similar to: chroot directory must be root owned

Hi All, Could anyone explain what is "enhance SSH so that sftp chrooted user sessions are loged in to syslog"? What is "chrooted user sessions"? I'm sorry for the interruption and the laughable question. Thanks and Regards, Bin.Bai.

It seems the certificate-based login doesn't work on both sides of the remote connection when using scp? Scenario: User on PC A can SSH login to PCs B and C with his certificate, no password prompt. When User on PC A runs a scp operation from B to C he's asked for the password on C. Does the scp actually open a connection from B to C (User doesn't have a certificate on B)? This

Hello, I've tried many places, finally ending up here to ask my question: why is it so vital that the directory used with the ChrootDirectory directive is root-owned? Like many people I'm trying to use this in a webhosting environment where several users get sftp-only access to some directory, usually something like /home/user/web/part-of-website. I can be sure that there are no setuid

Hi all, Today, I was tasked at work with setting up a chroot SFTP server on a 64bit Arch Linux server. I naturally turned to Arch Linux's wiki article on the subject (http://wiki.archlinux.org/index.php/SFTP-chroot) and the directions were very clear. However, the directions did not work. I kept getting a "Write failed: Broken pipe" error after attempting to connect. Upon digging

On Fri, 2018-01-05 at 16:00 +1030, David Newall wrote: > On 05/01/18 02:44, Thomas G?ttler wrote: > > I set up a chroot sftp server [...] > > Is there a way to get both? > > > > - chroot > > > > - writable root > > The source code (sftpd.c) seems to require that the root directory > be > owned by root and not group or world writable, so I

Hello list, This is a patch to rsync 2.5.5, and it serves two purposes. The small patches to batch.c, flist.c and log.c simply add "void" to some function definitions so that all declarations in proto.h have full parameter lists. unsigned char read_batch_flags() OLD unsigned char read_batch_flags(void) NEW The SCO UNIXWare compiler correctly objected to these functions not having a

Hi there, I'm using Samba 3.0 beta 3 on RH 9 (connecting to a Windows 2000 domain, as a member server) and I'm having trouble keeping samba running reliably. At random times it seems to stop recognising names from the domain. Restarting winbind fixes the problem, but then it occurs randomly again, usually once or twice a day. At least once it has fixed itself after being broken overnight

By the way, I noticed in the previous IdentityFile patch I forgot to expand tilde. I fixed this by making the change in ssh.c instead of readconf.c, which is probably where it belongs, as far as the existing code is concerned: diff -ur openssh-3.0.2p1/auth.c openssh-3.0.2p1I/auth.c --- openssh-3.0.2p1/auth.c Sun Nov 11 17:06:07 2001 +++ openssh-3.0.2p1I/auth.c Sun Jan 27 12:05:14 2002 @@ -44,7

Here is a patch to allow private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location on systems where home directories are NFS mounted. This is especially important for users who use blank passphrases rather than ssh-agent (a good example of where this is necessary is for tunnelling lpd through ssh on systems that run lpd as user lp). IdentityFile now accepts

Here is the user-dependent IdentityFile patch for openssh3.5 (BSD version), which allows private key files to be placed system wide (for all users) in a secure (non-NFS) mounted location. This addresses an important security hole on systems where home directories are NFS mounted, particularly if there are users who use blank passphrases (or when lpd is tunneled through ssh on systems running lpd

These patches are against 3.0.1p1. I need them because I have a local mod which needs access to the ServerOptions struct named ``options'', hence the rename. --- auth-rsa.c.orig Mon Nov 19 16:54:01 2001 +++ auth-rsa.c Mon Nov 19 16:56:18 2001 @@ -180,8 +180,7 @@ * user really has the corresponding private key. */ while (fgets(line, sizeof(line), f)) { - char *cp; - char

On Fri, 2018-01-05 at 21:42 +1030, David Newall wrote: > On 05/01/18 20:06, Jakub Jelen wrote: > > if the confined user has write access to the chroot directory, > > there are ways how to get out, gain privileges and or do other > > nasty things. > > I'm not inexperienced with UNIX and unix-like operating systems (30+ > years), and I can't think what these

Hi, Guus I did some test regarding the points you mentioned below, and yes, you’re right, but some of points may need further adjusted: 1. The destination of IPv4 wouldn’t be changed, Yes I agree, that’s the goal and final destination for the communication. But during the path, it may be encapsulated into another packet(tunnel mode), where the outside IP header is the physical address, but the

This patch is against 3.0.2p1. It produces output like the first line in the example below for both v1 and v2 logins. Logging is turned on by sticking ``LogFingerprint yes'' in sshd_conf. It would be nice if something like this would make it into OpenSSH. Dec 4 14:21:09 lizzy.bugworks.com sshd[7774]: [ID 800047 auth.info] Found matching RSA1 key:

This allows me to set 'ControlPath ~/.ssh/sockets/%h.%p.%u' for example. Have I missed a good reason why ssh_connect finds the default port number for itself instead of just having it in options.port (like we do for the the default in options.user)? --- openssh-4.1p1/ssh.c~ 2005-06-12 09:47:18.000000000 +0100 +++ openssh-4.1p1/ssh.c 2005-06-12 09:40:53.000000000 +0100 @@ -604,6 +604,17

Hello! When my application opens a URL in Firefox with more than 257 characters, the URL is truncated and the message below. "Err: psdrv: PSDRV_PPDGetNextTuple Line too long." I noted that this limitation may be due to the following code. See line 00363. Code: 00354 /********************************************************************* 00355 * 00356 *

http://bugzilla.mindrot.org/show_bug.cgi?id=729 Summary: Feature request + patch: DenyLockedAccounts option in sshd_config Product: Portable OpenSSH Version: -current Platform: All URL: http://www.unixwiz.net/blog/archives/001125.html OS/Version: All Status: NEW Severity: minor

In several places, openssh-2.9.9p2 passes a 'char' value to a ctype macro like 'isdigit'. This has undefined behavior on hosts with signed characters, if the character value happens to be negative. For example, isdigit('\200') expands to an array access that is a subscript error on hosts with signed characters where '\200' == -128. This leads to incorrect results,

Commit-ID: 52251e210c7a21068063fe16a3874903d3f1aa14 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=52251e210c7a21068063fe16a3874903d3f1aa14 Author: Ben Hutchings <ben at decadent.org.uk> AuthorDate: Mon, 7 Oct 2019 20:39:46 +0100 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Tue, 8 Oct 2019 00:13:20 +0100 [klibc] fstype: Drop obsolete

http://bugzilla.mindrot.org/show_bug.cgi?id=377 Summary: Reduce compiler warnings. Use unsigned args to the ctype.h is*() macros. Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: trivial Priority: P2 Component: Miscellaneous