Displaying 20 results from an estimated 4000 matches similar to: "New sshd_config - what has changed?"
2009 Nov 05
3
sshd_config ChrootDirectory ambiguity...
Under "ChrootDirectory" there is a line that says,
"This path, and all its components, must be root-owned directories
that are not writable by any other user or group."
When I first read this "all its components" seemed to mean that
all directories and files within this directory must be root owned
and root only writable. This seemed odd as I would not be able
to
2013 Jan 31
7
How to extract one file from rpm using yum?
I want to get the original version of /etc/clamd.d/amavis.conf from the
amavisd-new rpm to get the defaults to submit a bug report. I could not
figure out how to do this, so I did a reinstall, but it did not replace
this file (whatprovides says it comes from this rpm).
Is there a way to extract just the one file, and better yet, place it
elsewhere than its regular destination?
thanks
2014 Oct 10
3
[Bug 2289] New: arandom(4) as documented in sshd_config(5)’s ChrootDirectory option does not exist on all platforms
https://bugzilla.mindrot.org/show_bug.cgi?id=2289
Bug ID: 2289
Summary: arandom(4) as documented in sshd_config(5)?s
ChrootDirectory option does not exist on all platforms
Product: Portable OpenSSH
Version: 6.7p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
2004 Jul 20
4
[Bug 898] support for AddressFamily in sshd_config
http://bugzilla.mindrot.org/show_bug.cgi?id=898
Summary: support for AddressFamily in sshd_config
Product: Portable OpenSSH
Version: 3.8.1p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: peak
2008 Apr 03
1
Omission in sshd_config man page
[Not subscribed to this list, so please respond directly if you need to speak to me]
In man5/sshd_config.5, a permissible keyword in a 'Match' block is missing. It currently lists only:
AllowTcpForwarding, Banner, ForceCommand, GatewayPorts, GSSApiAuthentication, KbdInteractiveAuthentication, KerberosAuthentication, PasswordAuthentication, PermitOpen, PermitRootLogin,
2016 Sep 27
4
[Bug 2618] New: net-misc/openssh-7.2_p2: Terribly slow Interactive Logon
https://bugzilla.mindrot.org/show_bug.cgi?id=2618
Bug ID: 2618
Summary: net-misc/openssh-7.2_p2: Terribly slow Interactive
Logon
Product: Portable OpenSSH
Version: 7.2p2
Hardware: amd64
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
2009 Apr 09
2
rpmnew puzzles
I'm puzzled by such statements as
diff /var/clamav/daily.cvd /var/clamav/daily.cvd.rpmnew
Binary files /var/clamav/daily.cvd and /var/clamav/daily.cvd.rpmnew differ
I thought the point of rpmnew files was so that we could check what has been
changed?
Anne
--
New to KDE4? - get help from http://userbase.kde.org
Just found a cool new feature? Add it to UserBase
-------------- next part
2016 Aug 03
2
Configure option '--with-ssh1' breaks openssh-7.3p1
On 08/03/16 02:12, Darren Tucker wrote:
> On Wed, Aug 3, 2016 at 7:42 AM, rl <rainer.laatsch at t-online.de> wrote:
> [...]
>> /Data/openssh-7.3p1/DESTDIR/usr/local/sbin/sshd -p 222 -f \n
>> DESTDIR/usr/local/etc/sshd_config
>
> It looks like you have an embedded newline in the config file name
> you're passing to sshd. If that's the case I'm
2008 May 25
1
OpenSSH + chroot + SELinux = broke
Hello,
First, a big thank you to the OpenSSH devs.
_ /Problem Summary:/
_ Chroot and SELinux don't get along. This affects both the new
(official) ChrootDirectory feature, as well as the older (3rd party)
patch at http://chrootssh.sourceforge.net/.
