Displaying 20 results from an estimated 400 matches similar to: "Problem of updating openssh-4.4p1 to openssh-5.5p1 with MAX_ALLOW_USERS option"
2010 Dec 10
0
Fwd: Problem of updating openssh-4.4p1 to openssh-5.5p1 with MAX_ALLOW_USERS option
Hello!
> Hello!
>
> We have the server with RHEL 5.5 (64-bit) and need to connect many
parallel users over ssh (OpenSSH).
> Usually we use openssh-4.4p1, builded from the sources with changed
"servconf.h" file by this type:
> #define MAX_ALLOW_USERS 10000 /* Max # users on
allow list. */
> #define MAX_DENY_USERS
2002 Jul 04
4
Chroot patch (v3.4p1)
The following is a patch I've been working on to support a "ChrootUser"
option in the sshd_config file.
I was looking for a way to offer sftp access and at the same time restict
interactive shell access. This patch is a necessary first step (IMO).
It applies clean with 'patch -l'.
Also attached is a shell script that helps to build a chrooted home dir on
a RedHat 7.2
2002 Mar 28
1
[PATCH] Feature addition: user access control per auth method
I added a few features to openssh for my local use that I think would
be more broadly useful. I basically added access control lists to
control who would be allowed public key authentication. I added four
config file entries for the server:
PubkeyAllowUsers
PubkeyDenyUsers
PubkeyAllowGroups
PubkeyDenyGroups
These follow the same sematics as the already existing entries for
2005 Jan 20
0
AllowUsers - proposal for useful variations on the theme
A short while ago, I looked at using the AllowUsers configuration option
in openssh (v3.8p1 , but I believe this to be unchanged in 3.9p1) to
restrict access such that only specific remote machines could access
specific local accounts.
I swiftly discovered that
a) specifying wildcarded IP numbers to try to allow a useful IP range
was pointless: if I specified
AllowUsers joe at
2003 Feb 05
2
MAX_ALLOW_USERS
Hey everyone,
I have been using sftp for quite some time now and we have just hit 256
sftp users. Line 21 of servconf.h reads:
#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
I am curious why this is in a header file and not something that is in
sshd_config that can be changed without recompile?
Thanks in advance!
--
James Dennis
Harvard Law School
"Not
1999 Nov 20
1
openssh and DOS
It appears that openssh has inherited the dos attack that ssh is
susceptible to. This has been discussed on Bugtraq (see
http://securityportal.com/list-archive/bugtraq/1999/Sep/0124.html
for the thread). There does not appear to be an official for ssh.
Attached below is a simple, proof of concept, patch that adds a
MaxConnections to sshd_config that sets the maximum number of
simultaneous
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2012 Nov 21
1
HostKey in hardware?
Hi,
Is there any way to store HostKey in hardware (and delegate the related
processing)?
I have been using Roumen Petrov's x509 patch for clients, which works via an
OpenSSL engine, but it does not seem to support server HostKey:
http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html
For PKCS#11, I have found an email on this list from a year back suggesting
this
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the
2006 Oct 01
0
new error message in 4.4p1
I'm trying to understand why I'm getting a new error message
in 4.4p1, when 4.3p1 did not produce the error message. The
config files are the unchanged.
The new error in the log is
Failed hostbased for xxx from nnn.nnn.nnn.nnn
That is followed by the usual
Accepted hostbased for xxx from nnn.nnn.nnn.nnn
and the host based authentication continues to work correctly
despite the new
2006 Sep 30
1
Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
Hi All,
The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download.
On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1
you can found diff for OpenSSH versions 4.4p1.
What's new:
* specific diff of 5.5 for OpenSSH 4.4p1
Because of OpenSSH source code changes, like include statements and new server
option
2007 Aug 24
1
Unable to use the Banner keyword in a Match Block in OpenSSH 4.4p1
I am running Openssh 4.4p1 on a Solaris 9 server. I would like the accting service account to be able to run accounting scripts from a central server without the standard pre-login banner. At the end of the sshd_config file I have the following, where /etc/nobanner is an empty file:
Banner /etc/issue
Match User accting
Banner /etc/nobanner
When an attempt is made to restart sshd, the
2006 Sep 30
0
Announce: PKCS#11 support version 0.14 in OpenSSH 4.4p1
Hi All,
The version of "PKCS#11 support in OpenSSH" is ready for download.
