similar to: [openssh-commits] CVS: shitei.mindrot.org: openssh

Thomas Boernert wrote: > we've a big problem with the new version. > we're using key authentication and in the > sshd_config on the server ist "PasswordAuthentication no". > in this case password authentication should be rejected. > But in the new release it does'nt work !!! > > i do > # ssh server > Enter passphrase for key

bugzilla-daemon at mindrot.org wrote: >Summary: segfault if not using pam/keyboard-interactive mech and > password's expired I'm sorry to report that there is a bug in the PAM code in OpenSSH 3.8p1, and sorrier to say that I put it there. This is a NULL pointer dereference and is *not* considered to be a security vulnerability. When sshd is configured --with-pam, run with

Hi All. I'm pleased to report that as of yesterday, OpenSSH -current now supports forced changes of expired passwords on most platforms, and bug #14 is now closed. Specifically, AIX's native authentication, BSD Authentication and shadow passwords with the expiry field are supported. The password is changed by exec'ing /usr/bin/passwd in the session. Interested parties should

The openssh-unix-dev list is the correct place for questions about OpenSSH Portable. chi-leung.wong at nokia.com wrote: > > Hi, > > Sorry to send you this issue but I haven't been able to find > this issue anywhere on the net and we have tried to compile on a few > HPUX 11.11 systems ending up with the same situation. We cheated so the > compile works but does

Hi all. The old (~3.6.x) PAM code used to send PAM messages to stderr, whereas the new generic loginmsg code sends them to stdout, and it sends an extra newline. I think stderr is probably right, but the extra \n should probably be removed either way. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with

Olli Savia wrote: > The attached patch is a port of the current CVS (2005-08-11) version > of OpenSSH portable to LynxOS. Could you consider adding it to the > future releases of OpenSSH? If the patch needs additional work, please > let me know. Looks mostly reasonable, some comments and questions below. > + AC_DEFINE(LYNXOS_BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf()

Is there a problem with the snapshots? The newest one on ftp.ca.openbsd.org is a week old. -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

Does anyone actually use sshd on a system that doesn't have socketpair? It's used elsewhere so the don't-have path seems like it'd never be exercised these days. Index: monitor.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh/monitor.c,v retrieving revision 1.147 diff -u -p -r1.147 monitor.c --- monitor.c

Hi All. For a couple of weeks, the Portable snapshots have contained optional support for NetBSD's libedit in the sftp client, thanks to djm's work in OpenBSD. It's enabled with: ./configure --with-libedit. If enabled, sftp gains command history, recall and line editing (and probably other features too, I haven't looked into libedit's capabilities much). If not

I am just looking for a quick answer as to whether or not OpennSSH is compatible with Digital Unix Tru64 v 4.0F. Hing Fei Wong Systems Engineer Building 100, M1309 Valley Forge, PA Admin # 4-6242 -----Original Message----- From: Darren Tucker [mailto:dtucker at zip.com.au] Sent: Friday, June 23, 2006 3:53 AM To: Wong, Hing Fei Cc: www at openbsd.org Subject: Re: OpenSSH compatibility with

Hi All. As of now, openssh on AIX passes all regressions tests (and, yes, I just checked!), works with privsep, bugzilla has zero open AIX-specific bugs and IBM ship it essentially unmodified as a supported product. I think it's beyond "support underway" :-) -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69

Hi all. I was getting something working over socks5 and was trying to figure out why it kept using socks4. It wasn't, it was just a misleading debug message.... Patch applies to either OpenBSD or Portable. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience

Hi All. Right now, if OpenSSH is configure'ed --with-kerberos5 and the system has a krb5-config that's not in /usr/local/bin then configure won't find it. The attached patch changes this so krb5-config will be used if it's anywhere in the path (although if it exists in the directory specified by --with-kerberos5= then the user-supplied path will take precedence). You will

Hi All. The attached patch speeds up the dynamic forwarding regression test: * moves starting the test sshd to the outer loop. * kills the sleep of when it's no longer required. -Daz. $ time PATH="`pwd`:$PATH" sh ../regress/test-exec.sh `pwd` \ ../regress/dynamic-forward.orig.sh ok dynamic forwarding real 0m54.585s user 0m5.760s sys 0m0.370s $ time

"DiNisco, Jeff" wrote: > I read in the change log that you fixed a bug that denies access to > accounts with locked passwords. My environment is dependent on public > key authentication. The account used does not have a person associated > with it but rather a service. I want to keep the password locked. Is > there a way to turn this fix off? What platform are we

Hi All. While working on something I noticed core dumps from sshd. They don't seem to be related to what I was working on. It's from the process forked to run the shell. Just after the fork, fatal_remove_all_cleanups() is called, which looks like: fatal_remove_all_cleanups(void) { struct fatal_cleanup *cu, *next_cu; for (cu = fatal_cleanups; cu; cu = next_cu) {

Hi. I made a regression test to catch the crash-on-sighup error that 3.6.1p2 had on a couple of platforms where it would not restart correctly. It's almost entirely code stolen from other tests. I verified it works by breaking saved_argv (the actual problem was not consistent on most platforms). I'd like it to suggest it be included in both the OpenBSD and -portable test suites. --

lambert lau wrote: > I did try the chsys command and it worked, an lssrc > showed it subsystem as active for a while but the SRC > stopped responding a short while later. I then ran > chssys -s prngd -a '-D' which had no effect. I get a > message telling me that the System Resource Controller > daemon is not active. "-D" the option to prevent *sshd* from

On Tue, Dec 23, 2008 at 09:14:30AM +0530, Dhanya M.B wrote: > Hi, > > I was trying to install openssh 5.1p from openssh-5.1p1.tar.gz downloaded from www.openssh.com > My system OS is RedHatEnterpriseLinux5.0 Desktop (RHEL5.0) (64 bit). > We have zlib-1.2.3-3 and openssl-0.9.8b-8.3.el5 installed > in the syatem. > > I untarred openssh-5.1p1.tar.gz to >

Hi all. Has anyone had any success building openssh 6.0p1 using clang 2.9? I think I found a compiler bug, at least in the 2.9 that ships with fedora 16 (i386). It causes (at least) ssh-keygen to spin indefinitely eating CPU. I've reduced it to the following test case: $ cat clang-test.c #include <unistd.h> char hostname[64]; int main(int argc, char **argv) { gethostname(hostname,