similar to: [PATCH] sftp-server argument error handling

this patch adds a LogFile option to sshd_config. it just logs messages directly to a file instead of stderr or syslog. the largest change is an additional argument to log_init() in log.c for the log file name (and then changes to the rest of the tools to add a NULL arg). galt -------------- next part -------------- diff -urN openssh-3.5p1-orig/log.c openssh-3.5p1/log.c ---

hi, there is a typo like error in sftp-server.c - obviously "log_facility" should be used in the comparison for '-f' option, not "log_level". That way the error can't be ever printed because log_level is always not equal to -1 there. However, using incorrect facility will trigger "Unrecognized internal syslog level code ..." in log_init() later though

Hi, please find a patch against openssh-4.7p1 This patch: 1) Allows for an optional configuration file 2) Allows a user to be restricted to a directory and it's children. Enjoy -- Alain Williams Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information:

Please find enclosed two patches for OpenSSH 3.1p1. The first patch solves a problem where sessions will be left "hanging" when you normally exit from a ssh shell (for example by logging out from the remote host via "exit" or "logout"). The problem seems to be that sshd (and some other parts of OpenSSH) doesn't check the return code and errno from waitpid() for

The following patch allows OpenSSH 2.2.0-p1 to be started (and managed) from /etc/inittab (by "init") on systems which support that. This is useful when you *really* want SSHD to always run since it will be automatically restarted by "init" if it dies (and if "init" dies the the systems dies :-). I use a line (in /etc/inittab) like this on Solaris systems:

ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs. This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`. [0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683 [1] GitHub PR:

It appears that openssh has inherited the dos attack that ssh is susceptible to. This has been discussed on Bugtraq (see http://securityportal.com/list-archive/bugtraq/1999/Sep/0124.html for the thread). There does not appear to be an official for ssh. Attached below is a simple, proof of concept, patch that adds a MaxConnections to sshd_config that sets the maximum number of simultaneous

Hi, This diff (for portable) makes the chrooted preauth privsep process log via the monitor using a shared socketpair. It removes the need for /dev/log inside /var/empty and makes mandatory sandboxing of the privsep child easier down the road (no more socket() syscall required). Please test. -d Index: log.c =================================================================== RCS file:

A trailing comma in an enum generates an error with the IBM C compiler, xlc, on AIX 4.3.2: $ gmake ... xlc -O2 -qmaxmem=-1 -qarch=com -I/opt/TWWfsw/tcpwrap/include -I. -I. -I/opt/TWWfsw/libopenssl09s/include -I/opt/TWWfsw/zlib11s/include -DSSHDIR=\"/etc/opt/TWWfsw/openssh323\" -D_PATH_SSH_PROGRAM=\"/opt/TWWfsw/openssh323/bin/ssh\"

There are a couple of races in sftp-server as this patch shows: --- sftp-server.c 28 Jan 2003 18:06:53 -0000 1.1.1.2 +++ sftp-server.c 5 Feb 2003 19:19:42 -0000 @@ -832,19 +832,22 @@ process_rename(void) { u_int32_t id; - struct stat st; char *oldpath, *newpath; - int ret, status = SSH2_FX_FAILURE; + int status; id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL);

subscribe openssh-unix-dev at mindrot.org > Send openssh-unix-dev mailing list submissions to > openssh-unix-dev at mindrot.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev > or, via email, send a message with subject or body 'help' to > openssh-unix-dev-request at mindrot.org >

Hi, I'm trying to compile openssh2.3.0p1 on aix3.2.5. Can I ignore this list of warning messages? bsd-bindresvport.c: In function `bindresvport_af': bsd-bindresvport.c:94: warning: implicit declaration of function `bind' bsd-rresvport.c: In function `rresvport_af': bsd-rresvport.c:64: warning: implicit declaration of function `bzero' bsd-rresvport.c:82: warning: implicit

Hi, Related to: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.c.diff?r1=1.100&r2=1.101 It'd appear that logging in readconf.c: --- debug("Applying options for %.100s", arg); debug("Reading configuration data %.200s", filename); --- Goes to /dev/null. This is caused by the fact, that in ssh.c there is: --- /* * Initialize

To whoever can help me, I tried to compile OpenSSH-2.9p2 on i386-LynxOS. I made a # ./configure --without-pam --without-shadow \ --with-ssl-dir=/usr/local/ssl --with-pcre \ --disable-libutil --sysconfdir=/etc/ssh Then, # make gave the following error: gcc -o ssh ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o reonf.o clientloop.o -L. -Lopenbsd-compat/ -L/usr/local/ssl/lib -lssh

Hello folks, Is it possible to extend log message as large as PATH_MAX? Current length of message format including file path is small against linux PATH_MAX, 4096. diff --git a/log.c b/log.c index ad12930..95df4a9 100644 --- a/log.c +++ b/log.c @@ -359,7 +359,7 @@ log_redirect_stderr_to(const char *logfile) log_stderr_fd = fd; } -#define MSGBUFSIZ 1024 +#define MSGBUFSIZ 5192 void

https://bugzilla.mindrot.org/show_bug.cgi?id=2681 Bug ID: 2681 Summary: postauth processes to log via monitor Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=430 --- Comment #6 from Damien Miller <djm at mindrot.org> 2010-01-04 14:00:26 EST --- Created an attachment (id=1763) --> (https://bugzilla.mindrot.org/attachment.cgi?id=1763) /home/djm/sftp-ro.diff Adds a -R commandline option to disable writes and other filesystem- modifying options. -- Configure bugmail:

Here's another patch for people providing ssh access to restricted environments. We allow our users to use port forwarding when logging into our mail servers so that they can use it to fetch mail over an encrypted channel using clients that don't support TLS, for example fetchmail. (In fact, fetchmail has built-in ssh support.) However we don't want them connecting to other places

Hi, I saw in archive that some people made a patch to sftp-server, and that patch sets a root path. I'd like to know if there's an ideia to apply that patch in main tree of openssh? With the use of SSHFS [wich uses sftp-server], it would be interesting to have someting like that, because as we have netboot workstations, the access to devices [such as, floppy, cdrom and usb data] are

Hi everyone I would like to enable unprivileged users to share only certain directories using SFTP without acquiring root, without setting capabilities using public-key-based forced commands. In another use case unprivileged users could write scripts that evaluate "$SSH_ORIGINAL_COMMAND" and then either execute sftp-server in a jail "$SSH_ORIGINAL_COMMAND" after