Displaying 20 results from an estimated 7000 matches similar to: "Permission denied message and leak with it"
2005 Jan 05
2
changing group for root
Hello All,
The changing of group for the root results in the following message with
OpenSSH 3.9p1
"permanently_set_uid: was able to restore old [e]gid"
The following change in uidswap.c fixes me the problem.
/* Try restoration of GID if changed (test clearing of saved gid) */
- if (old_gid != pw->pw_gid &&
+ if(getgid() != pw->pw_gid &&
(setgid(old_gid)
2006 Apr 15
2
OpenSSH fips compliance
Hello All,
Im using OpenSSH 4.2p1 statically linked with OpenSSL 0.9.7i. It looks now
that a fips certified OpenSSL is now available at
http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz . I like to know of
any patches applicable for OpenSSH versions to make it fips compliant. Is
there any idea for OpenSSH core team to make OpenSSH as fips compliant? What
amount of work it needs at this
2004 Apr 07
2
Requiring multiple auth mechanisms
I looked around for a while, but couldn't find any code for requiring multiple
authentication mechanisms in openssh. So I wrote an implemention.
I thought at first I should change the PasswordAuthentication,
PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some
funky stuff in auth2.c with respect to keyboard interactive auth that would make
this kind of
2005 Jan 20
2
[Bug 975] Kerberos authentication timing can leak information about account validity
http://bugzilla.mindrot.org/show_bug.cgi?id=975
Summary: Kerberos authentication timing can leak information
about account validity
Product: Portable OpenSSH
Version: -current
Platform: All
URL: http://marc.theaimsgroup.com/?l=openssh-unix-
dev&m=110371328918329&w=2
OS/Version: All
2015 Oct 27
4
Code owner for the new AVR backend
On 27 Oct 2015, at 09:48, Senthil Kumar <senthil.thecoder at gmail.com> wrote:
>
> Haven't worked on this yet, but I work on the gcc AVR backend (and binutils), and I'm very interested in this - I intend to work on it in my spare time.
And do you have any comments / objections to Dylan becoming the code owner?
David
2005 Nov 05
1
last command shows entries for denied logins
Hello All,
Im using OpenSSH 4.2p1. Suppose I disable non-root logins to my system
through /etc/nologin file, SSH writes an entry for the non-root user in wtmp
file. This is because the writing in wtmp file happens in parent process
where checking of nologin file happens in the child one. I like to know
whether we should put an entry in wtmp file for such denied logins.
Any comments will be
2001 Apr 09
1
input_userauth_request() vs. stateful authmethods
The way things are now, input_userauth_request() calls the authmethod,
and then does a bunch of checks, like the special case for root. If
an authmethod requires a challenge-response conversation, these checks are
skipped, unless they are duplicated by the authmethod. For example, in
auth2-chall.c, some of the code is duplicated (logging, sending the
reply), but the root special case is skipped.
2009 Oct 02
1
IAX2 Call rejected, CallToken Support required
Hi All,
I am using Asterisk 1.4.26.2 and I am getting the following problem
making connections to this server. My other servers are Version 1.2.x
which have no problems and this 1.4.26.2 server can call the other 1.2.x
servers.
The error is:
chan_iax2.c:4251 handle_call_token: Call rejected, CallToken Support
required. If unexpected, resolve by placing address 192.168.25.250 in
the
2005 Sep 14
9
[Bug 910] known_hosts port numbers
http://bugzilla.mindrot.org/show_bug.cgi?id=910
fullung at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fullung at gmail.com
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the
2004 Aug 18
3
How to make RTP Packets NOT passing thru Asterisk?
Hello All,
Currently my setup uses Xlite and Asterisk and i found that all the RTP
voice packets are transfered via the asterisk server from one xlite to
another. Is there any possibility that we can make all the RTP Packets to be
transfered directly between the two clients once the connection is
established?.
Any one please help me.
Thanks and Regards,
Senthil Murugan.V
2001 Apr 06
1
-n vs batch_mode vs batch_flag
How is -n supposed to work? When you say ssh -n, it sets stdin_null_flag
but not batch mode. When the client is choosing authmethods, there is a
batch_flag that is tested to see (presumably) if we are in batch mode or
perhaps if -n has been given. But nothing sets it. It looks like it's
supposed to point to options.batch_mode, but it's never even initialized!
Even if it did point to
2005 Feb 21
2
Conecting to asterisk server through NAT usingIAX
Hallo
Did you allow udp outgoing on 4569 as well.. i found
udp bit different than
tcp when comming to firewalls
liaan
----- Original Message -----
From: "Bartosz Wegrzyn - asterisk" <junk@lexon.ws>
To: <timebandit001@gmail.com>; "Asterisk Users Mailing
List - Non-Commercial
Discussion" <asterisk-users@lists.digium.com>
Sent: Monday, February 21, 2005 12:29
2003 Aug 06
2
'cancel-tcpip-forward' is not supported.
Hi there,
I'm developing ssh client in pure java and, recently, I'm trying
to improve the port forwarding support on that stuff.
However, it seems to me that sshd of OpenSSH has not supported
'cancel-tcpip-forward' request.
http://www.ietf.org/internet-drafts/draft-ietf-secsh-connect-17.txt
says that
| A port forwarding can be cancelled with the following message.
|
2005 Jan 19
22
[Bug 948] high CPU in sshd after tcp_wrappers deny
http://bugzilla.mindrot.org/show_bug.cgi?id=948
------- Additional Comments From dtucker at zip.com.au 2005-01-19 20:01 -------
Also worth trying: patch #772 in bug #973
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2006 Dec 20
3
Disable netfilter for bridged traffic
Hi All,
Can anybody suggests how can I disable netfilter for bridged traffic in
linux-2.4.27 kernel ?
Thanks and Regards,
Senthil
2005 Jul 16
1
Pam module leaks information
Hello All,
Im using OpenSSH 4.1 with a proprietary pam module. This module does allow
or deny access to the accound based on a policy file settings. Now if I deny
the access to an account and attempt to connect to the sshd server for that
account with valid password, it quickly returns to next prompt. When I try
it with invalid password, it took some time to return to next prompt. Im
wondering if
2003 Aug 22
1
gss userauth (fwd)
what about this? can we do about this if
we break the protocol?
-------------- next part --------------
An embedded message was scrubbed...
From: Love <lha at stacken.kth.se>
Subject: gss userauth
Date: Fri, 22 Aug 2003 16:06:27 +0200
Size: 2878
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030822/f7bb85a0/attachment.mht
2014 Jun 18
15
[Bug 2246] New: PAM enhancements for OpenSSH server
https://bugzilla.mindrot.org/show_bug.cgi?id=2246
Bug ID: 2246
Summary: PAM enhancements for OpenSSH server
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Sparc
OS: Solaris
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at
2003 Nov 06
3
SSH1 vs. SSH2 - compression level
Hello,
I was searching for this information virtually everywhere, but as I
couldn't find it - I'm asking here.
I was wondering, why setting the Compression Level was removed in SSH2,
and if on, is always set to 6.
In SSH1 it was possible to set the Compression Level from 1 to 9.
I have made some tests with Compression Levels using scp: SSH1,
compression 9 (highest available for
2005 Dec 21
1
samba and kerberos doubt
in our lab we have a kerberos + ldap server to authenticate the gnu/linux users and we have configured samba to work as a PDC authenticating the windows users.
samba stores the password in encrypted format in /etc/samba/smbpasswd. The problem is when the password is changed by windows users we need to change the password of kerberos credentials. Is there a way in samba in to do that i.e to