similar to: treat output of sshrc as environment assignment lines?

Hello all, $XAUTHORITY location has moved from under /tmp to ~/.Xauthority in 2.9p2. The commit message was: --- remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since we do already trust $HOME/.ssh you can use .ssh/sshrc and .ssh/environment if you want to customize the location of the xauth cookies --- The latter is true, but can only be enabled in per-user basis as far as I see.

http://bugzilla.mindrot.org/show_bug.cgi?id=771 Summary: Add option to override XAUTHORITY env variable Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: SunOS Status: NEW Severity: enhancement Priority: P5 Component: sshd AssignedTo: openssh-bugs at mindrot.org

Hi! It feels like there is an obvious answer to this that I'm not seeing, but I've been testing, reading manuals and googling for a while now and can't seem to get it to work. I have an SSH server that mounts a windows share on login, to act as a SFTP proxy for windows home directories. The mounting of the users' homedirs is done via a call from /etc/ssh/sshrc. This mount

https://bugzilla.mindrot.org/show_bug.cgi?id=3185 Bug ID: 3185 Summary: some bashrc broke sshrc Product: Portable OpenSSH Version: 8.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org

Hi folks, I've got a problem with X11 forwarding on an AIX 5.2 system thats stumped me. I've installed the same patched + compiled installp package on all our aix boxes but one of them won't play ball with X11 ssh -X -v -v user at host gives (grepped out X11 looking lines) debug2: we sent a password packet, wait for reply debug1: Authentication succeeded (password). debug1:

I am considering allowing (relitivly) untrusted local users onto my fileserver, so they can use SFTP to access their home directories. I have a custom shell, (a taint-mode enabled perl script) that allows users to change their password, which I have modifed to only allow a '-c' command for the sftp-server. I have also disabled TCP port forwarding. However, some reading of the OpenSSH

I have just finished battling with this and noticed it has been reported on HP systems too. Problem ist, if you have an sshrc file with: XKEY=`cat -` -n "$DISPLAY" && $XAUTH add $DISPLAY $XKEY then with SSH 3.1 this mysteriously fails, as the DISPLAY is now localhost:10.0 instead of $HOST:10.0 I imagine the reasoning behind the change is to accomodate hosts that have no

http://bugzilla.mindrot.org/show_bug.cgi?id=402 Summary: Suggested sshrc script unsafe Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: minor Priority: P2 Component: Documentation AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: kolya at

sshrc MUST NOT produce any output on 'stdout', use 'stderr' instead. On Wed, Apr 03, 2002 at 01:13:07AM -0800, Mark Pitt wrote: > On AIX 4.3.3 with 2.9.9 and 3.1.p1, once I place "ls" > or any other command in sshrc such as: > > ls > ls > /tmp7junk.txt > cat /tmp/junk.txt > > then scp simply ceases to work, stopping at first > "file

There are situations in which access to one's home directory depends on prior authentication. Here are several: - AFS (requires Kerberos-based tokens) - NFSv4+GSSAPI (requires a Kerberos TGT) - encrypted home directories (requires a token/password to decrypt) As it stands right now, OpenSSH X11 authentication forwarding breaks in these scenarios. This is because unlike the approach

This issue has been discussed here and elsewhere a fair bit in the past year or so, but to re-address the issue... As of OpenSSH 2.9.something the ability to have an Xauthority located in /tmp was removed, with the following description in the ChangeLog : - markus at cvs.openbsd.org 2001/06/12 21:21:29 [session.c] remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since

When doing a make with the portable developer version, I came across this error: ssh/ssh_host_ecdsa_key|/opt/etc/ssh_host_ecdsa_key|g' -e 's|/etc/ssh/ssh_host_dsa_key|/opt/etc/ssh_host_dsa_key|g' -e 's|/etc/ssh/ssh_host_rsa_key|/opt/etc/ssh_host_rsa_key|g' -e 's|/var/run/sshd.pid|/var/run/sshd.pid|g' -e 's|/etc/moduli|/opt/etc/moduli|g' -e

Hi! Several people noticed problems with openssh Version 1.2.2 through 1.2.3 related to X11 forwarding under Linux. For example: Magnus Holmberg <pucko at lysator.liu.se> wrote: > I have just installed openssh-1.2.2p1-1 > on two of my machines and I have one problem. > > I have > X11Forwarding yes > in my /etc/ssh/sshd_config > > but when I try to ssh to that

Hello, Our campus environment would find it very useful to pass user- environment variables for certain login ssh connections, but of course want to avoid the security problems with LD_PRELOAD and PermitUserEnvironment as described in sshd_config manpages. Would the best answer be a patch that adds PermitUserEnvironment support inside match blocks? Are there technical or other reasons

Hi , I open secure Session with X11 forwarding. when run any standard X applicattion like xterm xclock it come up without any error. I start my user X application it fails. On User application side it fails when "xtOpenDisplay" system call with localhost:10.0. On SSH server debug message are : > debug1: X11 connection requested. > debug2: fd 20 setting TCP_NODELAY >

https://bugzilla.mindrot.org/show_bug.cgi?id=1800 Summary: PermitUserEnvironment accepting pattern of allowed userenv variables Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo:

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

I think I have resolved my problem, but having typed most of this I might as well send it. I have OpenSSH_2.5.1p2 which I am trying to build on Irix 5 In Irix /usr/include/paths.h _PATH_ROOTPATH and _PATH_USERPATH are defined. defines.h looks for USER_PATH and _PATH_STDPATH and misses this, so that sshd does not include the path for X11 when users login. I copied a chunk of ifdef viz. #ifdef

Wonder if you guys could help me out...have a security problem with sshd wich enables a user to do a password login tough the sshd_config states PasswordAuthentication no My config works fine in both gentoo and openbsd 3.3 but users are able to login with tunneled clear text passwords in both 4.9 and 5.1 Im lost.tried everything I can think of. Here is the config:

I don't like to be the bearer of bad news, but... In light of the big "ssh hangs on logout" thread (wherein the true culprit was identified as being programs that don't close inherited file descriptors), I find it somewhat ironic that one of those "broken daemon" programs that doesn't close its open fds is sshd. :( http://bugzilla.mindrot.org/show_bug.cgi?id=3