similar to: Permission denied message and leak with it

Hello All, The changing of group for the root results in the following message with OpenSSH 3.9p1 "permanently_set_uid: was able to restore old [e]gid" The following change in uidswap.c fixes me the problem. /* Try restoration of GID if changed (test clearing of saved gid) */ - if (old_gid != pw->pw_gid && + if(getgid() != pw->pw_gid && (setgid(old_gid)

Hello All, Im using OpenSSH 4.2p1 statically linked with OpenSSL 0.9.7i. It looks now that a fips certified OpenSSL is now available at http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz . I like to know of any patches applicable for OpenSSH versions to make it fips compliant. Is there any idea for OpenSSH core team to make OpenSSH as fips compliant? What amount of work it needs at this

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of

http://bugzilla.mindrot.org/show_bug.cgi?id=975 Summary: Kerberos authentication timing can leak information about account validity Product: Portable OpenSSH Version: -current Platform: All URL: http://marc.theaimsgroup.com/?l=openssh-unix- dev&m=110371328918329&w=2 OS/Version: All

On 27 Oct 2015, at 09:48, Senthil Kumar <senthil.thecoder at gmail.com> wrote: > > Haven't worked on this yet, but I work on the gcc AVR backend (and binutils), and I'm very interested in this - I intend to work on it in my spare time. And do you have any comments / objections to Dylan becoming the code owner? David

Hello All, Im using OpenSSH 4.2p1. Suppose I disable non-root logins to my system through /etc/nologin file, SSH writes an entry for the non-root user in wtmp file. This is because the writing in wtmp file happens in parent process where checking of nologin file happens in the child one. I like to know whether we should put an entry in wtmp file for such denied logins. Any comments will be

The way things are now, input_userauth_request() calls the authmethod, and then does a bunch of checks, like the special case for root. If an authmethod requires a challenge-response conversation, these checks are skipped, unless they are duplicated by the authmethod. For example, in auth2-chall.c, some of the code is duplicated (logging, sending the reply), but the root special case is skipped.

Hi All, I am using Asterisk 1.4.26.2 and I am getting the following problem making connections to this server. My other servers are Version 1.2.x which have no problems and this 1.4.26.2 server can call the other 1.2.x servers. The error is: chan_iax2.c:4251 handle_call_token: Call rejected, CallToken Support required. If unexpected, resolve by placing address 192.168.25.250 in the

http://bugzilla.mindrot.org/show_bug.cgi?id=910 fullung at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fullung at gmail.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

Hello All, Currently my setup uses Xlite and Asterisk and i found that all the RTP voice packets are transfered via the asterisk server from one xlite to another. Is there any possibility that we can make all the RTP Packets to be transfered directly between the two clients once the connection is established?. Any one please help me. Thanks and Regards, Senthil Murugan.V

How is -n supposed to work? When you say ssh -n, it sets stdin_null_flag but not batch mode. When the client is choosing authmethods, there is a batch_flag that is tested to see (presumably) if we are in batch mode or perhaps if -n has been given. But nothing sets it. It looks like it's supposed to point to options.batch_mode, but it's never even initialized! Even if it did point to

Hallo Did you allow udp outgoing on 4569 as well.. i found udp bit different than tcp when comming to firewalls liaan ----- Original Message ----- From: "Bartosz Wegrzyn - asterisk" <junk@lexon.ws> To: <timebandit001@gmail.com>; "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users@lists.digium.com> Sent: Monday, February 21, 2005 12:29

Hi there, I'm developing ssh client in pure java and, recently, I'm trying to improve the port forwarding support on that stuff. However, it seems to me that sshd of OpenSSH has not supported 'cancel-tcpip-forward' request. http://www.ietf.org/internet-drafts/draft-ietf-secsh-connect-17.txt says that | A port forwarding can be cancelled with the following message. |

http://bugzilla.mindrot.org/show_bug.cgi?id=948 ------- Additional Comments From dtucker at zip.com.au 2005-01-19 20:01 ------- Also worth trying: patch #772 in bug #973 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hi All, Can anybody suggests how can I disable netfilter for bridged traffic in linux-2.4.27 kernel ? Thanks and Regards, Senthil

Hello All, Im using OpenSSH 4.1 with a proprietary pam module. This module does allow or deny access to the accound based on a policy file settings. Now if I deny the access to an account and attempt to connect to the sshd server for that account with valid password, it quickly returns to next prompt. When I try it with invalid password, it took some time to return to next prompt. Im wondering if

what about this? can we do about this if we break the protocol? -------------- next part -------------- An embedded message was scrubbed... From: Love <lha at stacken.kth.se> Subject: gss userauth Date: Fri, 22 Aug 2003 16:06:27 +0200 Size: 2878 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030822/f7bb85a0/attachment.mht

https://bugzilla.mindrot.org/show_bug.cgi?id=2246 Bug ID: 2246 Summary: PAM enhancements for OpenSSH server Product: Portable OpenSSH Version: 6.6p1 Hardware: Sparc OS: Solaris Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee: unassigned-bugs at

Hello, I was searching for this information virtually everywhere, but as I couldn't find it - I'm asking here. I was wondering, why setting the Compression Level was removed in SSH2, and if on, is always set to 6. In SSH1 it was possible to set the Compression Level from 1 to 9. I have made some tests with Compression Levels using scp: SSH1, compression 9 (highest available for

in our lab we have a kerberos + ldap server to authenticate the gnu/linux users and we have configured samba to work as a PDC authenticating the windows users. samba stores the password in encrypted format in /etc/samba/smbpasswd. The problem is when the password is changed by windows users we need to change the password of kerberos credentials. Is there a way in samba in to do that i.e to