similar to: Might a patch to ssh-agent to allow relaxing of peer euid check be accepted?

http://bugzilla.mindrot.org/show_bug.cgi?id=199 Summary: ssh-agent -k doesn't check $SHELL environment variable Product: Portable OpenSSH Version: 3.1p1 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P3 Component: ssh-agent AssignedTo: openssh-unix-dev at mindrot.org

This adds support for systemd socket-based activation in the ssh-agent. When using socket activation, the -a flag value must match the socket path provided by systemd, as a sanity check. Support for this feature is enabled by the --with-systemd configure flag. --- Something tells me upstream would not be interested in this patch, but as it may be useful on linux, I'm submitting it here.

ssh-agent is a great tool that is often misconfigured with respect to agent forwarding. How many people running ssh-agent and doing a ssh -A have the very same public keys in ~/.ssh/authorized_keys of the machine they are coming from? ssh(1) is very clear in its warning about enabling agent forwarding. The simple act of prompting the user before using the key would enable them to determine

Hi all Patch adds flag -C to ssh-agent which will force confirmation for any key added in agent (similar to ssh-add -c) Helps when forwarded agent authentication is used and each key should be confirmed before use catam --- ssh-agent.c 2006-08-28 14:02:12.000000000 +0300 +++ ssh-agent.c.orig 2006-08-28 13:36:05.000000000 +0300 @@ -111,9 +111,6 @@ /* Default lifetime (0 == forever) */

during my seminar of advanced exploitation techniques (SEAT, [1]) i developed some methods to crack into system via DMA (e.g. via firewire). as part of this i developed a program that steals loaded ssh private keys from ssh-agents. i was astonished to find that the keys are not immediately removed from the agent when a timeout occurs, but only the next time the agent is queried via its socket. i

this patch adds a LogFile option to sshd_config. it just logs messages directly to a file instead of stderr or syslog. the largest change is an additional argument to log_init() in log.c for the log file name (and then changes to the rest of the tools to add a NULL arg). galt -------------- next part -------------- diff -urN openssh-3.5p1-orig/log.c openssh-3.5p1/log.c ---

Hi all! I do not know openssh patch policy so I am just sending the patch to the mailing list. Sorry for inconvenience. Ssh-agent seems to be too slow if you need to access thousands of servers. This is a simple patch to enable threading in ssh2 authentication. Patch adds "-p numthreads" option and defaults to the number of processors. I've tested it as I could, but

Dear All, I've had a lot of progress on my 6502 family target, but I've hit a bit of a stumbling block wherein some passes inadvertently cause malformed final instruction listings. It's not necessarily llvm's fault, though. An example: %a<def> = COPY %w04 asl_a_16_once %a<imp-def>, %n_flag<imp-def,dead>, %z_flag<imp-def,dead>,

Dear folks, system: RH 6.1 Linux on a PIII software: installed binaries resulting from rpm --rebuild openssh-1.2.2-1.src.rpm, downloaded from http://the.wiretapped.net/security/cryptography/ssh/OpenSSH/files/openssh-1.2.2-1.src.rpm problem program: ssh-agent problem description: When execute ssh-agent startx -- -bpp 32 ssh-agent does not pass the -bpp 32 to startx. Why problem exists:

Moin, attached is a patch, which adds a new configuration option "PreferAskpass" to the ssh config. ssh{,-add,-keygen,-agent} will use ssh-askpass to prompt for passwords, if this option is set to "yes", and if ssh-askpass is available. Default for "PreferAskpass" is "no". Pacth is against current CVS. Sebastian -- signature intentionally left blank.

dear all probably something trivial, just cannot get my way around it, my goal is to get sieve on local-system users too, so postfix hands lda over to dovecot errors with mail for system users: lda(me): Fatal: setgid(12(mail)) failed with euid=501(me), gid=513(Domain Users), egid=513( Domain Users): Operation not permitted (This binary should probably be called with process group set to

I'm not happy with ssh being setuid root. I know that the long-term goal is to have a seperate host-key-management process, but that is a ways off. Until then, I'd like to propose the following: - Allow ssh to read alternate key files. This would allow the ssh client to use keyfiles different from the ones sshd uses. I know that this can be done now by changing the ones sshd uses,

I installed Dovecot on our FC3 sendmail server and get this from our Dallas office ( out of state to me ). dovecot(pam_unix)[13823]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost Only one Dallas user can get mail (pop3 or imap). All local users work fine. I ended upgoing back to UW and all works fine. What should I look for? Thanks -------------- next part --------------

After reboot dovecot service need a restart. dovecot service starts as S99dovecot with only S99rc-local coming up. After boot following error is filled up in dovecot.log Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot.index.log) failed: Permission denied (euid=500(vuser) egid=500(vuser) missing +r perm: /home/fetchmail/mailroot/map/dovecot.index.log, euid is not dir

openssh-2.9.9p2 assumes that pid_t, uid_t, gid_t, and mode_t are no wider than int. GCC complains about this assumption on 32-bit Solaris 8 sparc, where these types are 'long', not 'int'. This isn't an actual problem at runtime on this host, as long and int are the same width, but it is a problem on other hosts where pid_t is wider than int. E.g., I've heard that 64-bit

Hi, i have written a patch for openSSH 5.8p2 which allows the user to set the local source port. The patch is as follows: diff -rupN openssh-5.8p2//readconf.c openssh-5.8p2-srcport//readconf.c --- openssh-5.8p2//readconf.c 2010-11-20 04:19:38.000000000 +0000 +++ openssh-5.8p2-srcport//readconf.c 2011-07-17 20:57:52.385044096 +0100 @@ -125,7 +125,7 @@ typedef enum { oGlobalKnownHostsFile2,

I'm calling 'deliver' from Postfix and in some cases from Procmail. I set this system up more than six months ago and it's been working flawlessly until yesterday (16:52:19 local time) when it, without any apparent reason, just stopped delivering mails! Lots of checking and googling (I've forgot how exacly I setup the system :), I made 'deliver' SUID and it worked

Hello, I've set up virtual mailboxes and I'm using one uid/gid pair (mail/mail) to deliver almost all messages. Some accounts I'd like to have accessible by local Linux accounts as well, so postfix is delivering them using separate uids (gid stays the same). But I run into a problem when dovecot auth correctly fetches uid/gid from MySQL database, but still uses general mail

When writing to a RHEV target, virt-v2v launches the libguestfs appliance with euid:egid = 36:36, which is required to write to an NFS target using root_squash. Since the update to use an febootstrap cached appliance, this causes an error on startup as the cached files are owned by root, but the cache directory is owned by 36:36. The reason for this is that execve() resets euid and egid to uid and

Hi, I try to migrate an old fashioned mailsystem to Debian 9.7 / dovecot 2.2.7. I "have" to cope with mbox for now. I try to get rid of Sun OS 5.9 sendmail before mbox to mdbox migration (I'm fine if you laugh loudly ^^). Intended setup : 2 VM with exim (smtp in, smtp out roughly), 3 VM with dovecot (mbox, maildir, testbed), 1 VM with IMAP proxy and LMTP proxy. doveconf -n is