similar to: Default path to identity file

Here is a patch to allow private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location on systems where home directories are NFS mounted. This is especially important for users who use blank passphrases rather than ssh-agent (a good example of where this is necessary is for tunnelling lpd through ssh on systems that run lpd as user lp). IdentityFile now accepts

[ I'm not subscribed to this list; please CC any followups to me as well ] When a user invokes "ssh-add" with no arguments, I think we should default to adding both version 1 and version 2 keys. Here's a patch against the source included with my Debian package of OpenSSH: walters at space-ghost:/usr/src/ssh/openssh-2.9p2$ diff -u ssh-add.c~ ssh-add.c --- ssh-add.c~ Thu Apr

On Mon, 17 Aug 2015, Todd C. Miller wrote: > I like the idea but tilde_expand_filename() calls fatal() if it > cannot resolve ~foo. This is not terrible when using -L and -R on > the normal command line but it seems pretty harsh to exit when -L > or -R are used via the ~C escape or the streamlocal-forward at openssh.com > request. > Message-Id: <aea6cdc1d1b42d07 at

http://bugzilla.mindrot.org/show_bug.cgi?id=1159 Summary: %u and %h not handled in IdentityFile Product: Portable OpenSSH Version: 4.3p2 Platform: All URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2

By the way, I noticed in the previous IdentityFile patch I forgot to expand tilde. I fixed this by making the change in ssh.c instead of readconf.c, which is probably where it belongs, as far as the existing code is concerned: diff -ur openssh-3.0.2p1/auth.c openssh-3.0.2p1I/auth.c --- openssh-3.0.2p1/auth.c Sun Nov 11 17:06:07 2001 +++ openssh-3.0.2p1I/auth.c Sun Jan 27 12:05:14 2002 @@ -44,7

Here is the user-dependent IdentityFile patch for openssh3.5 (BSD version), which allows private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location. This addresses an important security hole on systems where home directories are NFS mounted, particularly if there are users who use blank passphrases (or when lpd is tunneled through ssh on systems running lpd

http://bugzilla.mindrot.org/show_bug.cgi?id=623 Summary: ssh, ssh-keygen and possibly others do not honour $HOME Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org

Allow users to specify certificates to be used for authentication on the command line with the '-z' argument when running ssh. For successful authentication, the key pair associated with the certificate must also be presented during the ssh. Certificates may also be specified in ssh_config as a CertificateFile. This option is meant the address the issue mentioned in the following

https://bugzilla.mindrot.org/show_bug.cgi?id=1377 Summary: getpwuid called twice without pwcopy (percent_expand: NULL replacement) Classification: Unclassified Product: Portable OpenSSH Version: 4.4p1 Platform: ix86 OS/Version: Mac OS X Status: NEW Severity: major Priority: P2

[ I'm not on this list, so please include me on the replies! ] Hi, I've discovered (at least for me and some colleagues;-) the following problem on Linux@x86 (2.4.*): When we try to mount FS's via smbfs with the option uid=<my_uid> this uid can only be 16bits wide:-( But we have uid's larger than 65536 which than end up beeing interpreted as %2^16 --> not allowing

Hello, whereas most people take passwd/shadow/ldap/<whatever> as the place where decision on a chrooted environment / sandbox for certain users is met (just set the given usershell appropriateley), I needed a somewhat different approach. Below is a tiny patch to 2.2.0p1 which enhances the sshd-config by two options and, when set, places all users / users of a certain group immediately in

I've been running ssh-clients-2.3.0p1-4 on RedHat 7.0 and upgraded to 2.5.1p2-1 yesterday from ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/rpm/SRPMS/. I noticed that 2.5.1p2-1 ssh-add won't look for id_dsa.pub by default -- if I have no identity file it just says "/home/klotz/.ssh/identity: No such file or directory" The 2.5.1p1-1 I got from RedHat's rawhide site

Hi, According to ChangeLog someone "(bal)" removed -{enable/disable}-suid-ssh from configure (dating from 2002/06/07). Don't know the reason, probably this has something to do with PrivilegeSeparation. Consequence is: Users with UID != 0 are no longer able to allocate privileged ports, sshd answers "Rhosts Authentication disabled, originating port will not be

Hi, I saw in archive that some people made a patch to sftp-server, and that patch sets a root path. I'd like to know if there's an ideia to apply that patch in main tree of openssh? With the use of SSHFS [wich uses sftp-server], it would be interesting to have someting like that, because as we have netboot workstations, the access to devices [such as, floppy, cdrom and usb data] are

Hi, I solved it. From the ConstantStruct you can call getOperand() multiple times, so "mine" as deep as you can. On Fri, Mar 1, 2013 at 1:41 PM, Alexandru Ionut Diaconescu < alexandruionutdiaconescu at gmail.com> wrote: > > Hi Sebastian, > > Thanks for the response. > > I already did this : > > I cast the entire annotated expression to Value*. Then, in

Are you analysing sizes in order to perform host<->accelerator memory synchronization? 2013/1/9 Sebastian Dreßler <dressler at zib.de> > Hi Dmitry, > > On 01/09/2013 03:48 PM, Dmitry Mikushin wrote: > > Hi Sebastian, > > > > This kind of analysis is a pretty complex problem in general case. > > Consider, for instance, function "f" has nested

Majid, On Wed, 23 Dec 1998 00:20:31 +1100, Majid Tajamolian wrote: >> >; hosts allow = *.bol.sharif.ac.ir >> >; hosts allow = .bol.sharif.ac.ir >> >; hosts allow = 194.225.42.* >> > hosts allow = 194.225.42. >> >2. As you see above, if I use a domain detector except with the format >> > "194.225.42." , clients on our LAN

Hi Dmitry, On 01/09/2013 03:48 PM, Dmitry Mikushin wrote: > Hi Sebastian, > > This kind of analysis is a pretty complex problem in general case. > Consider, for instance, function "f" has nested calls of other functions > with "side effects", meaning they could potentially change the contents of > "in" or "out" indirectly. For this

Hi, I have a daemon process which is changings things in the system only the superuser should be allowed to change. Lets call it "riskyd". Users use a frontend on the same machine (lets call it "risky"). risky is a SUID program which talks to riskyd by binding to a privileged port, then connecting to riskyd on localhost. riskyd cheks that the connection is coming from

Hello, Documentation states that one should set up only one Samba server as WINS server. While NT's TCP/IP setup has two entrys, one for a primary and one for a secondary WINS server I wonder why there should be only one Samba WINS server. Has anyone tried this with two Samba WINS servers? Did you suffer from any interferences. I did and the machines are running perfectly smooth. Did I