similar to: Port forwarding using the client of a multiplexed connection.

Hi, At the n2k10 OpenBSD network hackathon, I finally got some time to clean up and rewrite the ssh(1) client multiplexing code. The attached diffs (one for portable OpenSSH, one for OpenBSD) are the result, and they need some testing. The revised multiplexing code uses a better protocol between the master and slave processes and I even bothered to write it up :) It tracks the control sockets

Hello I am not a developer, but since this is a more advanced issue I rather post to this list than to the users list, I hope this is OK. We are currently running openssh with simon's gssapi patch and want to move towards the new integrated solution with openssh-3.7.1p2. A problem we experienced in both versions of openssh is that we are not able to change the kerberos password, when it

I am out of ideas about what the problem is. I am using the default sshd_config installed by the port. I can authenticate, copy files, and start processes, but sshd fails to create a tty session. This happens from remote machines and creating a session from the host machine. I find the following under messages. Aug 8 19:32:16 mongoloid sshd[44626]: fatal: mm_send_fd: sendmsg(4): Bad

I've got a Solaris 8 and 9 box using LDAP to successfully authenticate users. I can get logged in via ssh using keyboard interactive (via PAM/LDAP). When I try to use pubkey authentication, both the pubkey as well as the fallback to keyboard interactive always fail. I've tried openssh versions as early as 3.4 and as new as the 11-06 snapshot with the same behavior. Everything works

Darren Tucker <dtucker at zip.com.au> writes: >That's a vendor-modified version of OpenSSH. Assuming it corresponds to >what's in FreeBSD head, there's about a thousand lines of changes. Ugh. >Can you reproduce the problem with an unmodified version from openssh.com? >Failing that, can you get the server-side debug output from a failing >connection (ie

Hello All-- First, thanks for ControlPath/ControlMaster. It's very handy, and ControlMaster=autoask is just what i wanted! I'm having difficulty with a common use case, however. I want to LocalForward on secondary connections using an already-established ControlPath. From what i can tell, the second ssh connection doesn't report any errors, but silently ignores the supplied

Hi We recenlty ugraded to openssh-3.7.1p2. Our architecture is ssh daemon uses pam module which sends request to remote radius/tacacs+ servers based on configuration. Now if I create the user in /etc/passwd, then ssh daemon calls pam and everthing works fine. But if the user is not present in /etc/passwd, then ssh daemon is not calling pam. The debug log is given below. All these

Hi, I was trying to run sshd after applying the fips patches mentioned in http://www.gossamer-threads.com/lists/engine?do=post_attachment;postatt_id=1835;list=openssh but for some reason sshd refuses to accept the connection. I guess I do something terribly wrong. Is there a reason that this is bound to fail? These 5.6 patches were the most recent I could find. Are there any fips patches

Greetings, I know this has been discussed (pretty much since 3.7.1) and I have been going through the archives trying to make sense of it but I am still having problems getting 3.8.1p1 to work with PAM and AFS on Solaris 8. The problem (for those who may have missed it): When I try and log in as an AFS user to a Solaris 8 box running 3.8.1p1, I can authenticate to the machine but do not

Hi, I am not sure this is a bug in Openssh or not. I am running Openssh 4.1p1. with openssl 0.9.7g Scenario: When my password is in the warning period, I logon via ssh and I did not get the warning message which I should. I enabled the DEBUG level to 3 and I can see that sshd did received the warning message but It is not displayed from login session. Information from DEBUG : Jul 13 17:05:31

Hi, What I was trying to do (apart from toying with stuff) was to get a realiable, single, portable/importable credential that would be universally available whenever I need it but in normal operation would be either stored in or wrapped by Secure Enclave (this means EC keys), instead of provisioning 5 resident FIDO keys, one Secretive SE-wrapper key and a backup key. (I know, I could use

Hello, I got some weird problem with public key authentication using rsa key pair. Let me first of all explain my setup. 1) I got two Solaris 8 x86 boxes uname -a SunOS 5.8 Generic_117351-24 i86pc i386 i86pc <kdc: 192.168.10.11> <---> <module: 192.168.10.10> 2) They're running absolutely identical openssh installations I'm using pkgsrc, so I've builded all

Hi, at first I'm not sure if this is the correct list to ask this question. But since I'm using winbind I hope you can help me. I try to realize a kerberized ssh from one client to another. Both clients are member of subdom2.subdom1.example.de and joined to it. The users are from example.de, where subdom1.example.de is a subdomain (bidirectional trust) of example.de and

http://bugzilla.mindrot.org/show_bug.cgi?id=938 Summary: "AllowGroups" option and secondary user's groups limit Product: Portable OpenSSH Version: 3.9p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at

I am porting over the portable version of openssh to our uCLinux implementation. Everything has worked with minimal effort and I appreciate all the work. But, I am having a problem whereby the sshd executable is crashing and I really could use some help on where to look at this in more details. Here is how I start up the sshd for testing. /usr/sbin/sshd -D -ddd -f /etc/ssh/sshd_config -p 65

I can suggest a few things. krb5.conf ( if you use nfsv4 with kerberized mounts _ [libdefaults] ignore_k5login = true in But, it does not look like it in you logs your useing kerberized mounts. Im missing in SSHD_config : UseDNS yes And the defaults : # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes Are sufficient for a normal ssh kerberized login. Optional,

On 08/03/16 03:19, Darren Tucker wrote: > > Yes. Debugging something on a system you can't interact with is hard > enough without having information withheld. > I'll run again and add the relevant unedited texts as attachments. There is nothing in /var/log/secure. Also a diff between the config.h 's without and with --with-ssh1 is attached. I have a centos-6.7 under

Hi, thanks for your hints. DNS, /etc/resolf.conf, /ets/hosts seem to be correct. I'm able to do a kerberized ssh with a user from subdom2.subdom1.example.de (testuser at SUBDOM2.SUBDOM1.EXAMPLE.DE) But I'm not able to do the same with a user from example.de (user1 at EXAMPLE.DE). -- Regards, Andreas Am 01.11.2017 um 10:51 schrieb L.P.H. van Belle via samba: > I can suggest a few

Hi all, I'm really struggling with getting Kerberos authentication to work between a FreeBSD host and a Linux host. I'm using the latest 6- STABLE code on the FreeBSD box, I've got forwardable Kerberos tokens (verified with "klist -f") and Kerberos and ssh are working fine in all other ways, but I can't get the Linux box to accept the Kerberos ticket as

http://bugzilla.mindrot.org/show_bug.cgi?id=375 Summary: sshd core dumping with msg "Cannot delete credentials" Product: Portable OpenSSH Version: 3.1p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org