Displaying 20 results from an estimated 100 matches similar to: "sshd audit not happy with ssh1 and scp"
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
Hello All.
Attached is an update to my previous patch to make do_pam_chauthtok and
privsep play nicely together.
First, a question: does anybody care about these or the password
expiration patches?
Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after
the pty has been allocated but before it's made the controlling tty.
This allows the child running chauthtok to
2002 Jun 25
4
PAM kbd-int with privsep
The following is a patch (based on FreeBSD code) which gets kbd-int
working with privsep. It moves the kbd-int PAM conversation to a child
process and communicates with it over a socket.
The patch has a limitation: it does not handle multiple prompts - I have
no idea how common these are in real-life. Furthermore it is not well
tested at all (despite my many requests on openssh-unix-dev@).
-d
2007 Jul 14
2
OpenBSM questions
Hello
I have some issues with OpenBSM which i cannot resolve, so i decided to
ask there.
1) I found some bugs in the auditreduce utility and created patch for it
- http://www.freebsd.org/cgi/query-pr.cgi?pr=114534.
Please, someone from freebsd team - take it, i think its better to fix
this before next release.
2) I found that when i`m using XDM as login manager with OpenBSM, all my
audit
2002 Jun 29
0
Privsep for osf/1 .. still need a bit of help
This privsepifies OSF/1 SIA, but I'm still being told the same error
occurs. I'm stumped.
Without an OSF/1 box near me I can't do too much more help unless someone
can either tell me what is wrong or show me why SIA is failing in their
logs.
(And tell me if it's different w/ or w/out this patch)
- Ben
Index: auth-sia.c
2002 Aug 01
0
Tru64 and OSF/1 Privsep patch
Ok.. I need wider testing for this. I'm getting reports back it works
mostly. 'ssh site ls' fails, but they can login with Privsep enbled.
Can I get those who are using Tru64 or OSF/1 that have SIA enabled to
test? This should apple to either -cvs or the current snapshot (I would
perfer not to use 3.4p1 due to bugs).
I'm going on a trip next week and will be around very spotty
2006 Sep 20
2
Status of MFC security event audit support in RELENG_6?
A few weeks back Robert Watson announced the merge of these features from 7
back into 6-STABLE. I hadn't seen any updates and was curious as to the
status. Us 6-STABLE users are curious to test it out.
Thanks.
--A
2002 Aug 11
4
OSF/1 or Tru64 patch for Privsep
Either this never made it to the list or no one cares about Tru64. This
is the last time I'll send this patch to the list. If no one steps up and
finishes it or provides me with enough information to fix any remaining
bugs (one being complaint that 'ssh site cmd' does not work right).
If there is no activity on this for a week. I'll post it to bugzilla and
will ignore any
2016 Feb 17
2
Using 'ForceCommand' Option
I would like to implement an arbitrary script to be executed when logging
on via SSH. This is supposedly possible using the ForceCommand option to
sshd. However, as soon as I implement any script, even as simple as echoing
a string, clients can no longer connect to the server. Clients report only
that the connection was dropped by the server. The server, in debug mode,
shows:
Feb 17 16:14:01
2007 Dec 21
15
[Bug 1420] New: BSM support on Mac OS X
https://bugzilla.mindrot.org/show_bug.cgi?id=1420
Summary: BSM support on Mac OS X
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: Other
OS/Version: Mac OS X
Status: NEW
Severity: normal
Priority: P2
Component: Miscellaneous
AssignedTo: bitbucket at mindrot.org
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
Hi All.
Attached is a patch that implements password expiry with PAM and
privsep. It works by passing a descriptor to the tty to the monitor,
which sets up a child with that tty as stdin/stdout/stderr, then runs
chauthtok(). No setuid helpers.
I used some parts of Michael Steffens' patch (bugid #423) to make it
work on HP-UX.
It's still rough but it works. Tested on Solaris 8 and
2006 Aug 16
1
Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks
Dear 6-STABLE users,
In the next 2-3 weeks, I plan to MFC support for CAPP security eventing
auditing from 7-CURRENT to 6-STABLE. The implementation has been running
quite nicely in -CURRENT for several months. Right now, I'm just waiting on a
confirmation from Sun regarding formal allocation of a BSM header version
number so as to avoid accidental version number conflicts in the
2006 Aug 16
1
Warning: MFC of security event audit support RELENG_6 in the next 2-3 weeks
Dear 6-STABLE users,
In the next 2-3 weeks, I plan to MFC support for CAPP security eventing
auditing from 7-CURRENT to 6-STABLE. The implementation has been running
quite nicely in -CURRENT for several months. Right now, I'm just waiting on a
confirmation from Sun regarding formal allocation of a BSM header version
number so as to avoid accidental version number conflicts in the
2004 Sep 07
0
Please review openssh patch for selinux
As posted, here is an updated patch which allows openssh to be built
with non-selinux config.
(Hi openssh guys, forwarding this to you incase you interested including
it into the devel version of openssh. Please let us know if you have any
suggestions or changes that need to be made)
Regards
Nigel Kukard
On Thu, Sep 02, 2004 at 04:11:54PM -0400, Daniel J Walsh wrote:
> New SSH patch.
>
2002 Jul 02
3
New PAM kbd-int diff
Below is a new PAM kbd-int diff based on FreeBSD's code. This code makes
PAM kbd-int work with privilege separation.
Contrary to what I have previously stated - it *does* handle multiple
prompts. What it does not handle is multiple passes through the PAM
conversation function, which would be required for expired password
changing.
I would really appreciate some additional eyes over the
2023 Jun 30
1
Subsystem sftp invoked even though forced command created
On 30/06/2023 09:56, Damien Miller wrote:
> It's very hard to figure out what is happening here without a debug log.
>
> You can get one by stopping the listening sshd and running it manually
> in debug mode, e.g. "/usr/sbin/sshd -ddd"
Or starting one in debug mode on a different port, e.g. "-p99 -ddd"
2008 Jul 12
2
[Bug 1487] New: Race condition between monitor and unprivileged child in sshd
https://bugzilla.mindrot.org/show_bug.cgi?id=1487
Summary: Race condition between monitor and unprivileged child
in sshd
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2011 Jun 02
2
preauth privsep logging via monitor
Hi,
This diff (for portable) makes the chrooted preauth privsep process
log via the monitor using a shared socketpair. It removes the need
for /dev/log inside /var/empty and makes mandatory sandboxing of the
privsep child easier down the road (no more socket() syscall required).
Please test.
-d
Index: log.c
===================================================================
RCS file:
2012 Dec 21
0
File Attachments for previous bug report
I have renamed all of the patch files to .txt, which should be acceptable
for the mailer daemon at mindrot, per Angel's suggestion.
I am attaching the patch files to the email, with the extra space removed
and a minor correction made.
Bill Parker (wp02855 at gmail dot com)
-------------- next part --------------
--- port-linux.c.orig 2012-12-19 17:40:53.231529475 -0800
+++ port-linux.c