Displaying 20 results from an estimated 1000 matches similar to: "Suggestion: SSHD pseudo/fake mode. Source available."
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the
2018 Oct 22
2
[PATCH] openssl-compat: Add version compatibility for SSLeay and friends
Building OpenSSH without deprecated APIs compiled causes it to fail.
Signed-off-by: Rosen Penev <rosenp at gmail.com>
---
openbsd-compat/openssl-compat.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index 9e0264c0..b4f0908f 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2001 Oct 09
1
TISviaPAM patch
Here is a patch that does TIS auth via PAM. It's controlled by a switch
in the sshd_config. You'd use it by having a PAM module that sets
PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs.
The patch is against the 2.9.9p2 distribution.
I'm not on the list, a reply if this patch is accepted would be great.
(But not required, I know some folks have a distaste for
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi,
sorry if it is the wrong approuch to suggest improvments to OpenSSH,
but here comes my suggestion:
I recently stumbled upon the scponly shell which in it's chroot:ed form is
an ideal solution when you want to share some files with people you trust
more or less.
The problem is, if you use the scponlyc as shell, port forwarding is still
allowed. This can of course be dissallowed in
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2005 Jan 20
2
[Bug 975] Kerberos authentication timing can leak information about account validity
http://bugzilla.mindrot.org/show_bug.cgi?id=975
Summary: Kerberos authentication timing can leak information
about account validity
Product: Portable OpenSSH
Version: -current
Platform: All
URL: http://marc.theaimsgroup.com/?l=openssh-unix-
dev&m=110371328918329&w=2
OS/Version: All
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi,
I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with
FIPS 140-2 OpenSSL.
These are based on previously reported patches by Steve Marquess
<marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>,
for ver. OpenSSH 3.8.
Note that these patches are NOT OFFICIAL, and MAY be used freely by
anyone.
Issues [partially] handled:
SSL FIPS Self test.
RC4,
2009 Sep 02
8
[Bug 1646] New: Match directive does not override default settings
https://bugzilla.mindrot.org/show_bug.cgi?id=1646
Summary: Match directive does not override default settings
Product: Portable OpenSSH
Version: 5.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
2001 Jun 05
1
OpenSSH tmp cleanup
Hi,
I noticed that Markus has fixed the temporary file cleanup problems in
OpenSSH cvs. What files need patching for this ? I only noticed
changes in: session.c, channels.h and channels.c.
-Jarno
--
Jarno Huuskonen <Jarno.Huuskonen at uku.fi>
2004 Sep 20
3
[Bug 933] compile problem on tru64 5.1A code outside of a #ifdef that should not be included on tru64
http://bugzilla.mindrot.org/show_bug.cgi?id=933
Summary: compile problem on tru64 5.1A code outside of a #ifdef
that should not be included on tru64
Product: Portable OpenSSH
Version: 3.8p1
Platform: Alpha
OS/Version: OSF/1
Status: NEW
Severity: normal
Priority: P2
Component: Build
2002 Sep 16
2
privsep versus compression
Hi,
I'm unable to get Kerberos4 authentication working with openssh-3.4p1.
I'm getting a message that privsep is not available on my platform (Irix
6.5.15) and another message stating that compression and privsep are
mutually exclusive. But, ssh decided to turn off compression, I think
because of servconf.c. I think it would be more usefull to have
compression enabled and disable privsep
2001 Nov 06
13
OpenSSH 3.0
OpenSSH 3.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).
We would like to thank the
2011 Oct 02
4
Information on command execution in sshd
Hi,
I was going through the code of open ssh server part ( code for sshd ). My query is when user gives any command ( for example unix command "ls")
in the console ( after ssh login is complete ), which function in sshd will execute this command. I traced that the command is coming to sshd code
in message type SSH2_MSG_CHANNEL_DATA. There is a check using function packet_check_eom().
2009 Feb 05
2
Coding help : Where to log X11 forwards?
OpenSSH 5.1p1
I can't grasp why, when connecting with 'ssh -Y' to this
test host, I am not tickling the verbose() call below that
I have added.
I am logging as auth + verbose in sshd_config
The X11 forward for the session works fine as tested with
xterm.
At any rate, I am looking for some guidance on where
to log X11 forwards that are established, ideally with
a username and remote
2004 Feb 27
1
[PATCH] Getting AFS tokens from a GSSAPI-delegated TGT
Here is a patch I just wrote and tested which may be of interest to
those who wish to use KerberosGetAFSToken (currently requires Heimdal
libkafs) in combination with GSSAPIDelegateCredentials. The patch is
in the public domain and comes with no warranty whatsoever. Applies
to pristine 3.8p1. Works for me on Solaris and Tru64.
I'd probably have used Doug Engert's patch from 2004-01-30 if
2006 Sep 18
1
BSD Auth: set child environment variables requested by login script [PATCH]
Hello,
in the BSD Authentication system the login script can request environment
variables to be set/unset. The call to auth_close() in auth-passwd.c does
change the current environment, but those changes are lost for the child
environment.
It would be really useful to add some kind of mechanism to get
those changes into the child environment. I've added two possible
solutions. Both
2001 Nov 08
2
logging of root logins
On Thu, Nov 08, 2001 at 01:59:25PM +0100, Arthur de Jong wrote:
> root and warthur both have user id 0. Sorry, I should have made that
> clearer. They both have different passwords and rsa keys and I would like
> to be able to make the distinction in the logs. Currently ssh only logs
> that a ROOT user has logged in, not which one.
hm, i don't think uid sharing is a standard unix
2001 Oct 12
17
Please test snapshots for 3.0 release
Could everyone please test the latest snapshots as we will be making a
new release soon.
If you have any patches you would like us to consider, please resend
them to the list ASAP.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
2001 Dec 18
2
[PATCH]: Fix potential security hole in Cygwin version
Hi,
the following patch fixes a potential security hole in the Cygwin
version of sshd.
If you're logging in to a Cygwin sshd with version 2 protocol using an
arbitrary user name which is not in /etc/passwd, the forked sshd which
is handling this connection crashes with a segmentation violation. The
client side encounters an immediate disconnect ("Connection reset by
peer").