similar to: PATCH: fix incorrect checking of syslog facility in sftp-server

When you give sftp-server a bogus -l or -f parameter, it logs a useful error message then blunders on to call log_init() with the bogus value. log_init() then prints a less useful message to stderr and exits. The following patch tidies this up by only printing the more useful error to stderr and not blundering on afterwards. --- sftp-server.c.orig Mon Jun 18 16:37:46 2007 +++ sftp-server.c Mon

this patch adds a LogFile option to sshd_config. it just logs messages directly to a file instead of stderr or syslog. the largest change is an additional argument to log_init() in log.c for the log file name (and then changes to the rest of the tools to add a NULL arg). galt -------------- next part -------------- diff -urN openssh-3.5p1-orig/log.c openssh-3.5p1/log.c ---

Please find enclosed two patches for OpenSSH 3.1p1. The first patch solves a problem where sessions will be left "hanging" when you normally exit from a ssh shell (for example by logging out from the remote host via "exit" or "logout"). The problem seems to be that sshd (and some other parts of OpenSSH) doesn't check the return code and errno from waitpid() for

ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs. This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`. [0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683 [1] GitHub PR:

Hi, please find a patch against openssh-4.7p1 This patch: 1) Allows for an optional configuration file 2) Allows a user to be restricted to a directory and it's children. Enjoy -- Alain Williams Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information:

The following patch allows OpenSSH 2.2.0-p1 to be started (and managed) from /etc/inittab (by "init") on systems which support that. This is useful when you *really* want SSHD to always run since it will be automatically restarted by "init" if it dies (and if "init" dies the the systems dies :-). I use a line (in /etc/inittab) like this on Solaris systems:

Hi, This diff (for portable) makes the chrooted preauth privsep process log via the monitor using a shared socketpair. It removes the need for /dev/log inside /var/empty and makes mandatory sandboxing of the privsep child easier down the road (no more socket() syscall required). Please test. -d Index: log.c =================================================================== RCS file:

It appears that openssh has inherited the dos attack that ssh is susceptible to. This has been discussed on Bugtraq (see http://securityportal.com/list-archive/bugtraq/1999/Sep/0124.html for the thread). There does not appear to be an official for ssh. Attached below is a simple, proof of concept, patch that adds a MaxConnections to sshd_config that sets the maximum number of simultaneous

Hi, Related to: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.c.diff?r1=1.100&r2=1.101 It'd appear that logging in readconf.c: --- debug("Applying options for %.100s", arg); debug("Reading configuration data %.200s", filename); --- Goes to /dev/null. This is caused by the fact, that in ssh.c there is: --- /* * Initialize

https://bugzilla.mindrot.org/show_bug.cgi?id=3575 Bug ID: 3575 Summary: wrong usage message: "-Q protocol_feature" is an invalid query type Product: Portable OpenSSH Version: 9.2p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5

A trailing comma in an enum generates an error with the IBM C compiler, xlc, on AIX 4.3.2: $ gmake ... xlc -O2 -qmaxmem=-1 -qarch=com -I/opt/TWWfsw/tcpwrap/include -I. -I. -I/opt/TWWfsw/libopenssl09s/include -I/opt/TWWfsw/zlib11s/include -DSSHDIR=\"/etc/opt/TWWfsw/openssh323\" -D_PATH_SSH_PROGRAM=\"/opt/TWWfsw/openssh323/bin/ssh\"

This patch series consists of minor fixes and cleanups I made during update to openssh V_4_6 branch. openssh/auth-pam.c | 9 ++++----- openssh/auth2.c | 2 -- openssh/readconf.c | 7 ++++--- openssh/servconf.c | 14 ++++++++------ openssh/sftp-server.c | 9 ++++++--- openssh/sshd.c | 2 +- 6 files changed, 23 insertions(+), 20 deletions(-) -- ldv

Hi ! While browsing Linux manpages (man 3 syslog) I noticed that the manual says that the LOG_AUTH facility is deprecated use LOG_AUTHPRIV instead. Is there a good reason why OpenSSH doesn't have an option to use LOG_AUTHPRIV facility ? (Looks like that tcpd/telnet etc. use the AUTHPRIV facility (in RH6.2)). Shouldn't be too hard to add the AUTH_PRIV facility ? Cheers, -Jarno --

Hi, I'm trying to compile openssh2.3.0p1 on aix3.2.5. Can I ignore this list of warning messages? bsd-bindresvport.c: In function `bindresvport_af': bsd-bindresvport.c:94: warning: implicit declaration of function `bind' bsd-rresvport.c: In function `rresvport_af': bsd-rresvport.c:64: warning: implicit declaration of function `bzero' bsd-rresvport.c:82: warning: implicit

https://bugzilla.mindrot.org/show_bug.cgi?id=2681 Bug ID: 2681 Summary: postauth processes to log via monitor Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hello ! Like Edmund EVANS reported openssh-2.1.1p4 won't fork to background when using protocol 2. I managed to hack a little patch that might work ... What is the -N command line option supposed to do ? I gather it should work only with protocol2 and without any command to run on the server (and with some port forwardings ??) Anyway in the patch I put some code to check that -N is used

===== Ladies/Gents, "ssh-keyscan.c" can't be linked statically against "libssh.a". You end up with `fatal()' being doubly defined. The patch below deletes the new "ssh-keyscan.c:fatal()" function and and restores the "ssh-keyscan.c:fatal_callback()" function with modifi- cations. The problem that both attempt to alleviate is the setting of the

Hi, I'm not a subscriber to this list so please CC: me in any replies. I found myself in a situation where I was behind a corporate firewall that allowed only web requests to the outside world (and furthermore those requests had to be via their proxy server). Therefore, I couldn't SSH to the outside world. However, the HTTP proxy 'CONNECT' method, which is normally used to

I've attached a patch for openssh-SNAP-20001028 which fixes the following two problems: 1) I fixed fixpaths to complain instead of failing silently if it can't write the output file. 2) I changed log-server.c to use av0 as the first argument to openlog(). I also made sure it called openlog() before the TCP wrapper stuff, because libwrap calls syslog() and winds up using the

In the past 2 months another change occurred in the CVS code that broke my ssh-keyscan patch. Here's an updated version that tweaks the changed name (in the Kex struct) and also causes an attempt to grab an ssh2 key from an older server (without ssh2 support) to fail earlier and without an error message (Stuart Pearlman emailed me some code for this). This patch is based on the BSD CVS