similar to: REPOST: IP options

I'm seeing something similar to bug 1179 (https://bugzilla.mindrot.org/show_bug.cgi?id=1179), even with the reordered IP options check. For some reason, getsockopt is returning an IP options of length 2, value 00 00. Would Mark Weindling's original patch (https://bugzilla.mindrot.org/attachment.cgi?id=1105) break anything if I incorporated it? Platform: HP NonStop S7000 series

I'm seeing something unusual in 5.0p1. Let me start by saying that I'm on kind of an oddball system (HP NonStop). What I'm seeing is that at the end of an scp session, the server gets stuck in a loop. First I see a shutdown failure, followed by looping on an "ibuf_empty delayed efd 9/(0)" condition. This may have to do with some minor semantic differences in the way the

I'm wondering about the rationale behind the allocation of the fd_set for the select() call in bsd-poll.c. Is there a reason we're dynamically allocating the fd_sets using nmemb, rather than simply putting three fd_set variables on the stack, followed by FD_ZERO calls? This seems to make life more difficult, as evidenced by the "goto out" statement, needed to free the memory.

You need to disable ?ChallengeResponse? (aka keyboard-interactive) authentication, not password authentication, to protect against this attack. On Jul 22, 2015, at 1:56 PM, Bostjan Skufca <bostjan at a2o.si> wrote: > > And to answer your question about what to do, you have three options: > - disable access to ssh with a firewall > - disable password authentication > -

A couple of notes about mget/mput in SFTP (5.1p1). 1. They aren't documented in the SFTP man page 2 They misbehave -- "mput a.txt b.txt" copies a.txt to b.txt on the server "mput *.txt b.txt" copies the first wildcard match to b.txt on the server "mput a.txt b.txt c.txt" copies a.txt to b.txt on the server "mput a.txt

I'm using 5.0p1 (Yeah, yeah. I know.). For various reasons, I am unable to upgrade to the latest and greatest, which probably would solve my problem. Here's my question. When doing an scp from remote to local (e.g.: scp user at host:remote localfile), is there any way to specify the path to the remote scp? Or do I have to patch the code to allow it? ---- Scott

Oops. That's -T. From the man page, it doesn't really look like there's an ssh_config option for -N. -----Original Message----- From: openssh-unix-dev [mailto:openssh-unix-dev-bounces+scott_n=xypro.com at mindrot.org] On Behalf Of Scott Neugroschl Sent: Tuesday, August 09, 2016 1:04 PM To: Volker Diels-Grabsch; openssh-unix-dev at mindrot.org Subject: RE: Equivalent ssh_config

Does anyone have a patch (doesn't have to be official) to enable the "none" cipher? I need to examine some wire protocol stuff ---- Scott Neugroschl XYPRO Technologies scott_n at xypro.com 805-583-2874 x133

Is there a particular reason that sshd sets IPV6_V6ONLY on listen sockets? ---- Scott Neugroschl XYPRO Technology Corporation scott_n at xypro.com 805-583-2874

I'm trying to add an ENGINE to OpenSSH, and am looking at scard.c and scard-opensc.c as an example. I have a couple of questions -- 1. in both of them, in sc_get_engine(), the returned ENGINE is declared static, but it's overwritten each call. Is sc_get_engine intended to be called only once? When is ENGINE_free() called? 2. Where is the returned ENGINE used? Where is

Has anyone else on this list seen an uptick in fake "delivery failure notification" spam? I'm getting them at my return address here, and this is one of the two places where that address is public. Thanks ---- Scott Neugroschl XYPRO Technologies scott_n at xypro.com 805-583-2874 x133

I'm looking at replacing some algorithms with different implementations, and I'm having some problems with the AES CTR mode algorithms. I can see where encryption is done, but I can't figure out where decryption occurs. I'm looking at cipher-ctr.c ---- Scott Neugroschl XYPRO Technology Corporation scott_n at xypro.com 805-583-2874

Just curious. ---- Scott Neugroschl XYPRO Technology Corporation scott_n at xypro.com 805-583-2874

Hi everyone, I know scp is kind of the red-headed stepchild of the suite, but I'd like to propose an extension to the syntax for remote-remote passthrough using the "-3" option. Currently the syntax is essentially scp -3 [ -P port ] [user@]host1:file [user@]host2:file This is great, as long as both remotes are on the same port. It causes difficulties if host1 and host2 are not

On Thu, Apr 20, 2017 at 11:00 AM, Scott Neugroschl <scott_n at xypro.com> wrote: > > On Wed, Apr 19, 2017 at 1:02 PM, navern <livingdeadzerg at yandex.ru> wrote: > >> Is there any available tool with this for pre-evaluating the resulting sshd_config for fatal errors? I'm not demanding: I'm thinking "that could be really, really useful". > >

Quoth Iain: >I'm not sure if the work being done to allow OpenSSH to be built without OpenSSL includes SHA-1 support. Hi Iain. I haven't heard of this effort before. Can you give a few more details? Thanks, ScottN --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

I haven't been keeping up with the internals, I'm afraid. Does OpenSSH have support for Port Knocking? I might be interested in looking into that, as a way of reacquainting myself with the current code base. --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

I read an article today about keyboard interactive auth allowing bruteforcing. I'm afraid I have minimal understanding of what keyboard-interactive really does. What does it do, and should I have my clients set it to off in sshd_config? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

Whoops -- sent to wrong address... Mandriva 2008.1 openssh-SNAP-20090218 passes all tests. > -----Original Message----- > From: Scott Neugroschl > Sent: Tuesday, February 17, 2009 10:06 AM > To: Damien Miller > Subject: RE: Call for testing: openssh-5.2 > > Mandriva 2008.1 -- openssh-SNAP-20090218 passes > > > -----Original Message----- > From:

I may have asked this before ... my memory is bad. Is it possible to run "make tests" on a cross-compile build? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |