similar to: race condition with ControlMaster=auto

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

Hi, At the n2k10 OpenBSD network hackathon, I finally got some time to clean up and rewrite the ssh(1) client multiplexing code. The attached diffs (one for portable OpenSSH, one for OpenBSD) are the result, and they need some testing. The revised multiplexing code uses a better protocol between the master and slave processes and I even bothered to write it up :) It tracks the control sockets

This is a better approach to persistent control masters than my previous attempt. Instead of forking before we make the connection, do so only when the original session has closed -- much like the code for '~&' backgrounding already does. My earlier patch for 'ControlPath none' still applies and is required, btw. --- openssh/clientloop.c~ 2005-06-17 03:59:35.000000000 +0100

Moin, attached is a patch, which adds a new configuration option "PreferAskpass" to the ssh config. ssh{,-add,-keygen,-agent} will use ssh-askpass to prompt for passwords, if this option is set to "yes", and if ssh-askpass is available. Default for "PreferAskpass" is "no". Pacth is against current CVS. Sebastian -- signature intentionally left blank.

--- mux.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/mux.c b/mux.c index d90605e..fa796bd 100644 --- a/mux.c +++ b/mux.c @@ -1195,6 +1195,7 @@ muxserver_listen(void) close(muxserver_sock); muxserver_sock = -1; } + xfree(orig_control_path); xfree(options.control_path); options.control_path = NULL; options.control_master = SSHCTL_MASTER_NO;

This allows me to set 'ControlPath ~/.ssh/sockets/%h.%p.%u' for example. Have I missed a good reason why ssh_connect finds the default port number for itself instead of just having it in options.port (like we do for the the default in options.user)? --- openssh-4.1p1/ssh.c~ 2005-06-12 09:47:18.000000000 +0100 +++ openssh-4.1p1/ssh.c 2005-06-12 09:40:53.000000000 +0100 @@ -604,6 +604,17

Hi all, currently I am considering writing a patch for OpenSSH that will allow portforwarding using the control_master unix domain socket. The idea is to introduce an extra SSHMUX command, SSHMUX_COMMAND_SOCKS, which will then pass control to the normal socks functions used for dynamic forwarding. The main reason for me to write this patch are: - some more control over who gets to connect to

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

http://bugzilla.mindrot.org/show_bug.cgi?id=1349 Summary: race condition with ControlMaster=auto Product: Portable OpenSSH Version: 4.6p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: dot at dotat.at

Cheers, - Salva $ diff -c mux.c~ mux.c *** mux.c~ 2008-06-14 01:01:54.000000000 +0200 --- mux.c 2008-12-04 12:24:45.000000000 +0100 *************** *** 148,153 **** --- 148,154 ---- error("ControlSocket %s already exists, " "disabling multiplexing", options.control_path); close(muxserver_sock); + umask(old_umask);

The attached patch removes the duplicated credentials cache generation code in auth-krb5.c and gss-serv-krb5.c, by turning it into a procedure which is then called by both sections of code. It's against the latest portable CVS tree. Cheers, Simon. -------------- next part -------------- Index: auth-krb5.c =================================================================== RCS file:

If you like running QEMU as a normal user (very common for TCG runs) but you have to run virtiofsd as a root user you run into connection problems. Adding support for an optional --socket-group allows the users to keep using the command line. Signed-off-by: Alex Benn?e <alex.bennee at linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha at redhat.com> --- v1 - tweak documentation and

https://bugzilla.mindrot.org/show_bug.cgi?id=1517 Summary: ssh ControlMaster process is crashing frequently when multiplexing ssh and scp connections with error 'select: Invalid argument' Product: Portable OpenSSH Version: 5.1p1 Platform: Sparc OS/Version: Solaris Status: NEW

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

https://bugzilla.mindrot.org/show_bug.cgi?id=3743 Bug ID: 3743 Summary: ControlMaster forces ForkAfterAuthentication even when not wanted, and can't be disabled Product: Portable OpenSSH Version: 9.9p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5

This provides a mechanism to attach arbitrary configure options into the ssh_config file and use them from the LocalCommand and ProxyCommand. Examples: # set FOO to foo LocalEnvMod FOO = foo # append bar to FOO with default separator "," LocalEnvMod FOO += bar # unset FOO LocalEnvMod FOO = # append foo to BAR with separator ":", if BAR is empty

There are at least three cases: * Linux: check credentials and pid from client; restrict permissions from server * BSD: check credentials only from client; restrict permissions from server * Solaris: wide open --- configure.in | 4 ++-- src/control.c | 11 ++++++++++- src/control_common.h | 1 + src/tincctl.c | 38 ++++++++++++++++++++++++++++++++++---- 4

My keys are secured with a passphrase. That's good for security, but having to type the passphrase either at every login or at every invocation of ssh(1) is annoying. I know I could invoke ssh-add(1) just before invoking ssh(1), if I keep track of whether I invoked it already, or write some hacky scripts; but the rest of OpenSSH is wonderfully usable without any hacks. Hence, this patch.

http://bugzilla.mindrot.org/show_bug.cgi?id=1330 Summary: RFE: 'ControlPersist' support -- automatically fork and leave ControlMaster behind as a d?mon Product: Portable OpenSSH Version: 4.6p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component:

If the rsyncd.conf has a line such as: log file = /var/log/rsync/log and /var/log/rsync doesn't exist or isn't a directory (or the log file can't be opened for any other reason), then there's no warning whatsoever, as rsync forks itself into the background before checking the config, opening the log file, etc. Worse still, it gets a SIGSEGV, and dumps core. Here's a strace