similar to: Help with openssh: ssh application writing data > 131071 to socket causing message too long error

I am utilizing an openssh tunnel between two Linux boxes. On the client box I issue the following commands to set up the tunnel; - ssh -w0:0 root at x.x.x.x -v where x.x.x.x is the IP address of the Linux system running sshd - ip addr add 10.0.5.1/32 peer 10.0.5.2 dev tun0 - ip link set tun0 up On the box running sshd I issue the following commands: - ip addr add 10.0.5.2/32 peer 10.0.5.1 dev

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,

In our work with enabling large windows for openssh we found 1) that if a window > 0x10000 is advertised to openssh's sshd 2) the sshd tries to send more than 0x10000 bytes of data 3) the receiver does not consume them 4) the input buffer will grow larger than the size allowed by buffer.c and fatal(). We believe the correct behavior is to limit reading into the channel input buffer to

The current code for channel.c creates an array of Channel structs (initially set to NULL) which is then iterated through, in full, every time a channel needs to be dealt with. If only one channel is in use, which is relatively common, the code still loops through the entire array. This patch creates a linked list of pointers to these structs and the code steps through the linked list. Since

As before, it is described on our website. This should apply fairly cleanly to both portable and openbsd ssh. http://www.psc.edu/networking/hpn-ssh/ Only in openssh-3.8.1p1-dynwindow: Makefile diff -u openssh-3.8.1p1/buffer.c openssh-3.8.1p1-dynwindow/buffer.c --- openssh-3.8.1p1/buffer.c 2003-11-21 07:56:47.000000000 -0500 +++ openssh-3.8.1p1-dynwindow/buffer.c 2004-07-12 07:49:29.000000000

using openssh-3.8.1p1 from sunfreeware.com on a SunOS XXX 5.8 Generic_117000-03 sun4u sparc SUNW,Sun-Fire-V240. sshd seems to ignore or miss SIGCLD. this is a rare behaviour we observe about once per week in a ssh intensive environment. the process hangs here: truss: 24453: poll(0xFFBEEF28, 2, -1) (sleeping...) gcore, mdb: libc.so.1`_poll+4(b, 0, 0, ffbeef38, 6fc40,

The command "ssh ls -l /doesnotexist" gives various responses: Running from a 200 MHz PentiumPro with dsa key added to ssh-agent: Mistakes worst to fast machine: To a faster 600 MHz dual processor i686 600 MHz machine: ls: /doesnotexist: No such file or directory -- correct nothing at all -- wrong ls: select: Bad file descriptor -- wrong

Hi all, This is a client side only implementation of reversed dynamic (SOCKS) TCP forwarding, which means it is compatible with any existing servers have 'remote forward' capability. To establish such forward, use "ssh -R [BIND_ADDRESS:]PORT ...". The server will listen on that port and address and accept SOCKS traffics. Hope this will be useful for you. There was an

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the

this (uncomplete) patch makes various features compile time options and saves up to 24K in the resulting ssh/sshd binaries. i don't know whether this should be added to the CVS since it makes the code less readable. perhaps WITH_COMPRESSION should be added, since it removes the dependency on libz -m Index: Makefile.inc =================================================================== RCS

Hello Steve, Hello OpenSSH-portable developers, I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe operating system, and I noticed you do the same for OS/390. Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2 or some such), I thought it was fair enough to help with a little co-operation; we might come up with a unified EBCDIC patch which could be contributed to

hello.. i am running openssh-3.7.1p2. on linux.It is working successfully..and daemon is running &client also connecting.But the problem is with the mips architecture when i connecting this server from remote syytem.?i got an error of buufer_get:trying to get more bytes 1 than buffer0.And client is not connecting from remote system.My out is as follows on my server ?in sshd main before

hello.. i am running openssh-3.7.1p2. on linux.It is working successfully.and daemon is running &client also connecting.But the problem is with the mips architecture when i connecting this server from remote syytem. i got an error of buufer_get:trying to get more bytes 1 than buffer0.And client is not connecting from remote system.My out is as follows on my server in sshd main before

Hi ! Here's a patch to add remote port forwarding support (protocol 2) for openssh. I have tried to test that it works like it should but a more thorough testing is needed. This patch adds both client/server support. The patch should be applied to openssh-2.1.1p4 source tree. Also included is a PortForwarding sshd_config option, new ./configure option --disable-forwarding that should make it

Hello ! Like Edmund EVANS reported openssh-2.1.1p4 won't fork to background when using protocol 2. I managed to hack a little patch that might work ... What is the -N command line option supposed to do ? I gather it should work only with protocol2 and without any command to run on the server (and with some port forwardings ??) Anyway in the patch I put some code to check that -N is used

Hi! I am use SuSe 7.2 x86 and openssh-2.9p1-7.rpm I got a problem using bitkeeper on my laptop where bitkeeper reported an I/O error while reading data from 'ssh'. After much debugging, and some help from the bitkeeper people, I found out that that clientloop.c doesn't handle interrupts gracefully. (It died when it got an EAGAIN error when writing to the application) After applying

Hi, This diff (for portable) makes the chrooted preauth privsep process log via the monitor using a shared socketpair. It removes the need for /dev/log inside /var/empty and makes mandatory sandboxing of the privsep child easier down the road (no more socket() syscall required). Please test. -d Index: log.c =================================================================== RCS file:

Hi, At the n2k10 OpenBSD network hackathon, I finally got some time to clean up and rewrite the ssh(1) client multiplexing code. The attached diffs (one for portable OpenSSH, one for OpenBSD) are the result, and they need some testing. The revised multiplexing code uses a better protocol between the master and slave processes and I even bothered to write it up :) It tracks the control sockets

When I encounter the problem with TCP port forwarding locking up, I'll see this on the client window (if I haven't invoked ssh with -q): chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected This is with Blowfish encryption. I have to kill and restart the client when this happens. Phil