (this is final) due to lack of willing people to test. I have given the Tru64/osf1 community almost a month to test it. And *ONE* person came forward to give me verification. And don't give me shit about "I don't have time." The person who tested it was LEAVING his employer with Tru64. He found time. IT IS YOUR GAWD DAMN PLATFORM. IF

All, I'm getting the following error message when trying to 'make' OpenSSH 3.7.1p2: cc: Severe: compress.c, line 19: Cannot find file "zlib.h" specified in #include directive. (noinclfilef) #include "zlib.h" -^ *** Exit 1 Stop. What can I do to get this to compile correctly? Thanks in advance, Trevor Strickland trevor.strickland at ed.gov

hi, the man page for sshd(1) says about /etc/nologin: "The file should be world-readable". However, nologin has no effect if it's not readable by the connecting user: if (pw->pw_uid) f = fopen(_PATH_NOLOGIN, "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ ... ... return(254) if root has a

Hello All, Im using OpenSSH 4.2p1. Suppose I disable non-root logins to my system through /etc/nologin file, SSH writes an entry for the non-root user in wtmp file. This is because the writing in wtmp file happens in parent process where checking of nologin file happens in the child one. I like to know whether we should put an entry in wtmp file for such denied logins. Any comments will be

Hi developers, today I tried to disable logins to an ssh server by putting a nologin file into /etc. This only worked for logins that use the password authentication mechanism. publickey-based authentications still succeeded and the users were allowed into the system. This seems straightforward to me since openssh 4.3 disabled the evaluation of /etc/nologin in favour of pam_nologin but

Hello All, I just had an interesting experience tracking down a bug on Solaris 8, and ssh -vvv was of no help which is part of the reason why I write this email. When DSA public/private keys fail to authenticate me without a password, it just falls thru to the next authentication type and I can't see a way to see why it happened. The extra debug levels don't tell me "Hey you idiot,

Hi- Since the tru64 patch was designed for -current, I thought I would try to build it with a recent snapshot before backporting to 3.4p1. So I downloaded openssh-SNAP-20020826.tar.gz frpm the portable snapshots, but it does not contain the 'configure' script. I tried copying the 'configure' from 3.4p1, but that does not create a Makefile from the Makefile.in. Where are the

Hi there, I have just compiled up 3.6.1p2 both with and without Darren Tuckers passexpire patch. However, with the patch applied /etc/nologin isn't displayed to users (on AIX 5.1 / PSSP) The patched vesion seems to fail with "illegal user" - some parts of a debug 3 log... debug1: userauth-request for user ade45 service ssh-connection method none debug1: attempt 0 failures 0

http://bugzilla.mindrot.org/show_bug.cgi?id=715 Summary: usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo:

The Cray and tru64 patches I have, have been applied. Unless there is any major "oh my god it does not work". I believe 3.6 should now be ready for release soon. I'd like to thank everyone for providing feedback on the status of their their platform. Hopefully, we have not missed any platform that is commonly used. - Ben

On Thu, Jul 21, 2016 at 12:31 PM, Selphie Keller <selphie.keller at gmail.com> wrote: > Ahh i see, just got up to speed on the issue, so seems like the issue is > related to blowfish being faster then sha family hashing for longer length > passwords, or the system's crypt() not understanding $2a$ -style salts, which most glibcs don't. On those, crypt fails immediately due

On Wed, Jul 20, 2016 at 09:02:57PM -0600, Selphie Keller wrote: > I wonder if could be useful to set the fall back account to something user > defined to avoid suggesting people add passwords to root, though I do like > root since the account is always there, Since committing that diff I've heard of people running in production with no root password (ie *LK*, !! or similar).

Hello, I encountered the following problem while I typing "ssh -v <host_name>" " hkmarmmspd:/export/home/hkcheung> ssh -v hkmauat OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f debug1: Reading configuration data /usr/local/etc/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: Connecting to hkmauat [172.28.68.52]

Hi, we're currently considering making use of RFC4255 SSHFP records, but are hitting a problem with a 4.4p1 client running on Tru64 5.1A: [...] debug3: verify_host_key_dns DNS lookup error: out of memory [...] No matching host key fingerprint found in DNS. A 4.3p2 linux client gives the following : [...] debug3: verify_host_key_dns debug1: found 1 insecure fingerprints in DNS debug1:

Hi, I've seen a few messages re. problems with 3.7.1p1 on IRIX 6.5... I'm using 6.5.19 and having no trouble compiling, installing and starting, but sshd just closes the connection with no explanation. debug/verbose modes don't seem to give any clues. Darren Tucker suggested defining BROKEN_GETADDRINFO in config.h, but I find that compilation then fails (assuming I've implemented

Hi all, We are running OpenSSH v3.4p1 on three ES340 Alpha which run Tru64 v5.1A. The last couple of weeks, the system hangs at bootup for 15 minutes at the point where it is bring up sshd. When I manually stop and start sshd, it still takes 15 minutes. I manually ran sshd with the -ddd level 3 debug option. sshd hanges at the message which states it is creating a randomized seed. It also