_ /History and repro:/
_ On March 21, 2008, Alexandre Rossi posted to this list with the
subject: "*ChrootDirectory
2018 Sep 12
2
ca-bundle questions
Sometime in Feb, yum updated something to do with ca-bundle. I didn't
notice at the time, but it put these two files on my machine:
/etc/pki/tls/certs/ca-bundle.trust.crt.rpmnew and
/etc/pki/tls/certs/ca-bundle.crt.rpmnew
Both of those on the existing system are symbolic links
ca-bundle.trust.crt ->
/etc/pki/ca-trust/extracted/openssl/ca-bundle-trust.crt and
ca-bundle.crt ->
2011 Jan 17
1
Questions about ChrootDirectory
Hello,
I'm aware of the fact that ChrootDirectory requires that the target
directory is root-owned, and I think I've mostly understood why that is
necessary, at least within the context of someone who has full shell
access. However, I am wondering if that possibility for privilege
escalation still exists with a configuration like this:
Match Group sftp
ForceCommand internal-sftp
2013 Jan 22
1
fdHess function
Your question is better addressed to the R-help@R-project.org mailing list,
which I am copying on this reply.
You are confusing a statistical concept, the Fisher Information matrix,
with a numerical concept, the Hessian matrix of a scalar function of a
vector argument.
The Fisher information matrix is the Hessian matrix of a particular
function at its optimum and I have forgotten whether that
2008 Jun 29
1
system-auth.rpmnew
The upgrade to 5.2 creates /etc/pam.d/system-auth.rpmnew. I see that
/etc/pam.d/system-auth actually is a symlink to system-auth-ac.
Is it recommended to replace that symlink with the rpmnew file?
Kai
--
Kai Sch?tzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
2012 May 10
2
Is there any method, with ChrootDirectory and internal-sftp, to automatically cd to a subdir on login?
Hi,
This is either a query or a feature request. I have a system where sftp
users are chrooted using scponly, which while requiring much more setup than
OpenSSH's internal-sftp method, has the useful feature of allowing an
initial chroot to a subdirectory, typically the one used for file exchange.
I've searched for a way to do the same thing with OpenSSH. So far haven't
found it.
If
2009 Mar 28
3
ChrootDirectory security
Hello,
I've tried many places, finally ending up here to ask my question: why
is it so vital that the directory used with the ChrootDirectory
directive is root-owned?
Like many people I'm trying to use this in a webhosting environment
where several users get sftp-only access to some directory, usually
something like /home/user/web/part-of-website.
I can be sure that there are no setuid
2020 Jun 05
3
yum/dnf diff
--On Friday, June 05, 2020 1:39 PM -0700 John Pierce <jhn.pierce at gmail.com>
wrote:
> don't most packages create a .rpmnew file if you've modified the previous
> package file ?
That file is created AFTER you've made edits, and reflects only the state
of the file in the latest package. So it's not clear what changed from the
original package that needs to be
2015 Jun 30
2
Call for testing: OpenSSH 6.9
On Tue, 30 Jun 2015, Damien Miller wrote:
| On Mon, 29 Jun 2015, Tim Rice wrote:
|
| > On Tue, 30 Jun 2015, Damien Miller wrote:
| >
| > | I think we should just disable the test if the host doesn't support IPv6.
| > |
| > | diff --git a/regress/cfgparse.sh b/regress/cfgparse.sh
| > | index 7f377d8..e19b4d0 100644
| > | --- a/regress/cfgparse.sh
| > | +++
2012 Jan 19
2
ChrootDirectory per SSH Subsystem?
Hi,
According to the sshd_config manual page the option ChrootDirectory can be used to force a chroot:ed environment for the SSHD server. But as I understand the manual page this is a global setting and it is not possible to specify this per SSH subsystem.
We are building a system where we need users to be able to log on from remote machines via SSH, but with the tweaks that we (for security
2018 Dec 04
3
DNS bind - use of /etc/named directory
Hello,
For many years we have modified the '/etc/named.conf' file to include local
settings. The disadvantage with this is of course that when bind is updated, it
creates an '/etc/named.conf.rpmnew' file. We then have to determine what is
new, and apply the relevant changes to our modified named.conf file.
There is, however, an '/etc/named' directory which I assumed was
2010 Mar 21
3
release
I upgraded my centos from 5.0 to 5.4
But i still see 5.0 n the version number