Displaying 20 results from an estimated 500 matches similar to: "How to generate additional debug messages for sshd gssapi failures?"
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2003 Aug 10
9
updated gssapi diff
this is the proposed gssapi diff against OpenSSH-current (non-portable).
note: if this goes in, the old krb5 auth (ssh.com compatible) will be
removed.
please comment.
jakob
Index: auth.h
===================================================================
RCS file: /home/hack/jakob/mycvs/sshgss/auth.h,v
retrieving revision 1.1.1.2
retrieving revision 1.3
diff -u -r1.1.1.2 -r1.3
--- auth.h
2005 Aug 26
3
[Bug 1066] off-by-one error with GSSAPI names
http://bugzilla.mindrot.org/show_bug.cgi?id=1066
Summary: off-by-one error with GSSAPI names
Product: Portable OpenSSH
Version: 4.1p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: dleonard at
2001 Jun 28
1
Adding 'name' key types
Playing around with the [wonderful] GSS-API patches for OpenSSH [1] I
noticed that there is a bit of functionality missing from
OpenSSH/GSS-API, namely that authorized_keys2 has no meaning when using
GSS authentication.
Yes, ~/.k5login can be used to grant access to an account for
applications that support Kerberos, as does OpenSSH with those GSS
patches, but .k5login does not and cannot provide
2003 Oct 30
1
Patch to make sshd work on multihomed systems
As far as I know this patch has no security implications -- I don't
believe that allowing sshd to use get_local_name() (in canohost.c) on
a connected socket to determine it's own fqdn will allow a malicious
client (or router or dns server) to make it come to the wrong
conclusion. But please let me know if you think I'm wrong.
Please also let me know if you're just not interested
2008 Aug 12
5
[PATCH] Support GSS-SPNEGO natively
I cooked this up while trying to figure out why thunderbird on Windows
w/ SSPI was not working, but it turned out thunderbird does not use
it, so I haven't been able to test it yet. I'm presenting it for
discussion only, unless someone else can try it :)
Modern versions of MIT kerberos support GSS-SPNEGO natively, but are
only willing to negotiate for kerberos tickets and not NTLM
2003 Oct 28
2
Privilege separation
Hello!
Please consider including the attached patch in the next release. It
allows one to drop privilege separation code while building openssh by using
'--disable-privsep' switch of configure script. If one doesn't use privilege
separation at all, why don't simply allow him to drop privilege separation
support completely?
--
Sincerely Your, Dan.
-------------- next part
2005 Sep 12
3
Problems Compiling OpenSSH 4.2p1 on Tru64 UNIX 5.1b
I configure as follows:
./configure --with-zlib=/usr/local/include
cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o
sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o
auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o
auth2-passwd.o auth2-pubkey.o monitor_mm.o
2007 Mar 23
2
openssh 4.6p1 bug / IRIX
hello,
little problem compiling openssh 4.6p1 on irix using mipspro 7.4.x.
c99 -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o
sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o
auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o
auth2-passwd.o auth2-pubkey.o
2004 Aug 20
1
problem compiling OpenSSH 3.9 on OpenBSD 3.4
Please pardon any user idiocy involved, but I applied the OpenBSD 3.4
patch to the 3.9 sources on both my i386 and sparc64 OpenBSD 3.4 boxes,
and get the same error:
cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o
auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o
auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o
auth2-chall.o groupaccess.o auth-skey.o
2004 Mar 27
1
Problems Compiling sshd - OpenSSH 3.8p1 on Tru64 UNIX V4.0F PK#7 (OSF)
I am trying to compile sshd 3.8p1 on Tru64 UNIX V4.0F Patch Level 7.
Previously I've compiled the entire 3.6.1p2 distribution with no problems.
The problem seems to occur when linking sshd. The linker is unable to find
xcrypt and shadow_pw functions (openbsd-compat/*.c). The libopenbsd-compat
seems to have built without errors. I configure as follows:
CC=cc CFLAGS=-O LDFLAGS=-non_shared
2019 May 20
4
Authenticate against key files before AuthorizedKeysCommand
Hello,
Currently OpenSSH has a fixed order on how the key authenticates the
user: at first it tries to authenticate against TrustedUserCAKeys,
afterwards it does it against the output keys from the
AuthorizedKeysCommand and finally against the files as set in
AuthorizedKeysFile. I have an use-case where this order is not ideal.
This is because in my case the command fetches keys from the cloud
2007 May 01
1
problem while doing make - openssh on sco unix 7.1
I am trying to install openssh on sco unix 7.1 and getting following error ,
please help
I have installed zlib - zlib-1.2.3
Openssl openssl-0.9.8e
Openssh openssh-4.6p1
# make
if test ! -z "yes"; then \
/usr/bin/perl ./fixprogs ssh_prng_cmds ; \
fi
(cd openbsd-compat && make)
cc -o ssh
2018 Jun 08
2
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
Also what exact distro and version are you having the problem on and
what version of ld does it have?
Mine is
$ ld --version
GNU ld version 2.29.1-23.fc28
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
2003 Sep 16
3
OpenBSD 3.3 x86 Build Problem
I'm seeing this on a clean build after downloading 3.7 to my
OpenBSD source tree...
bash-2.05b# make
[...]
===> lib
===> ssh
===> sshd
cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o
auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o
uidswap.o auth.o auth1.o auth2.o auth-options.o session.o
auth-chall.o auth2-chall.o groupaccess.o auth-skey.o
2006 Feb 22
2
Kerberos and authorizied_keys
How reasonable, acceptable and difficult would it be to "enhance" openssh
so authorizations using kerberos (specifically kerberos tickets) consulted
the authorized_keys file? And to be a bit more precise... consulted
authorized_keys so it could utilize any "options" (eg. from=, command=,
environment=, etc) that may be present?
I'm willing to make custom changes, but
2018 Jun 07
2
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
hi
On 6/7/18 4:03 PM, Darren Tucker wrote:
> On 8 June 2018 at 07:09, PGNet Dev <pgnet.dev at gmail.com> wrote:
>> Verifying a report I just got pinged about, building vanilla openssh 7.7p1 on linux configures ok, but fails build around 'retpoline'
> [...]
>> Should the retpoline flag be getting added? If so, what's needed to make LD happy with it?
>
>
2001 Feb 12
2
OSF_SIA bug in 2.3.0p1
Is anyone maintaining the OSF_SIA support in openssh? This seems to be an
obvious bug triggered if you try to connect as a non-existant user.
>From auth1.c line 459
#elif defined(HAVE_OSF_SIA)
(sia_validate_user(NULL, saved_argc, saved_argv,
get_canonical_hostname(), pw->pw_name, NULL, 0,
NULL, "") == SIASUCCESS)) {
#else /*
2016 Feb 10
2
Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands
On February 9, 2016 7:28 PM, Darren Tucker wrote:
> To: Randall S. Becker <rsbecker at nexbridge.com>
> Cc: OpenSSH Devel List <openssh-unix-dev at mindrot.org>
> Subject: Re: Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands
>
> On Wed, Feb 10, 2016 at 10:35 AM, Randall S. Becker
> <rsbecker at nexbridge.com> wrote:
> > Thread split from my
2001 Jun 26
1
OpenSSH 2.9p2 with PAMAuthenticationViaKbdInt
When using PAM to do password authenticaion the attempt/failure counter
appears to be getting confused. This is using a rh62 system with the
openssh-2.9p2-1 rpms...
On the client side...
[matthewm at toadhall (7) matthewm]$ grep Auth /etc/ssh/ssh_config
RhostsAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
RSAAuthentication no
PubkeyAuthentication yes