similar to: reverse mapping check; authentication methods

http://bugzilla.mindrot.org/show_bug.cgi?id=979 Summary: Openssh doesn't support UTMPS/BTMPS/WTMPS database Product: Portable OpenSSH Version: 3.9p1 Platform: Other OS/Version: HP-UX Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org

Hello All, We have a sensitive network where users authenticates through SSH. We support multiple authentications with respective to their groups . As a security concern we continue to monitor failed or bad login attempts of every user using lastb command, but SSH never logs the bad login attempts of the user like telnet does . We would like to have this feature on SSH for every supported

OpenSSH 4.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or

Hi, I am trying to configure OpenSSH to allow root logins, without success so far. So I could really use some advice. This is my server configuration: AllowUsers = thomas root AuthenticationMethods hostbased,publickey ExposeAuthInfo = no ForceCommand none GSSAPIAuthentication no HostbasedAcceptedAlgorithms ssh-ed25519 HostbasedAuthentication yes HostbasedUsesNameFromPacketOnly yes HostKey

OpenSSH 4.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or

Hello, I know this is likely to give me a brute force attack hit, but the only thing anyone can accomplish by ssh-ing to my machine is to provide me with a tunnel into your machine. So don't bother. Anyway, my server machine is running this: /usr/bin/ssh -X -R ${port}:localhost:22 -o BatchMode=yes \ -o StrictHostKeyChecking=no ${user}@${my_home_machine} On my local machine: ssh -vvv -X

OpenSSH 4.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or

----- Forwarded message from Damien Miller <djm@cvs.openbsd.org> ----- Subject: OpenSSH 4.0 released From: Damien Miller <djm@cvs.openbsd.org> Date: Wed, 9 Mar 2005 02:54:13 -0700 (MST) To: announce@openbsd.org X-Original-To: jeremie@le-hen.org Delivered-To: tataz@tataz.chchile.org X-Loop: announce@openbsd.org Precedence: list OpenSSH 4.0 has just been released. It will be available

Hi, QUESTION: what implications are there when using the "root" or a root type of account via a port-forwarding ssh-tunnel inside (or on top of) another non-root type of user's ssh-tunnel ? Is such double layer of encryption brings more security or system still vulnerable same as single layer of SSH encryption ? DETAILS: In CentOS (6.3 & 6.4) server side i have done these: (1)

Hi, Openssh doesn't log failed logins to /var/log/btmp like login does (if btmp exists). This is on RH6.2. Is there a specific reason for not logging to btmp ? I think that logging to btmp would be a 'good thing'(tm). What about other unices ? Do they have /var/log/btmp or something similar (AIX has something like that and I think openssh already logs the failed attempts). AFAIK

IN the /var/log/ folder there are two files WTMP and BTMP BTMP is getting huge after a year, about 800MB, WTMP is getting close to 1MB. In the /etc/logrotate.conf I see this -------------------- # no packages own wtmp -- we'll rotate them here /var/log/wtmp { monthly minsize 1M create 0664 root utmp rotate 1 } ------------------- I can see where WTMP will probably rotate

Greetings All, I have a ssh server which allows sftp connections from the Internet while ssh connections from within the local net, here is the config: Code: Port 11111 Port 11113 Protocol 2 LogLevel DEBUG

I am running Solaris 8 with the Basic Security Module (BSM) loaded and Sun's Enterprise Authentication Mechanism (SEAM) installed. Our servers are using Sun One Directory Services (LDAP) for authorization and Sun's Kerberos 5 implementation for authentication. We have been using OpenSSH 3.4p1 with OpenSSL 0.9.6f and everything has been working fine. We are updating our OpenSSH and OpenSSL

Greetings, I am using OpenSSH 4.7 and trying to use a middle machine to do reverse shell. The error I run into is the destination says getsockopt TCP_NODELAY: Connection reset by peer. The setup: 3 machines (we can call them A,B,C) with QNX Neutrino I would like machine C to be the destination. So we have A can talk to B, and B can talk to C, but A can not talk to C directly. What I am

a while back i reported an issue where /dev/null was getting set to 600 perms after a system update. i finally figured out what it is. i don't care about failed logins and have limited space on some servers, so i symlinked /var/log/btmp to /dev/null. the initscripts package does a chmod 600 /var/log/btmp, so voila /dev/null gets changed. so now i know why it happened just to me. i now

http://bugzilla.mindrot.org/show_bug.cgi?id=974 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement Platform|HPPA |All Summary|Enhancement : Record |Record Badlogins for

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 <big snip> > Why "slash": /.thunderbird in case of your example? Because if you > do not specify absolute path beginning with / the ssh daemon > prepends your relative path with its `pwd` it runs in, and its > `pwd` is "/") Not so. Consider: $ ssh pi-1 pwd /home/jmr If you examine what is happening, the

Cf. http://seclists.org/fulldisclosure/2008/Jul/0090.html This Mrdkaaa character claims to have exploited this, but does not say how. The issue is that if do_pam_account() fails, do_authloop() will call packet_disconnect() with loginmsg as the format string (classic printf(foo) instead of printf("%s", foo) bug). The stuff that do_authloop() appends to loginmsg is harmless (the user

http://bugzilla.mindrot.org/show_bug.cgi?id=1143 Summary: connections with "sshd: root at notty" is established but not closed Product: Portable OpenSSH Version: 3.9p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: critical Priority: P2 Component: Kerberos support

https://bugzilla.mindrot.org/show_bug.cgi?id=3193 Bug ID: 3193 Summary: Add separate section in sshd_config man page on Access Control Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: