similar to: Openssh 3.9p1 query - TOP URGENT.

hi, Solaris doesn't have getpeereid() or SO_PEERCRED. However, getpeerucred() is perfectly usable for that; and it's in Solaris 10 and OpenSolaris. So, ssh-agent(1) security there so far depends only on permissions of the socket directory and with this patch it checks peer's credentials, too. I patched following files using a snapshot from 20060921: openssh/config.h.in

Hello, I use OpenSSH version 3.8.1p1. It works very good. I compile new version OpenSSH 3.9p1 but I get following warning: configure: WARNING: sys/ptms.h: present but cannot be compiled configure: WARNING: sys/ptms.h: check for missing prerequisite headers? configure: WARNING: sys/ptms.h: see the Autoconf documentation configure: WARNING: sys/ptms.h: section "Present But Cannot Be

http://bugzilla.mindrot.org/show_bug.cgi?id=930 Summary: two configure warnings Product: Portable OpenSSH Version: 3.8p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy: cbar44 at

http://bugzilla.mindrot.org/show_bug.cgi?id=421 ------- Additional Comments From mouring at eviladmin.org 2002-10-25 14:03 ------- [.. Important part from URL..] gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. - I/usr/local/ssl/include -DHAVE_CONFIG_H -c bsd-getpeereid.c bsd-getpeereid.c: In function `getpeereid': bsd-getpeereid.c:35: storage size of `cred'

Hi Andrew, I have checked for the reason of below error single_terminate: reason[socket_get_remote_addr() failed] As mentioned by you earlier that it requires "credentials passing via the getpeereid() call or SO_PEERCRED" On investigating it further i found below condition that fails File :- lib/tsocket/tsocket_bsd.c Function int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX

There are at least three cases: * Linux: check credentials and pid from client; restrict permissions from server * BSD: check credentials only from client; restrict permissions from server * Solaris: wide open --- configure.in | 4 ++-- src/control.c | 11 ++++++++++- src/control_common.h | 1 + src/tincctl.c | 38 ++++++++++++++++++++++++++++++++++---- 4

On Wed, 2017-06-14 at 11:01 +0100, Rowland Penny via samba wrote: > On Wed, 14 Jun 2017 15:13:13 +0530 > Arjit Gupta <arjitk.gupta at gmail.com> wrote: > > > Thanks for the response. > > > > Is this xattr causing this RPC server is unavailable issue ? > > > > Arjit Kumar > > > > > > Lets be perfectly honest here, the lack of

New nbdkit_peer_pid, nbdkit_peer_uid and nbdkit_peer_gid calls can be used on Linux (only) to read the peer PID, UID and GID from clients connected over a Unix domain socket. This can be used in the preconnect phase to add additional filtering. One use for this is to add an extra layer of authentication for local connections. A subsequent commit will enhance the now misnamed nbdkit-ip-filter to

ssh-agent is a great tool that is often misconfigured with respect to agent forwarding. How many people running ssh-agent and doing a ssh -A have the very same public keys in ~/.ssh/authorized_keys of the machine they are coming from? ssh(1) is very clear in its warning about enabling agent forwarding. The simple act of prompting the user before using the key would enable them to determine

http://bugzilla.mindrot.org/show_bug.cgi?id=989 Summary: openssh-3.9p1 on Solaris 8 - multiplex.sh NOK Product: Portable OpenSSH Version: 3.9p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Keywords: patch, help-wanted Severity: normal Priority: P5 Component: Build system

The following is special to sshd 3.9p1 under ReliantUnix 5.45. It does not occur under ReliantUnix 5.43 nor under Solaris 5.8: `pwd`/sshd-3.9 -e -D -d -d -d Now connecting from outside [...] debug1: inetd sockets after dupping: 3, 3 debug1: get_port() calls get_sock_port(3) debug1: getpeername failed: Operation not supported on transport endpoint lsof proves FD 3 is an established TCP

Hello I've compiled OpenSSH 3.9p1 on AIX <source Dir>/contrib/findssl.sh Searching for OpenSSL header files. 0x009060dfL /opt/freeware/include/openssl/opensslv.h Searching for OpenSSL shared library files. Searching for OpenSSL static library files. 0x009060dfL /opt/freeware/lib/libcrypto.a 0x009060dfL /opt/freeware/64/lib/libcrypto.a 0x009060dfL /usr/local/lib/libcrypto.a

(These are compiling the .src.rpm from ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/rpm/SRPMS/openssh-3.7.1p1-1.src.rpm) 1) On Red Hat 7.3, with gcc-3.2 with the SSP patch (http://www.research.ibm.com/trl/projects/security/ssp/), rpm --rebuild --define "static_libcrypto 1" openssh-3.7.1p1-1.src.rpm - I needed to add -ldl to the linker flags before it linked. 2)

On 10/3/20 1:50 PM, Richard W.M. Jones wrote: > New nbdkit_peer_pid, nbdkit_peer_uid and nbdkit_peer_gid calls can be > used on Linux (only) to read the peer PID, UID and GID from clients > connected over a Unix domain socket. This can be used in the > preconnect phase to add additional filtering. > > One use for this is to add an extra layer of authentication for local >

OpenSSH 3.5 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.4: ============================ *

OpenSSH 3.5 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.4: ============================ *

http://bugzilla.mindrot.org/show_bug.cgi?id=421 ------- Additional Comments From carl at chage.com 2003-01-10 05:38 ------- I noticed the same problem with a compile error where ucred is undefined in SUSE Linux 6.1. The problem is the test for SO_PEERCRED-- the feature is not available even though the define is present. In my linux/socket.h there is a "#define SCM_CREDENTIALS" next

Hi, I want to integrate openpam with openssh in our server (which uses QNX632 operating system). I am facing some problems in the "make install" part of openssh. Following are the steps I followed to build zlib, openssl, openpam and openssh. *NOTE*: Since I want the sshd and ssh binaries in my server(using QNX), I had to cross compile the packages for QNX (environment was set to x86)

http://bugzilla.mindrot.org/show_bug.cgi?id=1206 ------- Comment #2 from papadg00 at yahoo.com 2006-07-04 12:58 ------- Thanks for that. I reliazed there was an issue with the PATH. I've corrected the PATH, however now I get the following error: checking whether snprintf correctly terminates long strings... yes checking whether vsnprintf returns correct values on overflow... yes

Hi, I've just implemented getpeereid in Cygwin and I found that there's something I don't understand. In ssh-agent.c and in clientloop.c, getpeereid is used to ask for the effective uid of the peer side of the connected socket. So far so good, but why does the test look like this: if ((euid != 0) && (getuid() != euid)) ? Is there any good reason why root should be able