Displaying 20 results from an estimated 100 matches similar to: "Disabling ForceCommand in a Match block"
2008 Aug 19
1
fixed: [patch] fix to ForceCommand to support additional arguments to internal-sftp
The previous version broke the case of internal-sftp without arguments. This
is a fixed version.
--- /var/tmp/session.c 2008-08-18 21:07:10.000000000 -0700
+++ session.c 2008-08-19 11:28:29.000000000 -0700
@@ -781,7 +781,7 @@
if (options.adm_forced_command) {
original_command = command;
command = options.adm_forced_command;
- if
2008 Aug 19
1
[patch] fix to ForceCommand to support additional arguments to internal-sftp
Hi,
This patch makes things like ForceCommand internal-sftp -l INFO work
(current code in 5.1 would just end the session). Please consider for
inclusion into mainline.
Michael.
--- /var/tmp/session.c 2008-08-18 21:07:10.000000000 -0700
+++ session.c 2008-08-18 21:12:51.000000000 -0700
@@ -781,7 +781,7 @@
if (options.adm_forced_command) {
original_command = command;
2008 Mar 20
1
ForceCommand and ~/.ssh/rc
Hi,
As I understand the "ForceCommand" in the sshd_confing file is meant to
ignore any command supplied by the client, but if user's home is shared by
server and client machines over network (ex. NFS) then user can still put
something else into ~/.ssh/rc file and overcome this limitation. Is it
possible to disable execution of the ~/.ssh/rc file in such a case?
Thaks,
Mike
2017 Feb 20
3
[Bug 2681] New: postauth processes to log via monitor
https://bugzilla.mindrot.org/show_bug.cgi?id=2681
Bug ID: 2681
Summary: postauth processes to log via monitor
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi,
I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with
FIPS 140-2 OpenSSL.
These are based on previously reported patches by Steve Marquess
<marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>,
for ver. OpenSSH 3.8.
Note that these patches are NOT OFFICIAL, and MAY be used freely by
anyone.
Issues [partially] handled:
SSL FIPS Self test.
RC4,
2009 Oct 29
1
Match vs. ChallengeResponseAuthentication?
Hello,
We'd like to allow passwords only from the local network, and allow public key auth from on-campus or off-campus. The server runs SuSE Linux, and we might do the same on RHEL/CentOS & Mac OS X if we can get it to work.
Unfortunately, Match allows PasswordAuthentication but not ChallengeResponseAuthentication. Is there any reason ChallengeResponseAuthentication cannot be
2007 Dec 20
1
ForceCommand - Subsystem
Hi All
First of all apologize for my bad English ? it is not my native language.
I'm using ssh for my everyday work. And I have noticed strange behaviour
in sshd daemon.
In sshd_config file there is option ForceCommand, and if I'm making sftp
connection it look like command is also executed, I receive error
message and connection is lost. In my opinion ForceCommand should not be
2009 Mar 11
1
ssh hang with ForceCommand=internal-sftp
> /usr/sbin/sshd -oForceCommand=internal-sftp
> sftp user at host # This connects as expected.
> ssh user at host # This hangs...at least from an end-user's perspective.
It would be ideal if the connection terminated gracefully. Do others see this same behavior? If so, is there a fix or configuration change that can implemented to eliminate the hang? I'm using OpenSSH
2011 Feb 20
1
openssh as a proxy: ForceCommand limitations & speed penalty
I've hit two roadblocks while using openssh -D as a general proxy:
- openssh doesn't have an internal-null, so the options are to either
give the user account a real shell and ForceCommand, or set the shell
to something like /bin/cat and ChrootDirectory. I don't want
proxy-only accounts to have a shell at all.
- Comparing mini-httpd SSL/aes256 vs mini-httpd (localhost/no SSL) via
2011 Jul 29
1
sshd’s ForceCommand and ssh’s "–N Do not execute a remote command"
Hallo.
If `sshd` is configured to have a ForceCommand, no `ssh ?N` must skip
this *forced* server?s setup, isn?t it?
But it isn?t so. Thus, admin may think that the command is forced by a server,
but user can skip that.
In such case only port forwarding is available, but anyway *force* is
meaningless, IMHO.
--
sed 'sed && sh + olecom = love'? <<? ''
-o--=O`C
2016 Mar 04
2
Using 'ForceCommand' Option
Lesley Kimmel <lesley.j.kimmel at gmail.com> writes:
> So I probably shouldn't have said "arbitrary" script. What I really
> want to do is to present a terms of service notice (/etc/issue). But I
> also want to get the user to actually confirm (by typing 'y') that
> they accept. If they try to exit or type anything other than 'y' they
> will be
2015 Nov 01
4
[Bug 2486] New: allow ForceCommand none or similar
https://bugzilla.mindrot.org/show_bug.cgi?id=2486
Bug ID: 2486
Summary: allow ForceCommand none or similar
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
2008 Jun 20
1
ForceCommand internal-sftp causes sftp logging to fail (openssh-5.0p1)
Hi guys,
I have a server setup with openssh-5.0p1 and use some users as
sftp-only chroot accounts.
The following configuration yields exactly the result I want:
user is chrooted, logs to syslog, all is good.
#================================================#
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE
Match User fredwww
ChrootDirectory %h
#ForceCommand internal-sftp
2014 Sep 24
5
[Bug 2281] New: sshd accepts empty arguments in ForceCommand and VersionAddendum
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
Bug ID: 2281
Summary: sshd accepts empty arguments in ForceCommand and
VersionAddendum
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
2008 Mar 24
1
ForceCommand and NFS-shared home directories
> > On Mar 22, 2008, at 3:32 PM, Chris Wilson wrote:
> >
> >> As I understand the "ForceCommand" in the sshd_confing file is meant to
> >> ignore any command supplied by the client, but if user's home is shared
> >> by server and client machines over network (ex. NFS) then user can
> >> still put something else into ~/.ssh/rc file and
2016 Mar 05
2
Using 'ForceCommand' Option
Nico Kadel-Garcia <nkadel at gmail.com> writes:
> Dag-Erling Sm?rgrav <des at des.no> writes:
> > It is relatively trivial to write a PAM module to do that.
> Which will have the relevant configuration overwritten and disabled
> the next time you run "authconfig" on Red Hat based sysems. I'm not
> sure if this occurs with other systems, but tuning PAM is
2016 Feb 17
2
Using 'ForceCommand' Option
I would like to implement an arbitrary script to be executed when logging
on via SSH. This is supposedly possible using the ForceCommand option to
sshd. However, as soon as I implement any script, even as simple as echoing
a string, clients can no longer connect to the server. Clients report only
that the connection was dropped by the server. The server, in debug mode,
shows:
Feb 17 16:14:01
2008 Sep 23
3
[Bug 1527] New: ForceCommand internal-sftp needs a way to enable logging
https://bugzilla.mindrot.org/show_bug.cgi?id=1527
Summary: ForceCommand internal-sftp needs a way to enable
logging
Product: Portable OpenSSH
Version: 5.1p1
Platform: Itanium2
OS/Version: HP-UX
Status: NEW
Severity: minor
Priority: P4
Component: sftp-server
AssignedTo:
2001 Nov 27
1
[PATCH] tcp-wrappers support extended to x11 forwards
Hi!
Here is the patch to support tcp wrappers with x11-forwarded connections.
The patch is for openssh-3.0.1p1 but it works fine with 2.9.9p2 too.
I've understood that this will not be included in the official version
because it adds complexity (?!) to openssh.
Binding the forwarded port to localhost doesn't solve all problems. I've
understood that you should also implement