On download page http://alon.barlev.googlepages.com/openssh-pkcs11 you
can find a patch for OpenSSH 4.4p1.
What's new:
- Some pkcs11-helper updates.
- Rebase against 4.4p1.
I will be grateful to receive any comments regarding this feature.
Best Regards,
Alon Bar-Lev.
2001 Mar 14
1
/etc/default/login patch?
Would anybody happen to have or know of a patch to make /etc/default/login
PATH and SUPATH the default openssh path? We have customized paths for each
school of engineering (each have their own customized site bin). This is
easily controled with /etc/default/login. The --with-default-path option
is too rigid. This is Solaris I am talking about.
--mike
2006 Sep 29
2
OpenSSH 4.4p1 under Mac OS X 10.3.9
Hi there,
I've run into a strange problem. I have just finished building
OpenSSH 4.4p1 against openssl 0.9.8d under Mac OS X 10.3.9 and
10.4.7. Both were installed as updates to OpenSSH 4.3p2/openssl
0.9.8c (not Apple's obsolete versions which are bypassed). The 10.4.7
build works as expected, whereas the 10.3.9 build throws
Disconnecting: Bad packet length 2477450673.
when I
2006 Sep 09
2
Make Install Failed for 4.4p1 on FC4
Hi,
I tried to build the CVS snapshot for OpenSSH 4.4p1 dated 9/08/06. Make install failed on Fedora Core 4 system with the following errors:
[root at fedora4 openssh]# make install
\if test ! -z ""; then \
/usr/bin/perl ./fixprogs ssh_prng_cmds ; \
fi
(cd openbsd-compat && make)
make[1]: Entering directory `/usr/local/openssh/openbsd-compat'
make[1]: Nothing to be
2006 Oct 03
1
Patch: Unix Domain Socket Forwards for 4.4p1
I've updated the streamlocal patch for OpenSSH 4.4p1.
http://www.25thandclement.com/~william/projects/streamlocal.html
This patch allows for local and remote forwards, to and from Unix domain
sockets. Simply specify the socket path, enclosed within squares braces
(i.e. -L[/tmp/.s.PGSQL.5432]:[/tmp/.s.PGSQL.5432]) as the origin and/or
destination of the -R and -L switches. This patch also
2009 Feb 04
1
4.4p1 to 5.1p1 = $HOME/bin no longer in PATH?
What's going on here? I see nothing about this in the
ChangeLog, so I am confused.
==================================================================
~:cairo> pwd
/afs/rcf/user/jblaine
~:cairo> cat bin/tester
#!/bin/sh
echo "TESTER program in $HOME/bin!"
~:cairo>
==================================================================
OpenSSH 4.4p1 (previous version we were
2006 Oct 02
0
GSSAPI Key Exchange for 4.4p1
Hi,
I'm pleased to be able to announce the availability of my GSSAPI Key
Exchange patch for OpenSSH 4.4p1.
This patch adds RFC4462 compatibility to OpenSSH, along with adding
additional GSSAPI support that is yet to make it into the main tree.
The patch implements:
*) gss-group1-sha1-*, gss-group14-sha1-* and gss-gex-sha1-* key
exchange mechanisms. This can be enabled through the
2006 Sep 29
0
Problem with openssh-4.4p1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
FYI:
I had to add
#include <signal.h>
to entropy.c to get ssh compiled.
My configure was:
./configure --prefix=/usr/local/openssh-4.4p1 \
- --with-ssl-dir=/usr/local/openssl-0.9.8d \
- --with-zlib=/usr/local/zlib-1.2.3 --with-rand-helper \
- --with-prngd-socket=/var/run/prng_sock
Cheers,
Rainer
-----BEGIN PGP SIGNATURE-----
Version: