similar to: New sshd_config - what has changed?

Under "ChrootDirectory" there is a line that says, "This path, and all its components, must be root-owned directories that are not writable by any other user or group." When I first read this "all its components" seemed to mean that all directories and files within this directory must be root owned and root only writable. This seemed odd as I would not be able to

I want to get the original version of /etc/clamd.d/amavis.conf from the amavisd-new rpm to get the defaults to submit a bug report. I could not figure out how to do this, so I did a reinstall, but it did not replace this file (whatprovides says it comes from this rpm). Is there a way to extract just the one file, and better yet, place it elsewhere than its regular destination? thanks

https://bugzilla.mindrot.org/show_bug.cgi?id=2289 Bug ID: 2289 Summary: arandom(4) as documented in sshd_config(5)?s ChrootDirectory option does not exist on all platforms Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: All Status: NEW Severity: enhancement

http://bugzilla.mindrot.org/show_bug.cgi?id=898 Summary: support for AddressFamily in sshd_config Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: peak

[Not subscribed to this list, so please respond directly if you need to speak to me] In man5/sshd_config.5, a permissible keyword in a 'Match' block is missing. It currently lists only: AllowTcpForwarding, Banner, ForceCommand, GatewayPorts, GSSApiAuthentication, KbdInteractiveAuthentication, KerberosAuthentication, PasswordAuthentication, PermitOpen, PermitRootLogin,

https://bugzilla.mindrot.org/show_bug.cgi?id=2618 Bug ID: 2618 Summary: net-misc/openssh-7.2_p2: Terribly slow Interactive Logon Product: Portable OpenSSH Version: 7.2p2 Hardware: amd64 OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd

I'm puzzled by such statements as diff /var/clamav/daily.cvd /var/clamav/daily.cvd.rpmnew Binary files /var/clamav/daily.cvd and /var/clamav/daily.cvd.rpmnew differ I thought the point of rpmnew files was so that we could check what has been changed? Anne -- New to KDE4? - get help from http://userbase.kde.org Just found a cool new feature? Add it to UserBase -------------- next part

On 08/03/16 02:12, Darren Tucker wrote: > On Wed, Aug 3, 2016 at 7:42 AM, rl <rainer.laatsch at t-online.de> wrote: > [...] >> /Data/openssh-7.3p1/DESTDIR/usr/local/sbin/sshd -p 222 -f \n >> DESTDIR/usr/local/etc/sshd_config > > It looks like you have an embedded newline in the config file name > you're passing to sshd. If that's the case I'm

Hello, First, a big thank you to the OpenSSH devs. _ /Problem Summary:/ _ Chroot and SELinux don't get along. This affects both the new (official) ChrootDirectory feature, as well as the older (3rd party) patch at http://chrootssh.sourceforge.net/. _ /History and repro:/ _ On March 21, 2008, Alexandre Rossi posted to this list with the subject: "*ChrootDirectory

Sometime in Feb, yum updated something to do with ca-bundle. I didn't notice at the time, but it put these two files on my machine: /etc/pki/tls/certs/ca-bundle.trust.crt.rpmnew and /etc/pki/tls/certs/ca-bundle.crt.rpmnew Both of those on the existing system are symbolic links ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle-trust.crt and ca-bundle.crt ->

Hello, I'm aware of the fact that ChrootDirectory requires that the target directory is root-owned, and I think I've mostly understood why that is necessary, at least within the context of someone who has full shell access. However, I am wondering if that possibility for privilege escalation still exists with a configuration like this: Match Group sftp ForceCommand internal-sftp

Your question is better addressed to the R-help@R-project.org mailing list, which I am copying on this reply. You are confusing a statistical concept, the Fisher Information matrix, with a numerical concept, the Hessian matrix of a scalar function of a vector argument. The Fisher information matrix is the Hessian matrix of a particular function at its optimum and I have forgotten whether that

The upgrade to 5.2 creates /etc/pam.d/system-auth.rpmnew. I see that /etc/pam.d/system-auth actually is a symlink to system-auth-ac. Is it recommended to replace that symlink with the rpmnew file? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com

Hi, This is either a query or a feature request. I have a system where sftp users are chrooted using scponly, which while requiring much more setup than OpenSSH's internal-sftp method, has the useful feature of allowing an initial chroot to a subdirectory, typically the one used for file exchange. I've searched for a way to do the same thing with OpenSSH. So far haven't found it. If

Hello, I've tried many places, finally ending up here to ask my question: why is it so vital that the directory used with the ChrootDirectory directive is root-owned? Like many people I'm trying to use this in a webhosting environment where several users get sftp-only access to some directory, usually something like /home/user/web/part-of-website. I can be sure that there are no setuid

--On Friday, June 05, 2020 1:39 PM -0700 John Pierce <jhn.pierce at gmail.com> wrote: > don't most packages create a .rpmnew file if you've modified the previous > package file ? That file is created AFTER you've made edits, and reflects only the state of the file in the latest package. So it's not clear what changed from the original package that needs to be

On Tue, 30 Jun 2015, Damien Miller wrote: | On Mon, 29 Jun 2015, Tim Rice wrote: | | > On Tue, 30 Jun 2015, Damien Miller wrote: | > | > | I think we should just disable the test if the host doesn't support IPv6. | > | | > | diff --git a/regress/cfgparse.sh b/regress/cfgparse.sh | > | index 7f377d8..e19b4d0 100644 | > | --- a/regress/cfgparse.sh | > | +++

Hi, According to the sshd_config manual page the option ChrootDirectory can be used to force a chroot:ed environment for the SSHD server. But as I understand the manual page this is a global setting and it is not possible to specify this per SSH subsystem. We are building a system where we need users to be able to log on from remote machines via SSH, but with the tweaks that we (for security

Hello, For many years we have modified the '/etc/named.conf' file to include local settings. The disadvantage with this is of course that when bind is updated, it creates an '/etc/named.conf.rpmnew' file. We then have to determine what is new, and apply the relevant changes to our modified named.conf file. There is, however, an '/etc/named' directory which I assumed was

I upgraded my centos from 5.0 to 5.4 But i still see 5.0 n the version number