similar to: ChallengeResponseAuthentication defaults to no?

On Solaris 10 (SPARC & x86), I'm seeing the following error: error: Failed to allocate internet-domain X11 display socket. I tracked this down to this code change between openssh 4.7p1 and 5.0p1: *** openssh-4.7p1/channels.c Mon Jun 25 03:04:47 2007 --- openssh-5.0p1/channels.c Wed Apr 2 15:43:57 2008 *************** *** 1,4 **** ! /* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

Could people please test -current? We will be making a release fairly soon. -d -- | By convention there is color, \\ Damien Miller <djm at mindrot.org> | By convention sweetness, By convention bitterness, \\ www.mindrot.org | But in reality there are atoms and space - Democritus (c. 400 BCE)

Hi folks, I have the that I must copy some through a Plag-Gateway of a Firewall over 2 host. A secure connection via "ssh - t hosta ssh -t hostb" works fine, but does this work with scp too? Icould not realize it either with scp (1.2.27 of ssh.com) or scp from openssh. Do you have any ideas? Thanks Stephan

Hi, attached is a patch by Chris Faylor <cgf at cygnus.com> relative to 2.2.0p1. Description: OpenSSH does not allow port gatewaying by default. This means that only the local host can access forwarded ports. Adding "GatewayPorts yes" to .ssh/config usually does this job. Unfortunately, OpenSSH does not recognize the same hosts.allow/ hosts.deny options as ssh.com's sshd

Friends, Sorry to write this to a developer mailing list. I have already approached some OpenSSH/OpenBSD core members on this, including Markus Friedl, Theo de Raadt, and Niels Provos, but they have chosen not to bring the issue up on the mailing list. I am not aware of any other forum where I would reach the OpenSSH developers, so I will post this here. As you know, I have been using the SSH

Hello, We'd like to allow passwords only from the local network, and allow public key auth from on-campus or off-campus. The server runs SuSE Linux, and we might do the same on RHEL/CentOS & Mac OS X if we can get it to work. Unfortunately, Match allows PasswordAuthentication but not ChallengeResponseAuthentication. Is there any reason ChallengeResponseAuthentication cannot be

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of

I'd like to address several issues raised by people in relation to my notice of the ssh(R) trademark to the OpenSSH group. Also, I would like to make a proposal to the community for resolving this issue (included at the end). First, I'll answer a number of questions and arguments presented in the discussion. > "the SSH Corp trademark registration in the US is for a logo

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

http://bugzilla.mindrot.org/show_bug.cgi?id=1371 Summary: Add PKCS#11 (Smartcards) support into OpenSSH Product: Portable OpenSSH Version: 4.7p1 Platform: All URL: http://alon.barlev.googlepages.com/openssh-pkcs11 OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component:

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

I would also like to mention that when I released TTSSH in May 1998, I had no concerns about violating any trademarks because I observed that the name "SSH" was already being used by several different parties for different purposes --- as the name of Ylonen's original SSH package and its derivatives, as the name of the protocol, and as a component of names of other implementations

Hi All. For various reasons, we're currently looking at extending (or even overhauling) the config parser used for sshd_config. Right now the syntax I'm looking at is a cumulative "Match" keyword that matches when all of the specified criteria are met. This would be similar the the Host directive used in ssh_config, although it's still limiting (eg you can't easily

COPYING.Ylonen contains: [ GMP is now external. No more GNU licence. ] I don't see how GMP is linked in at all. rms asked me to look into this, because this might constitute a license conflict. Thanks for your help! -- No matter how big the bell, if you only tap it, it can give out only a faint sound. We must understand thoroughly that the weakness of the blow, not a fault of the bell

Dear R users, I am trying to do the forest plot follow the function given on web. However, the order of the tests has been sorted alphabetically. I would prefer keeping the order as data frame input so that I can group and compare (from the graph) the target immune NS1, IgG and IgM (where SD, BioRad, Pb etc are the brand names) > d x y ylo yhi SD.NS1

Hi, It seems from the source code that there are a couple of quirks with this option: firstly, in the code it's mis-spelt as "challenge_reponse_authentication" and secondly, the default for the client (in readconf.c) seems to be off, whereas for the server (servconf.c) seems to be on: readconf.c: if (options->challenge_reponse_authentication == -1) readconf.c:

Scenario: Use the ssh-keygen utility in openssh-1.2pre17 to generate a host key Kill and restart sshd Remove the old host key from ~/.ssh/known_hosts Connect to the host using ssh. I get this: homer.ka9q.ampr.org$ ssh 199.106.106.3 who The authenticity of host '199.106.106.3' can't be established. Key fingerprint is 1024 a0:8d:17:f0:fa:a9:9f:6f:b5:d0:1c:d6:02:92:bd:5e. Are you sure

Here is a patch to scp made against openssh-2.1.1p2 that adds the -L option to scp. The -L option tells scp to use nonprivilaged ports (by passing ssh the -P option). The non-free ssh's scp has this option, and it is required under some firewall setups (like mine) for scp to function. Please let me know if there are any problems with this patch, or if there is anything I can do to help get

A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 3562 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010214/5489bfec/attachment.bin